From d4edea0e63896c3e6567833066b120f9496f78fa Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 2 Oct 2025 11:35:55 -0600 Subject: [PATCH 01/61] Add xtrace debugging --- hack/version.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hack/version.sh b/hack/version.sh index c2d134c7d07..da128f15e94 100755 --- a/hack/version.sh +++ b/hack/version.sh @@ -17,6 +17,8 @@ set -o errexit set -o nounset set -o pipefail +set -o xtrace + version::get_version_vars() { # shellcheck disable=SC1083 GIT_COMMIT="$(git rev-parse HEAD^{commit})" @@ -96,4 +98,4 @@ version::ldflags() { echo "${ldflags[*]-}" } -version::ldflags \ No newline at end of file +version::ldflags From 2302f6d7a322ddf2b2ccf595e94b6918268f9f96 Mon Sep 17 00:00:00 2001 From: Vishal Anarase Date: Fri, 20 Mar 2026 11:08:35 +0530 Subject: [PATCH 02/61] Updated Makefile to check and warn if az cli if unavailable in local Signed-off-by: Vishal Anarase --- AGENTS.md | 2 ++ Makefile | 13 ++++++++++++- Tiltfile | 1 - docs/book/src/developers/development.md | 2 ++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 379d80619e0..94c78f63f5b 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -117,6 +117,8 @@ make kind-reset **tilt-settings.yaml** is required with Azure credentials (see docs/book/src/developers/development.md for details). +`make tilt-up` runs `check-az-cli`; if `az` is missing, it warns and tells you to install the Azure CLI and retry `make tilt-up` (needed for Tilt flows that call `az`, e.g. VNet peering with AKS as management cluster). Use `VERBOSE=1 make check-az-cli` to print the detected binary path. + ### E2E Testing ```bash diff --git a/Makefile b/Makefile index 64d58820eb7..5fcc813fb21 100644 --- a/Makefile +++ b/Makefile @@ -829,8 +829,19 @@ aks-create: $(KUBECTL) ## Create aks cluster as mgmt cluster. aks-delete: $(KUBECTL) ## Deletes the resource group and the associated AKS clusters listed under allowed_contexts in ./tilt-settings.yaml . ./scripts/aks-delete.sh +.PHONY: check-az-cli +check-az-cli: ## Warn if Azure CLI (az) is not installed (Tilt uses it for VNet peering with AKS management clusters). Set VERBOSE=1 to print path when found. + @if ! command -v az >/dev/null 2>&1; then \ + echo "WARNING: Azure CLI (az) is not installed or not on your PATH."; \ + echo " Please install it before continuing with Tilt; without it, steps that call 'az' (for example VNet peering with an AKS management cluster) will fail."; \ + echo " Install: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli"; \ + echo " After installing, ensure 'az' is on your PATH, then run make tilt-up again."; \ + elif [ -n "$(VERBOSE)" ]; then \ + echo "Azure CLI (az) found: $$(command -v az)"; \ + fi + .PHONY: tilt-up -tilt-up: install-tools ## Start tilt and build kind cluster if needed. +tilt-up: install-tools check-az-cli ## Start tilt and build kind cluster if needed. @if [ -z "${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY}" ]; then \ export AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY=$(shell cat $(AZURE_IDENTITY_ID_FILEPATH)); \ fi; \ diff --git a/Tiltfile b/Tiltfile index c14b8b8f390..78c5d80c21d 100644 --- a/Tiltfile +++ b/Tiltfile @@ -538,7 +538,6 @@ def waitforsystem(): local(kubectl_cmd + " wait --for=condition=ready --timeout=300s pod --all -n capi-system") def peer_vnets(): - # TODO: check for az cli to be installed in local peering_cmd = ''' echo "--------Peering VNETs--------"; az network vnet wait --resource-group ${AKS_RESOURCE_GROUP} --name ${AKS_MGMT_VNET_NAME} --created --timeout 180; diff --git a/docs/book/src/developers/development.md b/docs/book/src/developers/development.md index 372234f27c0..94278d0bb62 100644 --- a/docs/book/src/developers/development.md +++ b/docs/book/src/developers/development.md @@ -143,6 +143,8 @@ Install [Helm](https://helm.sh/docs/intro/install/): You would require installation of Helm for successfully setting up Tilt. +Install the [Azure CLI][azure_cli] if you use Tilt workflows that invoke `az` against Azure (for example VNet peering when using an AKS management cluster with an internal load balancer; see [Tilt with AKS as management cluster (ILB)](tilt-with-aks-as-mgmt-ilb.md)). `make tilt-up` runs `make check-az-cli` first; if `az` is missing, it prints a warning that asks you to install the CLI and fix your `PATH` before continuing with Tilt. To print the resolved `az` path when it is installed, run `VERBOSE=1 make check-az-cli`. + ### Using Tilt Both of the [Tilt](https://tilt.dev) setups below will get you started developing CAPZ in a local kind cluster. From dccd5bd1f90c7ce404b452a349f641cc7c40b2a6 Mon Sep 17 00:00:00 2001 From: William Yao Date: Tue, 24 Mar 2026 11:47:51 -0700 Subject: [PATCH 03/61] Enable DRADeviceTaints and DRADeviceTaintRules feature gate in DRA templates Signed-off-by: William Yao --- .../ci/cluster-template-prow-ci-version-dra.yaml | 12 ++++++------ templates/test/ci/patches/dra-kubeadmconfig.yaml | 2 +- .../test/ci/patches/dra-kubeadmconfigtemplate.yaml | 2 +- .../test/ci/patches/dra-kubeadmcontrolplane.yaml | 10 +++++----- .../dev/cluster-template-custom-builds-dra.yaml | 12 ++++++------ .../cluster-template-custom-builds-load-dra.yaml | 14 +++++++------- ...mplate-custom-builds-machine-pool-load-dra.yaml | 14 +++++++------- 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml index 0039a072291..94e505c90de 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml @@ -56,7 +56,7 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true timeoutForControlPlane: 20m controllerManager: @@ -64,7 +64,7 @@ spec: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true v: "4" etcd: local: @@ -74,7 +74,7 @@ spec: kubernetesVersion: ci/${CI_VERSION} scheduler: extraArgs: - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -207,7 +207,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -215,7 +215,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -447,7 +447,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/ci/patches/dra-kubeadmconfig.yaml b/templates/test/ci/patches/dra-kubeadmconfig.yaml index ba40ff24700..e8d45809452 100644 --- a/templates/test/ci/patches/dra-kubeadmconfig.yaml +++ b/templates/test/ci/patches/dra-kubeadmconfig.yaml @@ -15,4 +15,4 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} diff --git a/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml b/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml index cbb1a5b6d6c..3d3f8cbf73f 100644 --- a/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml +++ b/templates/test/ci/patches/dra-kubeadmconfigtemplate.yaml @@ -15,4 +15,4 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/template/spec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} diff --git a/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml b/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml index 7fe84606479..5f2352ad435 100644 --- a/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml +++ b/templates/test/ci/patches/dra-kubeadmcontrolplane.yaml @@ -15,19 +15,19 @@ value: bash -c /tmp/containerd-config.sh - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/feature-gates - value: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + value: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/runtime-config value: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true - op: add path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler/extraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/initConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true - op: add path: /spec/kubeadmConfigSpec/joinConfiguration/nodeRegistration/kubeletExtraArgs/feature-gates - value: DynamicResourceAllocation=true + value: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diff --git a/templates/test/dev/cluster-template-custom-builds-dra.yaml b/templates/test/dev/cluster-template-custom-builds-dra.yaml index 8a0e5443df3..e09d3109776 100644 --- a/templates/test/dev/cluster-template-custom-builds-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-dra.yaml @@ -58,7 +58,7 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true timeoutForControlPlane: 20m controllerManager: @@ -66,7 +66,7 @@ spec: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true v: "4" etcd: local: @@ -76,7 +76,7 @@ spec: kubernetesVersion: ci/${CI_VERSION} scheduler: extraArgs: - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -197,7 +197,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -205,7 +205,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -389,7 +389,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' diff --git a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml index 9e982c03777..c5c97d80e91 100644 --- a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml @@ -61,7 +61,7 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true timeoutForControlPlane: 20m controllerManager: @@ -69,7 +69,7 @@ spec: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true kube-api-burst: "150" kube-api-qps: "75" v: "4" @@ -83,7 +83,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -216,7 +216,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -224,7 +224,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -443,7 +443,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -1043,7 +1043,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml register-with-taints: monitoring:NoSchedule diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml index acd44ecd608..55eaebf6238 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml @@ -60,7 +60,7 @@ spec: clusterConfiguration: apiServer: extraArgs: - feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true timeoutForControlPlane: 20m controllerManager: @@ -68,7 +68,7 @@ spec: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true kube-api-burst: "150" kube-api-qps: "75" v: "4" @@ -82,7 +82,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 @@ -203,7 +203,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -211,7 +211,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: DynamicResourceAllocation=true + feature-gates: DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -399,7 +399,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml name: '{{ ds.meta_data["local_hostname"] }}' @@ -769,7 +769,7 @@ spec: nodeRegistration: kubeletExtraArgs: cloud-provider: external - feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true"} + feature-gates: ${NODE_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml register-with-taints: monitoring:NoSchedule From 5cdce5b1798c6e9af40153bfc3f4c70b18f6926f Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 24 Mar 2026 13:15:31 -0600 Subject: [PATCH 04/61] Update link to Google Artifact Registry staging --- docs/book/src/developers/releasing.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/book/src/developers/releasing.md b/docs/book/src/developers/releasing.md index ca2399ded8e..e8b7084cdcc 100644 --- a/docs/book/src/developers/releasing.md +++ b/docs/book/src/developers/releasing.md @@ -117,9 +117,9 @@ This will automatically create a PR in [k8s.io](https://github.com/kubernetes/k8 For reviewers of the above-created PR, to confirm that the resultant image SHA-to-tag addition is valid, you can check against the [staging repository][staging-repository]. -Using [the above example PR](https://github.com/kubernetes/k8s.io/pull/4284), to verify that the image identified by SHA `d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053` has the expected `v1.4.3`, tag, you would inspect the image metadata by viewing it in the Google Container Registry UI: +Using [the above example PR](https://github.com/kubernetes/k8s.io/pull/4284), to verify that the image identified by SHA `d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053` has the expected `v1.4.3`, tag, you would inspect the image metadata by viewing it in the Google Artifact Registry UI: -- https://console.cloud.google.com/gcr/images/k8s-staging-cluster-api-azure/global/cluster-api-azure-controller@sha256:d0636fad7f4ced58b5385615a53b7cb2053f79c4788bd299e0ac9e46a25b5053 +- https://console.cloud.google.com/artifacts/docker/k8s-staging-cluster-api-azure/us/gcr.io/cluster-api-azure-controller ### 6. Release in GitHub (maintainer) @@ -171,7 +171,7 @@ Open a pull request to update the branches in the [weekly security scan workflow [semver]: https://semver.org/#semantic-versioning-200 [template]: /docs/release-notes-template.md [versioning]: #versioning -[staging-repository]: https://console.cloud.google.com/gcr/images/k8s-staging-cluster-api-azure/GLOBAL/cluster-api-azure-controller?rImageListsize=30 +[staging-repository]: https://console.cloud.google.com/artifacts/docker/k8s-staging-cluster-api-azure/us/gcr.io/cluster-api-azure-controller ## Post release steps (maintainer) From 5f2be22a2ff3ff7fb4412c584e91030cc310ba71 Mon Sep 17 00:00:00 2001 From: William Yao Date: Tue, 24 Mar 2026 12:52:49 -0700 Subject: [PATCH 05/61] Update branches in security scanner workflow for release v1.23 Signed-off-by: William Yao --- .github/workflows/weekly-security-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-security-scan.yaml b/.github/workflows/weekly-security-scan.yaml index 49dac0ba46b..2c474f736fd 100644 --- a/.github/workflows/weekly-security-scan.yaml +++ b/.github/workflows/weekly-security-scan.yaml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - branch: [ main, release-1.22, release-1.21 ] + branch: [ main, release-1.23, release-1.22 ] name: Trivy runs-on: ubuntu-latest steps: From b3ee04d0442c427102113df83252dfe84eba38ad Mon Sep 17 00:00:00 2001 From: William Yao Date: Tue, 24 Mar 2026 15:18:57 -0700 Subject: [PATCH 06/61] Add release notes for v1.22.2 Signed-off-by: William Yao --- CHANGELOG/v1.22.2.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 CHANGELOG/v1.22.2.md diff --git a/CHANGELOG/v1.22.2.md b/CHANGELOG/v1.22.2.md new file mode 100644 index 00000000000..38bf52a3859 --- /dev/null +++ b/CHANGELOG/v1.22.2.md @@ -0,0 +1,43 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.11.7 ([#6174](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6174), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- sigs.k8s.io/structured-merge-diff/v6: v6.3.2 + +### Changed +- cel.dev/expr: v0.24.0 → v0.25.1 +- github.com/cloudflare/circl: [v1.6.1 → v1.6.3](https://github.com/cloudflare/circl/compare/v1.6.1...v1.6.3) +- github.com/cncf/xds/go: [0feb691 → ee656c7](https://github.com/cncf/xds/compare/0feb691...ee656c7) +- github.com/envoyproxy/go-control-plane/envoy: [v1.35.0 → v1.36.0](https://github.com/envoyproxy/go-control-plane/compare/envoy/v1.35.0...envoy/v1.36.0) +- github.com/envoyproxy/go-control-plane: [75eaa19 → v0.14.0](https://github.com/envoyproxy/go-control-plane/compare/75eaa19...v0.14.0) +- github.com/envoyproxy/protoc-gen-validate: [v1.2.1 → v1.3.0](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.2.1...v1.3.0) +- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.27.3 → v2.27.7](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.3...v2.27.7) +- go.opentelemetry.io/contrib/detectors/gcp: v1.38.0 → v1.39.0 +- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.60.0 → v0.65.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.22.0 → v1.40.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/metric: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/sdk/metric: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/sdk: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel/trace: v1.39.0 → v1.40.0 +- go.opentelemetry.io/otel: v1.39.0 → v1.40.0 +- golang.org/x/oauth2: v0.32.0 → v0.34.0 +- google.golang.org/genproto/googleapis/api: ff82c1b → 8636f87 +- google.golang.org/genproto/googleapis/rpc: ff82c1b → 8636f87 +- google.golang.org/grpc: v1.77.0 → v1.79.3 +- google.golang.org/protobuf: v1.36.10 → v1.36.11 +- sigs.k8s.io/cluster-api/test: v1.11.6 → v1.11.7 +- sigs.k8s.io/cluster-api: v1.11.6 → v1.11.7 + +### Removed +_Nothing has changed._ + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.1...v1.22.2 From b6eb0c47a584d92e799031b09bc03bcd56a38af4 Mon Sep 17 00:00:00 2001 From: William Yao Date: Tue, 24 Mar 2026 15:07:41 -0700 Subject: [PATCH 07/61] bump test metadata for v1.23.0 Signed-off-by: William Yao --- test/e2e/config/azure-dev.yaml | 26 +++++++++---------- .../cluster-template-aks.yaml | 0 ...emplate-prow-machine-and-machine-pool.yaml | 0 .../cluster-template-prow.yaml | 0 .../cluster-template-aks.yaml | 0 ...emplate-prow-machine-and-machine-pool.yaml | 0 .../cluster-template-prow.yaml | 0 .../shared/v1beta1_provider/metadata.yaml | 3 +++ 8 files changed, 16 insertions(+), 13 deletions(-) rename test/e2e/data/infrastructure-azure/{v1.21.2 => v1.22.2}/cluster-template-aks.yaml (100%) rename test/e2e/data/infrastructure-azure/{v1.21.2 => v1.22.2}/cluster-template-prow-machine-and-machine-pool.yaml (100%) rename test/e2e/data/infrastructure-azure/{v1.21.2 => v1.22.2}/cluster-template-prow.yaml (100%) rename test/e2e/data/infrastructure-azure/{v1.22.0 => v1.23.0}/cluster-template-aks.yaml (100%) rename test/e2e/data/infrastructure-azure/{v1.22.0 => v1.23.0}/cluster-template-prow-machine-and-machine-pool.yaml (100%) rename test/e2e/data/infrastructure-azure/{v1.22.0 => v1.23.0}/cluster-template-prow.yaml (100%) diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index 19f04fec9f5..a84799f8b09 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -84,37 +84,37 @@ providers: - name: azure type: InfrastructureProvider versions: - - name: v1.21.2 # latest patch of earliest minor in supported v1beta1 releases; this is used for v1beta1 old --> v1beta1 latest clusterctl upgrades test only. - value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.21.2/infrastructure-components.yaml + - name: v1.22.2 # latest patch of earliest minor in supported v1beta1 releases; this is used for v1beta1 old --> v1beta1 latest clusterctl upgrades test only. + value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.22.2/infrastructure-components.yaml type: url contract: v1beta1 files: - sourcePath: "../data/shared/v1beta1_provider/metadata.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml" targetName: "cluster-template.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml" targetName: "cluster-template-machine-and-machine-pool.yaml" - - sourcePath: "../data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml" + - sourcePath: "../data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml" targetName: "cluster-template-aks.yaml" replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.22.0 # latest patch of latest minor in supported v1beta1 releases; this is used for v1beta1 latest --> v1beta1 current clusterctl upgrades test only. - value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.22.0/infrastructure-components.yaml + - name: v1.23.0 # latest patch of latest minor in supported v1beta1 releases; this is used for v1beta1 latest --> v1beta1 current clusterctl upgrades test only. + value: https://github.com/kubernetes-sigs/cluster-api-provider-azure/releases/download/v1.23.0/infrastructure-components.yaml type: url contract: v1beta1 files: - sourcePath: "../data/shared/v1beta1_provider/metadata.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml" targetName: "cluster-template.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml" targetName: "cluster-template-machine-and-machine-pool.yaml" - - sourcePath: "../data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml" + - sourcePath: "../data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml" targetName: "cluster-template-aks.yaml" replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.23.99 # "vNext"; use manifests from local source files + - name: v1.24.99 # "vNext"; use manifests from local source files value: "${PWD}/test/e2e/data/infrastructure-azure/v1beta1/provider-components" contract: v1beta1 files: @@ -260,8 +260,8 @@ variables: AZURE_CNI_V1_MANIFEST_PATH: "${PWD}/templates/addons/azure-cni-v1.yaml" OLD_CAPI_UPGRADE_VERSION: "v1.11.7" LATEST_CAPI_UPGRADE_VERSION: "v1.12.4" - OLD_PROVIDER_UPGRADE_VERSION: "v1.21.2" - LATEST_PROVIDER_UPGRADE_VERSION: "v1.22.0" + OLD_PROVIDER_UPGRADE_VERSION: "v1.22.2" + LATEST_PROVIDER_UPGRADE_VERSION: "v1.23.0" OLD_CAAPH_UPGRADE_VERSION: "v0.5.3" LATEST_CAAPH_UPGRADE_VERSION: "v0.6.1" CI_RG: "${CI_RG:-capz-ci}" diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-aks.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-aks.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow-machine-and-machine-pool.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow-machine-and-machine-pool.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml b/test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.21.2/cluster-template-prow.yaml rename to test/e2e/data/infrastructure-azure/v1.22.2/cluster-template-prow.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-aks.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-aks.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow-machine-and-machine-pool.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow-machine-and-machine-pool.yaml diff --git a/test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml b/test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml similarity index 100% rename from test/e2e/data/infrastructure-azure/v1.22.0/cluster-template-prow.yaml rename to test/e2e/data/infrastructure-azure/v1.23.0/cluster-template-prow.yaml diff --git a/test/e2e/data/shared/v1beta1_provider/metadata.yaml b/test/e2e/data/shared/v1beta1_provider/metadata.yaml index 1d456116fc6..8c7be9d2462 100644 --- a/test/e2e/data/shared/v1beta1_provider/metadata.yaml +++ b/test/e2e/data/shared/v1beta1_provider/metadata.yaml @@ -46,3 +46,6 @@ releaseSeries: - major: 1 minor: 23 contract: v1beta1 + - major: 1 + minor: 24 + contract: v1beta1 From 51201df56ec13b7c9dc818b2d43a7bed564153db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 13:51:52 +0000 Subject: [PATCH 08/61] dependabot(deps): bump the all-github-actions group with 3 updates Bumps the all-github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/setup-go](https://github.com/actions/setup-go) and [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `github/codeql-action` from 4.34.1 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/38697555549f1db7851b81482ff19f1fa5c4fedc...c10b8064de6f491fea524254123dbe5e09572f13) Updates `actions/setup-go` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `codecov/codecov-action` from 5.5.3 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/1af58845a975a7985b0beb0cbe6fbbb71a41dbad...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/cover.yaml | 4 ++-- .github/workflows/dependabot-code-gen.yml | 2 +- .github/workflows/pr-golangci-lint.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/weekly-security-scan.yaml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42672074da3..ce57c3ae769 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index 5a5fbbe9fbc..d2bc5aad07b 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -22,11 +22,11 @@ jobs: id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} - run: "PATH=/usr/local/go/bin:$PATH make test-cover" - - uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3 + - uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index 2c0f7db6c2e..7c178a6351c 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -27,7 +27,7 @@ jobs: id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} id: go diff --git a/.github/workflows/pr-golangci-lint.yaml b/.github/workflows/pr-golangci-lint.yaml index 75eccbc5e63..d9292c588af 100644 --- a/.github/workflows/pr-golangci-lint.yaml +++ b/.github/workflows/pr-golangci-lint.yaml @@ -25,7 +25,7 @@ jobs: run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 34c531987bc..de4ec5f571c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -107,7 +107,7 @@ jobs: - name: Get Go version run: echo "go_version=$(make go-version)" >> $GITHUB_ENV - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ env.go_version }} - name: generate release artifacts diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index aea0603fb29..f30f49e9caa 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 with: sarif_file: results.sarif diff --git a/.github/workflows/weekly-security-scan.yaml b/.github/workflows/weekly-security-scan.yaml index 2c474f736fd..6f129c7a248 100644 --- a/.github/workflows/weekly-security-scan.yaml +++ b/.github/workflows/weekly-security-scan.yaml @@ -26,7 +26,7 @@ jobs: id: vars run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # tag=v6.3.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # tag=v6.4.0 with: go-version: ${{ steps.vars.outputs.go_version }} - name: Run verify security target From 8bfadd8fcec0e606ddc8345c71ae12bd36b050be Mon Sep 17 00:00:00 2001 From: William Yao Date: Mon, 30 Mar 2026 15:27:15 -0700 Subject: [PATCH 09/61] Add alpha/beta feature gates to conformance test Signed-off-by: William Yao --- .../cluster-template-prow-ci-version-md-and-mp.yaml | 8 +++++++- ...alpha-beta-feature-gates-kubeadmcontrolplane.yaml | 12 ++++++++++++ .../ci/prow-ci-version-md-and-mp/kustomization.yaml | 12 +++++++++++- .../dev/cluster-template-custom-builds-load.yaml | 6 +++++- .../test/dev/cluster-template-custom-builds.yaml | 8 +++++++- templates/test/dev/custom-builds/kustomization.yaml | 10 ++++++++++ 6 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml diff --git a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml index 72256e5624d..de1b713e66a 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml @@ -56,13 +56,16 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -70,6 +73,9 @@ spec: extraArgs: quota-backend-bytes: "8589934592" kubernetesVersion: ci/${CI_VERSION} + scheduler: + extraArgs: + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 diff --git a/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml b/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml new file mode 100644 index 00000000000..f5bfc443c9f --- /dev/null +++ b/templates/test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml @@ -0,0 +1,12 @@ +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/feature-gates + value: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/apiServer/extraArgs/runtime-config + value: api/all=true +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/controllerManager/extraArgs/feature-gates + value: AllAlpha=true,AllBeta=true +- op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler/extraArgs/feature-gates + value: AllAlpha=true,AllBeta=true diff --git a/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml b/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml index 6e5dfc7604a..de1db3ff204 100644 --- a/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml +++ b/templates/test/ci/prow-ci-version-md-and-mp/kustomization.yaml @@ -4,7 +4,17 @@ namespace: default resources: - ../prow-ci-version - ../../../flavors/machinepool/machine-pool-deployment.yaml -patches: +patches: +- patch: |- + - op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler + value: + extraArgs: {} + target: + kind: KubeadmControlPlane +- path: ../patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml + target: + kind: KubeadmControlPlane - path: ../prow-machine-pool-ci-version/patches/kubeadm-bootstrap-k8s-ci-binaries.yaml target: group: bootstrap.cluster.x-k8s.io diff --git a/templates/test/dev/cluster-template-custom-builds-load.yaml b/templates/test/dev/cluster-template-custom-builds-load.yaml index 830b1d3dd93..ae44b16eb29 100644 --- a/templates/test/dev/cluster-template-custom-builds-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load.yaml @@ -60,13 +60,16 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -78,6 +81,7 @@ spec: extraArgs: authorization-always-allow-paths: /healthz,/readyz,/livez,/metrics bind-address: 0.0.0.0 + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml index b84b162195e..c77a61a3ec4 100644 --- a/templates/test/dev/cluster-template-custom-builds.yaml +++ b/templates/test/dev/cluster-template-custom-builds.yaml @@ -58,13 +58,16 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} + runtime-config: api/all=true timeoutForControlPlane: 20m controllerManager: extraArgs: allocate-node-cidrs: "false" cloud-provider: external cluster-name: ${CLUSTER_NAME} + feature-gates: AllAlpha=true,AllBeta=true v: "4" etcd: local: @@ -72,6 +75,9 @@ spec: extraArgs: quota-backend-bytes: "8589934592" kubernetesVersion: ci/${CI_VERSION} + scheduler: + extraArgs: + feature-gates: AllAlpha=true,AllBeta=true diskSetup: filesystems: - device: /dev/disk/azure/scsi1/lun0 diff --git a/templates/test/dev/custom-builds/kustomization.yaml b/templates/test/dev/custom-builds/kustomization.yaml index 7ce7e16d920..45b4e5e323f 100644 --- a/templates/test/dev/custom-builds/kustomization.yaml +++ b/templates/test/dev/custom-builds/kustomization.yaml @@ -5,6 +5,16 @@ resources: - ../../../test/ci/prow - ../../../addons/metrics-server/metrics-server-resource-set.yaml patches: +- patch: |- + - op: add + path: /spec/kubeadmConfigSpec/clusterConfiguration/scheduler + value: + extraArgs: {} + target: + kind: KubeadmControlPlane +- path: ../../../test/ci/patches/alpha-beta-feature-gates-kubeadmcontrolplane.yaml + target: + kind: KubeadmControlPlane - path: ../../../test/ci/prow-ci-version/patches/oot-credential-provider.yaml target: group: bootstrap.cluster.x-k8s.io From 481c3b719e05f50936c3ffdf7634f7070ccfc562 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 2 Apr 2026 16:27:44 -0600 Subject: [PATCH 10/61] Bump CAAPH to v0.6.2 --- Makefile | 2 +- Tiltfile | 2 +- .../src/developers/getting-started-with-capi-operator.md | 2 +- test/e2e/config/azure-dev.yaml | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 5fcc813fb21..a5f3572a2d9 100644 --- a/Makefile +++ b/Makefile @@ -364,7 +364,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAAPH - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.1/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAPZ if [ "$(MGMT_CLUSTER_TYPE)" != "aks" ]; then \ diff --git a/Tiltfile b/Tiltfile index 78c5d80c21d..11e68e8f835 100644 --- a/Tiltfile +++ b/Tiltfile @@ -23,7 +23,7 @@ settings = { "preload_images_for_kind": True, "kind_cluster_name": "capz", "capi_version": "v1.12.4", - "caaph_version": "v0.6.1", + "caaph_version": "v0.6.2", "cert_manager_version": "v1.19.1", "kubernetes_version": "v1.33.6", "aks_kubernetes_version": "v1.30.2", diff --git a/docs/book/src/developers/getting-started-with-capi-operator.md b/docs/book/src/developers/getting-started-with-capi-operator.md index 16e3f475a4b..4897c18ffbd 100644 --- a/docs/book/src/developers/getting-started-with-capi-operator.md +++ b/docs/book/src/developers/getting-started-with-capi-operator.md @@ -122,7 +122,7 @@ Create a `values.yaml` file for the CAPI Operator Helm chart like so: ```yaml core: "cluster-api:v1.12.4" infrastructure: "azure:v1.17.2" -addon: "helm:v0.6.1" +addon: "helm:v0.6.2" manager: featureGates: core: diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index a84799f8b09..dcd9512b393 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -209,8 +209,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v0.6.1 - value: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.1/addon-components.yaml + - name: v0.6.2 + value: https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml type: url contract: v1beta1 files: @@ -263,7 +263,7 @@ variables: OLD_PROVIDER_UPGRADE_VERSION: "v1.22.2" LATEST_PROVIDER_UPGRADE_VERSION: "v1.23.0" OLD_CAAPH_UPGRADE_VERSION: "v0.5.3" - LATEST_CAAPH_UPGRADE_VERSION: "v0.6.1" + LATEST_CAAPH_UPGRADE_VERSION: "v0.6.2" CI_RG: "${CI_RG:-capz-ci}" USER_IDENTITY: "${USER_IDENTITY:-cloud-provider-user-identity}" EXP_APISERVER_ILB: "true" From 6c9426cd1092a84032d362e1c81b94800859c870 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 3 Apr 2026 12:19:03 -0600 Subject: [PATCH 11/61] Bump Ray and KubeRay e2e test versions to latest releases (#6203) * Bump Ray and KubeRay versions to latest releases * Fix KubeRay e2e: increase head resources and cap object store memory * Reduce head memory request to fit on self-managed nodes * Label KubeRay tests with [KubeRay] instead of [OPTIONAL] Use a dedicated [KubeRay] Ginkgo label so these tests only run from the pull-cluster-api-provider-azure-e2e-kuberay presubmit job and are excluded from the general e2e-optional job. --- test/e2e/azure_kuberay.go | 33 +++++++++++++++++++-------------- test/e2e/azure_test.go | 2 +- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/test/e2e/azure_kuberay.go b/test/e2e/azure_kuberay.go index 8e5041b3114..028cb04a984 100644 --- a/test/e2e/azure_kuberay.go +++ b/test/e2e/azure_kuberay.go @@ -41,8 +41,9 @@ const ( kubeRayOperatorHelmChartName = "kuberay-operator" kubeRayOperatorHelmReleaseName = "kuberay-operator" kubeRayOperatorNamespace = "default" - kubeRayVersion = "1.3.0" - rayImage = "rayproject/ray:2.41.0" + kubeRayVersion = "1.6.0" + rayVersion = "2.54.1" + rayImage = "rayproject/ray:" + rayVersion ) var rayClusterGVR = schema.GroupVersionResource{ @@ -286,10 +287,11 @@ func newRayClusterUnstructured(name, namespace string) *unstructured.Unstructure "namespace": namespace, }, "spec": map[string]interface{}{ - "rayVersion": "2.41.0", + "rayVersion": rayVersion, "headGroupSpec": map[string]interface{}{ "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", + "dashboard-host": "0.0.0.0", + "object-store-memory": "200000000", }, "template": map[string]interface{}{ "spec": map[string]interface{}{ @@ -313,12 +315,12 @@ func newRayClusterUnstructured(name, namespace string) *unstructured.Unstructure }, "resources": map[string]interface{}{ "requests": map[string]interface{}{ - "cpu": "300m", + "cpu": "500m", "memory": "1Gi", }, "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "2Gi", + "cpu": "1", + "memory": "4Gi", }, }, }, @@ -333,7 +335,8 @@ func newRayClusterUnstructured(name, namespace string) *unstructured.Unstructure "maxReplicas": int64(1), "groupName": "small-group", "rayStartParams": map[string]interface{}{ - "num-cpus": "1", + "num-cpus": "1", + "object-store-memory": "200000000", }, "template": map[string]interface{}{ "spec": map[string]interface{}{ @@ -399,10 +402,11 @@ func newRayJobUnstructured(name, namespace string) *unstructured.Unstructured { }, }, "rayClusterSpec": map[string]interface{}{ - "rayVersion": "2.41.0", + "rayVersion": rayVersion, "headGroupSpec": map[string]interface{}{ "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", + "dashboard-host": "0.0.0.0", + "object-store-memory": "200000000", }, "template": map[string]interface{}{ "spec": map[string]interface{}{ @@ -426,12 +430,12 @@ func newRayJobUnstructured(name, namespace string) *unstructured.Unstructured { }, "resources": map[string]interface{}{ "requests": map[string]interface{}{ - "cpu": "300m", + "cpu": "500m", "memory": "1Gi", }, "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "2Gi", + "cpu": "1", + "memory": "4Gi", }, }, }, @@ -446,7 +450,8 @@ func newRayJobUnstructured(name, namespace string) *unstructured.Unstructured { "maxReplicas": int64(1), "groupName": "small-group", "rayStartParams": map[string]interface{}{ - "num-cpus": "1", + "num-cpus": "1", + "object-store-memory": "200000000", }, "template": map[string]interface{}{ "spec": map[string]interface{}{ diff --git a/test/e2e/azure_test.go b/test/e2e/azure_test.go index fb64d5a5113..e8ec2fd7227 100644 --- a/test/e2e/azure_test.go +++ b/test/e2e/azure_test.go @@ -1464,7 +1464,7 @@ spec: // KubeRay tests deploy the KubeRay operator and verify Ray workloads run on a CAPZ cluster. // These correspond to the RayCluster and RayJob E2E test cases from the KubeRay buildkite CI. - Context("Creating a cluster and deploying KubeRay [OPTIONAL]", func() { + Context("Creating an AKS cluster and deploying KubeRay [KubeRay]", func() { It("Creates a RayCluster and verifies it becomes ready", func() { clusterName = getClusterName(clusterNamePrefix, "kuberay") kubernetesVersion, err := GetAKSKubernetesVersion(ctx, e2eConfig, AKSKubernetesVersion) From 0cf29313fa5a73f473aa1cb7e3ba9b1c0a55692a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 13:05:42 +0000 Subject: [PATCH 12/61] dependabot(deps): bump step-security/harden-runner Bumps the all-github-actions group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner). Updates `step-security/harden-runner` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594...fe104658747b27e96e4f7e80cd0a94068e53901d) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.16.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/cover.yaml | 2 +- .github/workflows/dependabot-code-gen.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint-docs.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ce57c3ae769..fdc24476782 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index d2bc5aad07b..f91e9839cfe 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index 7c178a6351c..25cfc46f1cb 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Get Go version diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 1d8a2052c05..b4a506d62ae 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml index 6ef1a07f4ea..a2bce629e6e 100644 --- a/.github/workflows/lint-docs.yaml +++ b/.github/workflows/lint-docs.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index de4ec5f571c..df6ed9a8ab5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: release_tag: ${{ steps.release-version.outputs.release_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Checkout code @@ -92,7 +92,7 @@ jobs: needs: push_release_tag steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit - name: Set env diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f30f49e9caa..3e0aa480002 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 with: egress-policy: audit From bfcbba6b992f7b64d9d09e663cf1f7c8fc9bf92e Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 6 Apr 2026 14:43:30 -0600 Subject: [PATCH 13/61] Bump Go toolchain to v1.25.8 (#6161) * Bump Go toolchain to v1.25.8 * Bump golang.org/x/net to v0.51.0 * Update trivy version to v0.69.2 * Fix go_install.sh to use project toolchain for tool builds --- Dockerfile | 2 +- Makefile | 6 +++++- Tiltfile | 2 +- go.mod | 6 +++--- go.sum | 4 ++-- hack/ensure-go.sh | 2 +- hack/tools/go.mod | 4 ++-- hack/verify-container-images.sh | 3 ++- netlify.toml | 2 +- scripts/go_install.sh | 11 +++++++++++ 10 files changed, 29 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index e1684c9d1d7..bc8a2ff48d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ ARG ARCH # Build the manager binary -FROM golang:1.24 AS builder +FROM golang:1.25 AS builder WORKDIR /workspace # Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy diff --git a/Makefile b/Makefile index a5f3572a2d9..316abed384a 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,10 @@ GOPROXY := https://proxy.golang.org endif export GOPROXY +# Ensure correct toolchain is used +GOTOOLCHAIN = go$(GO_VERSION) +export GOTOOLCHAIN + # Active module mode, as we use go modules to manage dependencies export GO111MODULE=on @@ -110,7 +114,7 @@ RELEASE_NOTES_VER := v0.18.0 RELEASE_NOTES_BIN := release-notes RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER) -TRIVY_VER := 0.64.0 +TRIVY_VER := 0.69.2 KPROMO_VER := v4.0.5 KPROMO_BIN := kpromo diff --git a/Tiltfile b/Tiltfile index 11e68e8f835..ae59212aa12 100644 --- a/Tiltfile +++ b/Tiltfile @@ -173,7 +173,7 @@ def validate_auth(): tilt_helper_dockerfile_header = """ # Tilt image -FROM golang:1.24 AS tilt-helper +FROM golang:1.25 AS tilt-helper # Support live reloading with Tilt RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com/windmilleng/rerun-process-wrapper/master/restart.sh && \ wget --output-document /start.sh --quiet https://raw.githubusercontent.com/windmilleng/rerun-process-wrapper/master/start.sh && \ diff --git a/go.mod b/go.mod index cd9cfd2fe55..11b630277df 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,8 @@ module sigs.k8s.io/cluster-api-provider-azure -go 1.24.6 +go 1.25.0 -toolchain go1.24.13 +toolchain go1.25.8 // Workaround for prometheus/common v0.66.0+ breaking change that causes panic // in cluster-api test framework's TextParser usage. Pin prometheus dependencies @@ -195,7 +195,7 @@ require ( go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.50.0 // indirect + golang.org/x/net v0.51.0 // indirect golang.org/x/oauth2 v0.35.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.41.0 // indirect diff --git a/go.sum b/go.sum index bd2f13ecee0..2f72835b7ec 100644 --- a/go.sum +++ b/go.sum @@ -534,8 +534,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= -golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM= +golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= +golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= diff --git a/hack/ensure-go.sh b/hack/ensure-go.sh index 3fc7d3f7c41..87239635980 100755 --- a/hack/ensure-go.sh +++ b/hack/ensure-go.sh @@ -31,7 +31,7 @@ EOF local go_version IFS=" " read -ra go_version <<< "$(go version)" local minimum_go_version - minimum_go_version=go1.24.13 + minimum_go_version=go1.25.8 if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "${go_version[2]}" != "devel" ]]; then cat < /dev/null || true +# Ensure tools are built with the project's Go toolchain version. +# CI images may have an older Go as the default, and `go install module@version` +# uses the module's own go.mod for toolchain selection, which may not require +# the newer Go version needed to process this project's source files. +if [ -f go.mod ]; then + toolchain=$(sed -n 's/^toolchain //p' go.mod) + if [ -n "${toolchain}" ]; then + export GOTOOLCHAIN="${toolchain}" + fi +fi + # install the golang module specified as the first argument go install -tags capztools "${1}@${3}" mv "${GOBIN}/${2}" "${GOBIN}/${2}-${3}" From 81bbc7d276b3deacd6dce3d505e1c771e93bde57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 20:44:59 +0000 Subject: [PATCH 14/61] dependabot(deps): bump golang.org/x/text from 0.34.0 to 0.35.0 Bumps [golang.org/x/text](https://github.com/golang/text) from 0.34.0 to 0.35.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 11b630277df..e3d61735858 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( golang.org/x/crypto v0.48.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b golang.org/x/mod v0.33.0 - golang.org/x/text v0.34.0 + golang.org/x/text v0.35.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.34.3 k8s.io/apimachinery v0.34.3 @@ -197,11 +197,11 @@ require ( go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/net v0.51.0 // indirect golang.org/x/oauth2 v0.35.0 // indirect - golang.org/x/sync v0.19.0 // indirect + golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.41.0 // indirect golang.org/x/term v0.40.0 // indirect golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.41.0 // indirect + golang.org/x/tools v0.42.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect diff --git a/go.sum b/go.sum index 2f72835b7ec..70cfce796c2 100644 --- a/go.sum +++ b/go.sum @@ -541,8 +541,8 @@ golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwE golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= -golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -561,16 +561,16 @@ golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= +golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= +golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From f876d3808762fd338dea33d386180ec03932cc99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 22:18:57 +0000 Subject: [PATCH 15/61] dependabot(deps): bump golang.org/x/mod from 0.33.0 to 0.34.0 Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.33.0 to 0.34.0. - [Commits](https://github.com/golang/mod/compare/v0.33.0...v0.34.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.34.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e3d61735858..ff519d07ad1 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( go.uber.org/mock v0.6.0 golang.org/x/crypto v0.48.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b - golang.org/x/mod v0.33.0 + golang.org/x/mod v0.34.0 golang.org/x/text v0.35.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.34.3 diff --git a/go.sum b/go.sum index 70cfce796c2..ab258fed23c 100644 --- a/go.sum +++ b/go.sum @@ -527,8 +527,8 @@ golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= From 2d6679055b5c6be2e679ddb8630a66b183405b2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 23:50:42 +0000 Subject: [PATCH 16/61] dependabot(deps): bump golang.org/x/crypto from 0.48.0 to 0.49.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.48.0 to 0.49.0. - [Commits](https://github.com/golang/crypto/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index ff519d07ad1..7f2f56016bc 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.41.0 go.opentelemetry.io/otel/trace v1.41.0 go.uber.org/mock v0.6.0 - golang.org/x/crypto v0.48.0 + golang.org/x/crypto v0.49.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b golang.org/x/mod v0.34.0 golang.org/x/text v0.35.0 @@ -198,8 +198,8 @@ require ( golang.org/x/net v0.51.0 // indirect golang.org/x/oauth2 v0.35.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.41.0 // indirect - golang.org/x/term v0.40.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/term v0.41.0 // indirect golang.org/x/time v0.12.0 // indirect golang.org/x/tools v0.42.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect diff --git a/go.sum b/go.sum index ab258fed23c..5d2c80e204c 100644 --- a/go.sum +++ b/go.sum @@ -521,8 +521,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= -golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= +golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -554,11 +554,11 @@ golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= From d9c41086e6a48e50363b1c5f175ec193fdff5192 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 6 Apr 2026 21:17:29 -0600 Subject: [PATCH 17/61] Add e2e spec for self-managed kuberay (#6200) * Add e2e spec for self-managed kuberay * Use CI K8s builds for self-managed KubeRay tests Follow the conformance CI pattern: resolve the latest CI Kubernetes version from dl.k8s.io and use the ci-version flavor template which downloads K8s binaries from source. This ensures the self-managed KubeRay tests exercise the in-development Kubernetes at main rather than only stable releases. * Use objectStoreMemory constant for Ray object store size * Extract shared rayClusterSpec helper to reduce duplication --- test/e2e/azure_kuberay.go | 212 +++++++++++---------------------- test/e2e/azure_test.go | 89 ++++++++++++++ test/e2e/config/azure-dev.yaml | 2 + 3 files changed, 163 insertions(+), 140 deletions(-) diff --git a/test/e2e/azure_kuberay.go b/test/e2e/azure_kuberay.go index 028cb04a984..55aec621646 100644 --- a/test/e2e/azure_kuberay.go +++ b/test/e2e/azure_kuberay.go @@ -44,6 +44,7 @@ const ( kubeRayVersion = "1.6.0" rayVersion = "2.54.1" rayImage = "rayproject/ray:" + rayVersion + objectStoreMemory = "200000000" // ~200MB, prevents Ray from consuming all of /dev/shm ) var rayClusterGVR = schema.GroupVersionResource{ @@ -286,81 +287,7 @@ func newRayClusterUnstructured(name, namespace string) *unstructured.Unstructure "name": name, "namespace": namespace, }, - "spec": map[string]interface{}{ - "rayVersion": rayVersion, - "headGroupSpec": map[string]interface{}{ - "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", - "object-store-memory": "200000000", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-head", - "image": rayImage, - "ports": []interface{}{ - map[string]interface{}{ - "containerPort": int64(6379), - "name": "gcs-server", - }, - map[string]interface{}{ - "containerPort": int64(8265), - "name": "dashboard", - }, - map[string]interface{}{ - "containerPort": int64(10001), - "name": "client", - }, - }, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "1", - "memory": "4Gi", - }, - }, - }, - }, - }, - }, - }, - "workerGroupSpecs": []interface{}{ - map[string]interface{}{ - "replicas": int64(1), - "minReplicas": int64(1), - "maxReplicas": int64(1), - "groupName": "small-group", - "rayStartParams": map[string]interface{}{ - "num-cpus": "1", - "object-store-memory": "200000000", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-worker", - "image": rayImage, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - }, - }, - }, - }, - }, - }, - }, - }, + "spec": rayClusterSpec(), }, } } @@ -401,75 +328,80 @@ func newRayJobUnstructured(name, namespace string) *unstructured.Unstructured { }, }, }, - "rayClusterSpec": map[string]interface{}{ - "rayVersion": rayVersion, - "headGroupSpec": map[string]interface{}{ - "rayStartParams": map[string]interface{}{ - "dashboard-host": "0.0.0.0", - "object-store-memory": "200000000", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-head", - "image": rayImage, - "ports": []interface{}{ - map[string]interface{}{ - "containerPort": int64(6379), - "name": "gcs-server", - }, - map[string]interface{}{ - "containerPort": int64(8265), - "name": "dashboard", - }, - map[string]interface{}{ - "containerPort": int64(10001), - "name": "client", - }, - }, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "1", - "memory": "4Gi", - }, - }, - }, + "rayClusterSpec": rayClusterSpec(), + }, + }, + } +} + +// rayClusterSpec returns the shared RayCluster spec used by both RayCluster and RayJob resources. +func rayClusterSpec() map[string]interface{} { + return map[string]interface{}{ + "rayVersion": rayVersion, + "headGroupSpec": map[string]interface{}{ + "rayStartParams": map[string]interface{}{ + "dashboard-host": "0.0.0.0", + "object-store-memory": objectStoreMemory, + }, + "template": map[string]interface{}{ + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "name": "ray-head", + "image": rayImage, + "ports": []interface{}{ + map[string]interface{}{ + "containerPort": int64(6379), + "name": "gcs-server", + }, + map[string]interface{}{ + "containerPort": int64(8265), + "name": "dashboard", + }, + map[string]interface{}{ + "containerPort": int64(10001), + "name": "client", + }, + }, + "resources": map[string]interface{}{ + "requests": map[string]interface{}{ + "cpu": "500m", + "memory": "1Gi", + }, + "limits": map[string]interface{}{ + "cpu": "1", + "memory": "4Gi", }, }, }, }, - "workerGroupSpecs": []interface{}{ - map[string]interface{}{ - "replicas": int64(1), - "minReplicas": int64(1), - "maxReplicas": int64(1), - "groupName": "small-group", - "rayStartParams": map[string]interface{}{ - "num-cpus": "1", - "object-store-memory": "200000000", - }, - "template": map[string]interface{}{ - "spec": map[string]interface{}{ - "containers": []interface{}{ - map[string]interface{}{ - "name": "ray-worker", - "image": rayImage, - "resources": map[string]interface{}{ - "requests": map[string]interface{}{ - "cpu": "300m", - "memory": "1Gi", - }, - "limits": map[string]interface{}{ - "cpu": "500m", - "memory": "1Gi", - }, - }, - }, + }, + }, + }, + "workerGroupSpecs": []interface{}{ + map[string]interface{}{ + "replicas": int64(1), + "minReplicas": int64(1), + "maxReplicas": int64(1), + "groupName": "small-group", + "rayStartParams": map[string]interface{}{ + "num-cpus": "1", + "object-store-memory": objectStoreMemory, + }, + "template": map[string]interface{}{ + "spec": map[string]interface{}{ + "containers": []interface{}{ + map[string]interface{}{ + "name": "ray-worker", + "image": rayImage, + "resources": map[string]interface{}{ + "requests": map[string]interface{}{ + "cpu": "300m", + "memory": "1Gi", + }, + "limits": map[string]interface{}{ + "cpu": "500m", + "memory": "1Gi", }, }, }, diff --git a/test/e2e/azure_test.go b/test/e2e/azure_test.go index e8ec2fd7227..fcd9c58edd8 100644 --- a/test/e2e/azure_test.go +++ b/test/e2e/azure_test.go @@ -1531,4 +1531,93 @@ spec: By("PASSED!") }) }) + + // KubeRay tests on a self-managed VM-based cluster. + Context("Creating a self-managed cluster and deploying KubeRay [KubeRay]", func() { + It("Creates a RayCluster and verifies it becomes ready", func() { + clusterName = getClusterName(clusterNamePrefix, "vm-kuberay") + kubernetesVersion, err := resolveCIVersion("latest") + Expect(err).NotTo(HaveOccurred()) + Expect(os.Setenv("CI_VERSION", kubernetesVersion)).To(Succeed()) + Expect(os.Setenv("CLOUD_PROVIDER_AZURE_LABEL", "azure-ci")).To(Succeed()) + + clusterctl.ApplyClusterTemplateAndWait(ctx, createApplyClusterTemplateInput( + specName, + withFlavor("ci-version"), + withNamespace(namespace.Name), + withClusterName(clusterName), + withKubernetesVersion(kubernetesVersion), + withControlPlaneMachineCount(1), + withWorkerMachineCount(1), + withControlPlaneWaiters(clusterctl.ControlPlaneWaiters{ + WaitForControlPlaneInitialized: EnsureControlPlaneInitialized, + }), + withPostMachinesProvisioned(func() { + EnsureDaemonsets(ctx, func() DaemonsetsSpecInput { + return DaemonsetsSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + } + }) + }), + ), result) + + By("Running the KubeRay RayCluster spec", func() { + KubeRayClusterSpec(ctx, func() KubeRayClusterSpecInput { + return KubeRayClusterSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + SkipCleanup: skipCleanup, + } + }) + }) + + By("PASSED!") + }) + + It("Creates a RayJob and verifies it completes successfully", func() { + clusterName = getClusterName(clusterNamePrefix, "vm-rayjob") + kubernetesVersion, err := resolveCIVersion("latest") + Expect(err).NotTo(HaveOccurred()) + Expect(os.Setenv("CI_VERSION", kubernetesVersion)).To(Succeed()) + Expect(os.Setenv("CLOUD_PROVIDER_AZURE_LABEL", "azure-ci")).To(Succeed()) + + clusterctl.ApplyClusterTemplateAndWait(ctx, createApplyClusterTemplateInput( + specName, + withFlavor("ci-version"), + withNamespace(namespace.Name), + withClusterName(clusterName), + withKubernetesVersion(kubernetesVersion), + withControlPlaneMachineCount(1), + withWorkerMachineCount(1), + withControlPlaneWaiters(clusterctl.ControlPlaneWaiters{ + WaitForControlPlaneInitialized: EnsureControlPlaneInitialized, + }), + withPostMachinesProvisioned(func() { + EnsureDaemonsets(ctx, func() DaemonsetsSpecInput { + return DaemonsetsSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + } + }) + }), + ), result) + + By("Running the KubeRay RayJob spec", func() { + KubeRayJobSpec(ctx, func() KubeRayJobSpecInput { + return KubeRayJobSpecInput{ + BootstrapClusterProxy: bootstrapClusterProxy, + Namespace: namespace, + ClusterName: clusterName, + SkipCleanup: skipCleanup, + } + }) + }) + + By("PASSED!") + }) + }) }) diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index dcd9512b393..0a522a44fd6 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -140,6 +140,8 @@ providers: targetName: "cluster-template-nvidia-gpu.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-private.yaml" targetName: "cluster-template-private.yaml" + - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version.yaml" + targetName: "cluster-template-ci-version.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml" targetName: "cluster-template-conformance-ci-artifacts.yaml" - sourcePath: "${PWD}/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml" From 709500003b9f8f891ac5944691555c2e88337dfb Mon Sep 17 00:00:00 2001 From: Dennis Lerch Date: Tue, 7 Apr 2026 09:17:17 +0200 Subject: [PATCH 18/61] docs(aso): fix link formatting in ASO upgrade instructions --- docs/book/src/topics/aso.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/book/src/topics/aso.md b/docs/book/src/topics/aso.md index e9513abde6a..0f2f3871bd6 100644 --- a/docs/book/src/topics/aso.md +++ b/docs/book/src/topics/aso.md @@ -68,7 +68,7 @@ For example, to install all the CRDs of `cache.azure.com` and `MongodbDatabase.d CAPZ's installation of ASO configures only the ASO CRDs that are required by CAPZ. To make more resource types available, export `ADDITIONAL_ASO_CRDS` and then upgrade CAPZ. For example, to install the all CRDs of `cache.azure.com` and `MongodbDatabase.documentdb.azure.com`, follow these steps: - `export ADDITIONAL_ASO_CRDS="cache.azure.com/*;documentdb.azure.com/MongodbDatabase"` -- continue with the upgrade of CAPZ as specified [here](https://cluster-api.sigs.k8s.io/tasks/upgrading-cluster-api-versions.html?highlight=upgrade#when-to-upgrade] +- continue with the upgrade of CAPZ as specified [here](https://cluster-api.sigs.k8s.io/tasks/upgrading-cluster-api-versions.html?highlight=upgrade#when-to-upgrade) You will see that the `--crd-pattern` in Azure Service Operator's Deployment (in the `capz-system` namespace) looks like below: ``` From 811ba37e322c5ff3eb2bc81b33b264073ef97a25 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 6 Apr 2026 16:44:42 -0600 Subject: [PATCH 19/61] Fix custom-builds templates to use Azure Storage instead of dl.k8s.io The custom-builds control plane bootstrap patch was incorrectly replaced with the ci-version script during PR 5979 (CAPI bump). This caused control plane nodes to download Kubernetes binaries from dl.k8s.io and import container images from tarballs instead of using the Azure Storage Account and ACR as intended. Restore the correct custom-builds script that downloads binaries from ${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net and pulls images from ${REGISTRY} (ACR), matching the worker node patch and the custom-builds-windows variant. --- ...uster-template-custom-builds-load-dra.yaml | 72 +++++++++---------- .../cluster-template-custom-builds-load.yaml | 72 +++++++++---------- .../dev/cluster-template-custom-builds.yaml | 72 +++++++++---------- .../kubeadm-controlplane-bootstrap.yaml | 72 +++++++++---------- 4 files changed, 140 insertions(+), 148 deletions(-) diff --git a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml index 04b426da3ab..4f88a9fb6a7 100644 --- a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml @@ -153,47 +153,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/templates/test/dev/cluster-template-custom-builds-load.yaml b/templates/test/dev/cluster-template-custom-builds-load.yaml index ae44b16eb29..1db9e30ef56 100644 --- a/templates/test/dev/cluster-template-custom-builds-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load.yaml @@ -151,47 +151,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml index c77a61a3ec4..a4faa09634e 100644 --- a/templates/test/dev/cluster-template-custom-builds.yaml +++ b/templates/test/dev/cluster-template-custom-builds.yaml @@ -147,47 +147,45 @@ spec: echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" diff --git a/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml b/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml index 2605fa01dba..0395ff5bb67 100644 --- a/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml +++ b/templates/test/dev/custom-builds/patches/kubeadm-controlplane-bootstrap.yaml @@ -17,47 +17,45 @@ echo "$${LINE_SEPARATOR}" CI_VERSION=${CI_VERSION} - # Note: We assume if kubectl has the right version, everything else has as well - if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then - echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" - exit 0 + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + + systemctl stop kubelet + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + USE_AZ="false" + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + USE_AZ="true" + else + echo "az CLI not available, falling back to curl for binary downloads" fi - if [[ "$${CI_VERSION}" != "" ]]; then - CI_DIR=/tmp/k8s-ci - mkdir -p "$${CI_DIR}" - declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") - # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. - declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") - CONTAINER_EXT="tar" - echo "* testing version $${CI_VERSION}" - CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" - # Set CI_URL to the released binaries for actually released versions. - if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then - CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + echo "* downloading binary: https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" + if [[ "$${USE_AZ}" == "true" ]]; then + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -f "$${CI_DIR}/$${CI_PACKAGE}" --auth-mode login + else + curl --fail -L --retry 10 --retry-delay 5 "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${KUBE_GIT_VERSION}/bin/linux/amd64/$${CI_PACKAGE}" -o "$${CI_DIR}/$${CI_PACKAGE}" fi - for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do - # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev - # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl - echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" - wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" - chmod +x "$${CI_DIR}/$${CI_PACKAGE}" - mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" - done + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done - systemctl restart kubelet - IMAGE_REGISTRY_PREFIX=registry.k8s.io - # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io - if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then - IMAGE_REGISTRY_PREFIX=k8s.gcr.io - fi - for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do - echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" - $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" - done + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading container image: ${REGISTRY}/kube-apiserver:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images pull "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "${REGISTRY}/$${CI_CONTAINER}:${KUBE_IMAGE_TAG}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done echo "* checking binary versions" echo "ctr version: " "$(ctr version)" echo "kubeadm version: " "$(kubeadm version -o=short)" From 60627f97f26e4c0de5ddc08f1cb1393ab3e536d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 22:19:33 +0530 Subject: [PATCH 20/61] dependabot(deps): bump go.opentelemetry.io/otel from 1.41.0 to 1.43.0 (#6206) * dependabot(deps): bump go.opentelemetry.io/otel from 1.41.0 to 1.43.0 Bumps [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) from 1.41.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.41.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel dependency-version: 1.43.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Update all otel packages to v1.43.0 coordinately Dependabot only bumped go.opentelemetry.io/otel and otel/trace to v1.43.0 but left the other related packages at v1.41.0. The otel release v1.43.0/v0.65.0/v0.19.0 requires all packages to be updated in sync. Update the following packages to v1.43.0: - go.opentelemetry.io/otel/sdk - go.opentelemetry.io/otel/sdk/metric - go.opentelemetry.io/otel/exporters/otlp/otlptrace - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc - go.opentelemetry.io/proto/otlp (to v1.10.0) The prometheus exporter stays at v0.59.1 because upgrading it to v0.65.0 requires otlptranslator v1.0.0, which is incompatible with the existing replace directive needed for CAPI v1.12.4's TextParser usage. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matt Boersma --- go.mod | 32 +++++++++++++-------------- go.sum | 68 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 50 insertions(+), 50 deletions(-) diff --git a/go.mod b/go.mod index 7f2f56016bc..8360116cec1 100644 --- a/go.mod +++ b/go.mod @@ -40,14 +40,14 @@ require ( github.com/onsi/gomega v1.39.1 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.10 - github.com/prometheus/client_golang v1.23.0 + github.com/prometheus/client_golang v1.23.2 github.com/spf13/pflag v1.0.10 - go.opentelemetry.io/otel v1.41.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 + go.opentelemetry.io/otel v1.43.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 go.opentelemetry.io/otel/exporters/prometheus v0.59.1 - go.opentelemetry.io/otel/sdk v1.41.0 - go.opentelemetry.io/otel/sdk/metric v1.41.0 - go.opentelemetry.io/otel/trace v1.41.0 + go.opentelemetry.io/otel/sdk v1.43.0 + go.opentelemetry.io/otel/sdk/metric v1.43.0 + go.opentelemetry.io/otel/trace v1.43.0 go.uber.org/mock v0.6.0 golang.org/x/crypto v0.49.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b @@ -170,9 +170,9 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.65.0 // indirect + github.com/prometheus/common v0.67.5 // indirect github.com/prometheus/otlptranslator v1.0.0 // indirect - github.com/prometheus/procfs v0.19.2 // indirect + github.com/prometheus/procfs v0.20.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rotisserie/eris v0.5.4 // indirect github.com/sagikazarmark/locafero v0.11.0 // indirect @@ -190,12 +190,12 @@ require ( github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect - go.opentelemetry.io/otel/metric v1.41.0 // indirect - go.opentelemetry.io/proto/otlp v1.9.0 // indirect - go.yaml.in/yaml/v2 v2.4.3 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/metric v1.43.0 // indirect + go.opentelemetry.io/proto/otlp v1.10.0 // indirect + go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.51.0 // indirect + golang.org/x/net v0.52.0 // indirect golang.org/x/oauth2 v0.35.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.42.0 // indirect @@ -203,9 +203,9 @@ require ( golang.org/x/time v0.12.0 // indirect golang.org/x/tools v0.42.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect - google.golang.org/grpc v1.79.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect + google.golang.org/grpc v1.80.0 // indirect google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 5d2c80e204c..8d93563af73 100644 --- a/go.sum +++ b/go.sum @@ -396,16 +396,16 @@ github.com/pkg/sftp v1.13.10/go.mod h1:bJ1a7uDhrX/4OII+agvy28lzRvQrmIQuaHrcI1Hbe github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.23.0 h1:ust4zpdl9r4trLY/gSjlm07PuiBq2ynaXXlptpfy8Uc= -github.com/prometheus/client_golang v1.23.0/go.mod h1:i/o0R9ByOnHX0McrTMTyhYvKE4haaf2mW08I+jGAjEE= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.65.0 h1:QDwzd+G1twt//Kwj/Ww6E9FQq1iVMmODnILtW1t2VzE= -github.com/prometheus/common v0.65.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8= +github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4= +github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f h1:QQB6SuvGZjK8kdc2YaLJpYhV8fxauOsjE6jgcL6YJ8Q= github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f/go.mod h1:P8AwMgdD7XEr6QRUJ2QWLpiAZTgTE2UYgjlu3svompI= -github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= -github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= +github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -483,28 +483,28 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.6 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0/go.mod h1:KDgtbWKTQs4bM+VPUr6WlL9m/WXcmkCcBlIzqxPGzmI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0= -go.opentelemetry.io/otel v1.41.0 h1:YlEwVsGAlCvczDILpUXpIpPSL/VPugt7zHThEMLce1c= -go.opentelemetry.io/otel v1.41.0/go.mod h1:Yt4UwgEKeT05QbLwbyHXEwhnjxNO6D8L5PQP51/46dE= +go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= +go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/jaeger v1.16.0 h1:YhxxmXZ011C0aDZKoNw+juVWAmEfv/0W2XBOv9aHTaA= go.opentelemetry.io/otel/exporters/jaeger v1.16.0/go.mod h1:grYbBo/5afWlPpdPZYhyn78Bk04hnvxn2+hvxQhKIQM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 h1:wVZXIWjQSeSmMoxF74LzAnpVQOAFDo3pPji9Y4SOFKc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0/go.mod h1:khvBS2IggMFNwZK/6lEeHg/W57h/IX6J4URh57fuI40= go.opentelemetry.io/otel/exporters/prometheus v0.59.1 h1:HcpSkTkJbggT8bjYP+BjyqPWlD17BH9C5CYNKeDzmcA= go.opentelemetry.io/otel/exporters/prometheus v0.59.1/go.mod h1:0FJL+gjuUoM07xzik3KPBaN+nz/CoB15kV6WLMiXZag= -go.opentelemetry.io/otel/metric v1.41.0 h1:rFnDcs4gRzBcsO9tS8LCpgR0dxg4aaxWlJxCno7JlTQ= -go.opentelemetry.io/otel/metric v1.41.0/go.mod h1:xPvCwd9pU0VN8tPZYzDZV/BMj9CM9vs00GuBjeKhJps= -go.opentelemetry.io/otel/sdk v1.41.0 h1:YPIEXKmiAwkGl3Gu1huk1aYWwtpRLeskpV+wPisxBp8= -go.opentelemetry.io/otel/sdk v1.41.0/go.mod h1:ahFdU0G5y8IxglBf0QBJXgSe7agzjE4GiTJ6HT9ud90= -go.opentelemetry.io/otel/sdk/metric v1.41.0 h1:siZQIYBAUd1rlIWQT2uCxWJxcCO7q3TriaMlf08rXw8= -go.opentelemetry.io/otel/sdk/metric v1.41.0/go.mod h1:HNBuSvT7ROaGtGI50ArdRLUnvRTRGniSUZbxiWxSO8Y= -go.opentelemetry.io/otel/trace v1.41.0 h1:Vbk2co6bhj8L59ZJ6/xFTskY+tGAbOnCtQGVVa9TIN0= -go.opentelemetry.io/otel/trace v1.41.0/go.mod h1:U1NU4ULCoxeDKc09yCWdWe+3QoyweJcISEVa1RBzOis= -go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= -go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= +go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= +go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= +go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= +go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= +go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= +go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= +go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= +go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= +go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= +go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= @@ -513,8 +513,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc= go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= -go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= +go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -534,8 +534,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -577,14 +577,14 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= -google.golang.org/grpc v1.79.1 h1:zGhSi45ODB9/p3VAawt9a+O/MULLl9dpizzNNpq7flY= -google.golang.org/grpc v1.79.1/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= +google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= +google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= +google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From eb94a6b99791641de9a514b8080cd4800bdc2bbd Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 8 Apr 2026 10:39:34 -0600 Subject: [PATCH 21/61] Bump Go toolchain to v1.25.9 --- AGENTS.md | 2 +- cloudbuild.yaml | 2 +- go.mod | 2 +- hack/ensure-go.sh | 2 +- hack/tools/go.mod | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 94c78f63f5b..a7e2274aba0 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -203,7 +203,7 @@ make generate-go # Regenerates mocks in azure/services/*/mock_*/ - `main.go`: Entry point, registers controllers and webhooks - `Makefile`: All build/test/dev targets - `Tiltfile`: Local development with Tilt -- `go.mod`: Go dependencies (uses Go 1.24+) +- `go.mod`: Go dependencies (uses Go 1.25+) - `config/`: Kustomize configurations for CRDs, RBAC, webhooks, manager - `templates/`: Cluster template flavors for different scenarios - `test/e2e/`: E2E test suites and data files diff --git a/cloudbuild.yaml b/cloudbuild.yaml index e584386e8f2..88dd3e678cd 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -4,7 +4,7 @@ options: substitution_option: ALLOW_LOOSE machineType: 'E2_HIGHCPU_8' steps: - - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250513-9264efb079' # Go 1.24 + - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud@sha256:8d6a3a5b895e6776dbe9115b75db1412fbe57299b8db329d45cb54680e462b0b' # v20251211-4c812d4cd8 entrypoint: make env: - DOCKER_CLI_EXPERIMENTAL=enabled diff --git a/go.mod b/go.mod index 8360116cec1..58781a95c39 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module sigs.k8s.io/cluster-api-provider-azure go 1.25.0 -toolchain go1.25.8 +toolchain go1.25.9 // Workaround for prometheus/common v0.66.0+ breaking change that causes panic // in cluster-api test framework's TextParser usage. Pin prometheus dependencies diff --git a/hack/ensure-go.sh b/hack/ensure-go.sh index 87239635980..817b8231422 100755 --- a/hack/ensure-go.sh +++ b/hack/ensure-go.sh @@ -31,7 +31,7 @@ EOF local go_version IFS=" " read -ra go_version <<< "$(go version)" local minimum_go_version - minimum_go_version=go1.25.8 + minimum_go_version=go1.25.9 if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) && "${go_version[2]}" != "devel" ]]; then cat < Date: Wed, 8 Apr 2026 12:57:32 -0600 Subject: [PATCH 22/61] Fix MachinePoolScope.Close() recreating machines during deletion (#6213) * Fix MachinePoolScope.Close() recreating machines during deletion * Fix lint: remove unused getVirtualMachineScaleSet, fix gci formatting * Improve code comment about MachinePool sync guard --- azure/scope/machinepool.go | 7 +- azure/scope/machinepool_test.go | 147 +++++++++++++++++++++ azure/services/scalesets/scalesets.go | 37 +----- azure/services/scalesets/scalesets_test.go | 21 --- 4 files changed, 154 insertions(+), 58 deletions(-) diff --git a/azure/scope/machinepool.go b/azure/scope/machinepool.go index 2837b116245..228af6fe5b2 100644 --- a/azure/scope/machinepool.go +++ b/azure/scope/machinepool.go @@ -692,7 +692,12 @@ func (m *MachinePoolScope) Close(ctx context.Context) error { ctx, log, done := tele.StartSpanWithLogger(ctx, "scope.MachinePoolScope.Close") defer done() - if m.vmssState != nil { + // Only sync MachinePool w/ MachinePoolMachines if the MachinePool + // represents an actual Azure VMSS (vmssState != nil), and if the + // MachinePool is not in an active state of deletion + // (DeletionTimestamp.IsZero()) to avoid recreating + // AzureMachinePoolMachines that reconcileDelete just removed. + if m.vmssState != nil && m.AzureMachinePool.DeletionTimestamp.IsZero() { if err := m.applyAzureMachinePoolMachines(ctx); err != nil { log.Error(err, "failed to apply changes to the AzureMachinePoolMachines") return errors.Wrap(err, "failed to apply changes to AzureMachinePoolMachines") diff --git a/azure/scope/machinepool_test.go b/azure/scope/machinepool_test.go index 4c1e9e5b177..bf589350470 100644 --- a/azure/scope/machinepool_test.go +++ b/azure/scope/machinepool_test.go @@ -1568,6 +1568,153 @@ func TestMachinePoolScope_applyAzureMachinePoolMachines(t *testing.T) { } } +func TestMachinePoolScope_Close_SkipsMachineSyncDuringDeletion(t *testing.T) { + ctx, cancel := context.WithCancel(t.Context()) + defer cancel() + scheme := runtime.NewScheme() + _ = clusterv1.AddToScheme(scheme) + _ = infrav1exp.AddToScheme(scheme) + _ = infrav1.AddToScheme(scheme) + + tests := []struct { + Name string + Setup func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) + // PostFetch runs after objects are fetched from the fake client (with server-generated metadata). + // Use this to set fields like DeletionTimestamp that the fake client won't persist from WithObjects. + PostFetch func(amp *infrav1exp.AzureMachinePool) + Verify func(g *WithT, c client.Client, err error) + }{ + { + Name: "Close does not recreate AzureMachinePoolMachines when AzureMachinePool has a deletion timestamp", + Setup: func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) { + mp.Spec.Replicas = ptr.To[int32](1) + amp.Finalizers = []string{clusterv1.MachinePoolFinalizer} + + // Simulate the race: VMSS is still visible in Azure with a running instance, + // but the AzureMachinePoolMachine for it has already been deleted by reconcileDelete. + vmssState.Instances = []azure.VMSSVM{ + { + ID: "/subscriptions/123/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss/virtualMachines/1", + Name: "ampm1", + State: infrav1.Succeeded, + }, + } + }, + PostFetch: func(amp *infrav1exp.AzureMachinePool) { + now := metav1.Now() + amp.DeletionTimestamp = &now + }, + Verify: func(g *WithT, c client.Client, err error) { + g.Expect(err).NotTo(HaveOccurred()) + // The key assertion: no AzureMachinePoolMachine should have been created + list := infrav1exp.AzureMachinePoolMachineList{} + g.Expect(c.List(ctx, &list)).NotTo(HaveOccurred()) + g.Expect(list.Items).Should(BeEmpty()) + }, + }, + { + Name: "Close creates AzureMachinePoolMachines when AzureMachinePool is not being deleted", + Setup: func(mp *clusterv1.MachinePool, amp *infrav1exp.AzureMachinePool, vmssState *azure.VMSS) { + mp.Spec.Replicas = ptr.To[int32](1) + + vmssState.Instances = []azure.VMSSVM{ + { + ID: "/subscriptions/123/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachineScaleSets/my-vmss/virtualMachines/1", + Name: "ampm1", + State: infrav1.Succeeded, + }, + } + }, + Verify: func(g *WithT, c client.Client, err error) { + g.Expect(err).NotTo(HaveOccurred()) + // Normal case: AzureMachinePoolMachine should have been created + list := infrav1exp.AzureMachinePoolMachineList{} + g.Expect(c.List(ctx, &list)).NotTo(HaveOccurred()) + g.Expect(list.Items).Should(HaveLen(1)) + }, + }, + } + for _, tt := range tests { + t.Run(tt.Name, func(t *testing.T) { + var ( + g = NewWithT(t) + cluster = &clusterv1.Cluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "cluster1", + Namespace: "default", + }, + Spec: clusterv1.ClusterSpec{ + InfrastructureRef: clusterv1.ContractVersionedObjectReference{ + Name: "azCluster1", + Kind: "AzureCluster", + APIGroup: infrav1.GroupVersion.Group, + }, + }, + Status: clusterv1.ClusterStatus{ + Initialization: clusterv1.ClusterInitializationStatus{ + InfrastructureProvisioned: ptr.To(true), + }, + }, + } + mp = &clusterv1.MachinePool{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mp1", + Namespace: "default", + OwnerReferences: []metav1.OwnerReference{ + { + Name: "cluster1", + Kind: "Cluster", + APIVersion: clusterv1.GroupVersion.String(), + }, + }, + }, + } + amp = &infrav1exp.AzureMachinePool{ + ObjectMeta: metav1.ObjectMeta{ + Name: "amp1", + Namespace: "default", + OwnerReferences: []metav1.OwnerReference{ + { + Name: "mp1", + Kind: "MachinePool", + APIVersion: clusterv1.GroupVersion.String(), + }, + }, + }, + } + vmssState = &azure.VMSS{} + ) + + tt.Setup(mp, amp, vmssState) + + cb := fake.NewClientBuilder().WithScheme(scheme).WithObjects(amp, mp, cluster).WithStatusSubresource(amp) + c := cb.Build() + + // Re-fetch objects so they have proper metadata (ResourceVersion) for patching. + g.Expect(c.Get(ctx, client.ObjectKeyFromObject(amp), amp)).To(Succeed()) + g.Expect(c.Get(ctx, client.ObjectKeyFromObject(mp), mp)).To(Succeed()) + + if tt.PostFetch != nil { + tt.PostFetch(amp) + } + + s, err := NewMachinePoolScope(MachinePoolScopeParams{ + Client: c, + MachinePool: mp, + AzureMachinePool: amp, + ClusterScope: &ClusterScope{ + Cluster: cluster, + }, + }) + g.Expect(err).NotTo(HaveOccurred()) + s.vmssState = vmssState + + err = s.Close(ctx) + tt.Verify(g, c, err) + }) + } +} + func TestMachinePoolScope_setProvisioningStateAndConditions(t *testing.T) { scheme := runtime.NewScheme() _ = clusterv1.AddToScheme(scheme) diff --git a/azure/services/scalesets/scalesets.go b/azure/services/scalesets/scalesets.go index 680d1d092d0..60b6ecf6874 100644 --- a/azure/services/scalesets/scalesets.go +++ b/azure/services/scalesets/scalesets.go @@ -156,7 +156,7 @@ func (s *Service) updateScopeState(ctx context.Context, result any, scaleSetSpec // Delete deletes a scale set asynchronously. Delete sends a DELETE request to Azure and if accepted without error, // the VMSS will be considered deleted. The actual delete in Azure may take longer, but should eventually complete. func (s *Service) Delete(ctx context.Context) error { - ctx, log, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.Delete") + ctx, _, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.Delete") defer done() ctx, cancel := context.WithTimeout(ctx, s.Scope.DefaultedAzureServiceReconcileTimeout()) @@ -164,17 +164,6 @@ func (s *Service) Delete(ctx context.Context) error { scaleSetSpec := s.Scope.ScaleSetSpec(ctx) - defer func() { - fetchedVMSS, err := s.getVirtualMachineScaleSet(ctx, scaleSetSpec) - if err != nil && !azure.ResourceNotFound(err) { - log.Error(err, "failed to get vmss in deferred update") - } - - if fetchedVMSS != nil { - s.Scope.SetVMSSState(fetchedVMSS) - } - }() - err := s.DeleteResource(ctx, scaleSetSpec, serviceName) s.Scope.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, err) @@ -359,30 +348,6 @@ func (s *Service) validateAvailabilityZones(ctx context.Context, spec *ScaleSetS return nil } -// getVirtualMachineScaleSet provides information about a Virtual Machine Scale Set and its instances. -func (s *Service) getVirtualMachineScaleSet(ctx context.Context, spec azure.ResourceSpecGetter) (*azure.VMSS, error) { - ctx, _, done := tele.StartSpanWithLogger(ctx, "scalesets.Service.getVirtualMachineScaleSet") - defer done() - - vmssResult, err := s.Client.Get(ctx, spec) - if err != nil { - return nil, errors.Wrap(err, "failed to get existing VMSS") - } - vmss, ok := vmssResult.(armcompute.VirtualMachineScaleSet) - if !ok { - return nil, errors.Errorf("%T is not an armcompute.VirtualMachineScaleSet", vmssResult) - } - - vmssInstances, err := s.Client.ListInstances(ctx, spec.ResourceGroupName(), spec.ResourceName()) - if err != nil { - return nil, errors.Wrap(err, "failed to list instances") - } - - result := converters.SDKToVMSS(vmss, vmssInstances) - - return &result, nil -} - // IsManaged returns always returns true as CAPZ does not support BYO scale set. func (s *Service) IsManaged(_ context.Context) (bool, error) { return true, nil diff --git a/azure/services/scalesets/scalesets_test.go b/azure/services/scalesets/scalesets_test.go index 7f1ed2fe2a3..93b4acf987f 100644 --- a/azure/services/scalesets/scalesets_test.go +++ b/azure/services/scalesets/scalesets_test.go @@ -360,11 +360,6 @@ func TestReconcileVMSS(t *testing.T) { func TestDeleteVMSS(t *testing.T) { defaultSpec := newDefaultVMSSSpec() - defaultInstances := newDefaultInstances() - resultVMSS := newDefaultVMSS("VM_SIZE") - resultVMSS.ID = ptr.To(defaultVMSSID) - fetchedVMSS := converters.SDKToVMSS(getResultVMSS(), defaultInstances) - // Be careful about race conditions if you need modify these. testcases := []struct { name string @@ -379,21 +374,6 @@ func TestDeleteVMSS(t *testing.T) { s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(nil) s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, nil) - - m.Get(gomockinternal.AContext(), &defaultSpec).Return(resultVMSS, nil) - m.ListInstances(gomockinternal.AContext(), defaultSpec.ResourceGroup, defaultSpec.Name).Return(defaultInstances, nil) - s.SetVMSSState(&fetchedVMSS) - }, - }, - { - name: "successfully delete an existing vmss, fetch call returns error", - expectedError: "", - expect: func(s *mock_scalesets.MockScaleSetScopeMockRecorder, r *mock_async.MockReconcilerMockRecorder, m *mock_scalesets.MockClientMockRecorder) { - s.DefaultedAzureServiceReconcileTimeout().Return(reconciler.DefaultAzureServiceReconcileTimeout) - s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() - r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(nil) - s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, nil) - m.Get(gomockinternal.AContext(), &defaultSpec).Return(armcompute.VirtualMachineScaleSet{}, notFoundError) }, }, { @@ -404,7 +384,6 @@ func TestDeleteVMSS(t *testing.T) { s.ScaleSetSpec(gomockinternal.AContext()).Return(&defaultSpec).AnyTimes() r.DeleteResource(gomockinternal.AContext(), &defaultSpec, serviceName).Return(internalError()) s.UpdateDeleteStatus(infrav1.BootstrapSucceededCondition, serviceName, internalError()) - m.Get(gomockinternal.AContext(), &defaultSpec).Return(armcompute.VirtualMachineScaleSet{}, notFoundError) }, }, } From 23f95d15165d685879d0a822a695461e07b686f0 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 8 Apr 2026 13:43:23 -0600 Subject: [PATCH 23/61] Bump cert-manager to v1.20.1 --- Tiltfile | 2 +- hack/install-cert-manager.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Tiltfile b/Tiltfile index ae59212aa12..b86a9b93d9b 100644 --- a/Tiltfile +++ b/Tiltfile @@ -24,7 +24,7 @@ settings = { "kind_cluster_name": "capz", "capi_version": "v1.12.4", "caaph_version": "v0.6.2", - "cert_manager_version": "v1.19.1", + "cert_manager_version": "v1.20.1", "kubernetes_version": "v1.33.6", "aks_kubernetes_version": "v1.30.2", "flatcar_version": "3374.2.1", diff --git a/hack/install-cert-manager.sh b/hack/install-cert-manager.sh index f1478304e74..1b5f2d64ff0 100755 --- a/hack/install-cert-manager.sh +++ b/hack/install-cert-manager.sh @@ -54,7 +54,7 @@ source "${REPO_ROOT}/hack/common-vars.sh" make --directory="${REPO_ROOT}" "${KUBECTL##*/}" ## Install cert manager and wait for availability -"${KUBECTL}" apply -f https://github.com/jetstack/cert-manager/releases/download/v1.19.1/cert-manager.yaml +"${KUBECTL}" apply -f https://github.com/jetstack/cert-manager/releases/download/v1.20.1/cert-manager.yaml "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-cainjector "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-webhook From 55fe6f42e5be411a5cfd8cd7ee530739ea1d7ff4 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 9 Apr 2026 12:38:21 -0600 Subject: [PATCH 24/61] =?UTF-8?q?=F0=9F=8C=B1=20Bump=20CAPI=20to=20v1.13.0?= =?UTF-8?q?-rc.0=20(#6182)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update Makefile tool versions to match CAPI v1.13 * Bump CAPI dependency to v1.13.0-rc.0 * Add KCP taints to md-taints template for KCPAndMachineDeploymentRolloutSpec test The KCPAndMachineDeploymentRolloutSpec test expects both KCP and MachineDeployment to have pre-existing taints. Add a v1beta1 KCP strategic merge patch that sets machineTemplate.taints, matching the upstream CAPI test template structure. * Update e2e test configuration to use CAPI v1.13.0-rc.0 * Restore v1.12.4 CAPI provider entries for upgrade tests * Remove prometheus otlptranslator replace directive Upgrade go.opentelemetry.io/otel/exporters/prometheus from v0.59.1 to v0.65.0, which is compatible with the newer prometheus/otlptranslator. This allows removing the replace directive that was a workaround for prometheus/common v0.66.0+ breaking changes, since CAPI v1.13.0-beta.1 has already updated its test framework to use NewTextParser(). --- .golangci.yml | 6 +- Makefile | 20 +- Tiltfile | 2 +- ...ster.x-k8s.io_azureasomanagedclusters.yaml | 2 +- ...8s.io_azureasomanagedclustertemplates.yaml | 2 +- ...x-k8s.io_azureasomanagedcontrolplanes.yaml | 2 +- ..._azureasomanagedcontrolplanetemplates.yaml | 2 +- ....x-k8s.io_azureasomanagedmachinepools.yaml | 2 +- ...o_azureasomanagedmachinepooltemplates.yaml | 2 +- ...uster.x-k8s.io_azureclusteridentities.yaml | 2 +- ...ucture.cluster.x-k8s.io_azureclusters.yaml | 2 +- ...luster.x-k8s.io_azureclustertemplates.yaml | 2 +- ...ter.x-k8s.io_azuremachinepoolmachines.yaml | 2 +- ...re.cluster.x-k8s.io_azuremachinepools.yaml | 2 +- ...ucture.cluster.x-k8s.io_azuremachines.yaml | 2 +- ...luster.x-k8s.io_azuremachinetemplates.yaml | 2 +- ...cluster.x-k8s.io_azuremanagedclusters.yaml | 2 +- ...x-k8s.io_azuremanagedclustertemplates.yaml | 2 +- ...er.x-k8s.io_azuremanagedcontrolplanes.yaml | 2 +- ....io_azuremanagedcontrolplanetemplates.yaml | 2 +- ...ter.x-k8s.io_azuremanagedmachinepools.yaml | 2 +- ...s.io_azuremanagedmachinepooltemplates.yaml | 2 +- config/webhook/manifests.yaml | 68 +++--- .../azureasomanagedcontrolplane_controller.go | 7 +- ...easomanagedcontrolplane_controller_test.go | 29 +-- controllers/resource_reconciler.go | 4 +- controllers/resource_reconciler_test.go | 19 +- exp/api/v1beta1/azuremachinepool_webhook.go | 25 +-- .../azuremachinepoolmachine_webhook.go | 24 +-- go.mod | 67 +++--- go.sum | 201 +++++++----------- hack/tools/go.mod | 34 ++- hack/tools/go.sum | 120 ++++------- .../azureasomanagedcluster_webhook.go | 15 +- .../azureasomanagedcontrolplane_webhook.go | 15 +- .../azureasomanagedmachinepool_webhook.go | 15 +- internal/webhooks/azurecluster_webhook.go | 34 +-- .../webhooks/azureclusteridentity_webhook.go | 25 +-- .../webhooks/azureclustertemplate_webhook.go | 34 +-- internal/webhooks/azuremachine_webhook.go | 28 +-- .../webhooks/azuremachinetemplate_webhook.go | 21 +- .../webhooks/azuremanagedcluster_webhook.go | 13 +- .../azuremanagedclustertemplate_webhook.go | 13 +- .../azuremanagedcontrolplane_webhook.go | 30 +-- ...zuremanagedcontrolplanetemplate_webhook.go | 29 +-- .../azuremanagedmachinepool_webhook.go | 33 +-- ...azuremanagedmachinepooltemplate_webhook.go | 33 +-- test/e2e/capi_test.go | 4 +- test/e2e/config/azure-dev.yaml | 35 +++ .../kcp-taints.yaml | 15 ++ .../kustomization.yaml | 1 + test/e2e/data/shared/v1beta1/metadata.yaml | 3 + 52 files changed, 406 insertions(+), 654 deletions(-) create mode 100644 test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml diff --git a/.golangci.yml b/.golangci.yml index 975c000bce6..faf8d93f29d 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -160,7 +160,7 @@ linters: - jsontags # Ensures proper JSON tag formatting - nofloats # Prevents float type usage - nomaps # Restricts map usage - - nonullable # Prevents usage of the nullable marker + - nonullable # Prevents usage of the nullable marker - nophase # Prevents Phase field usage - notimestamp # Prevents TimeStamp field usage lintersConfig: {} @@ -340,6 +340,10 @@ linters: - staticcheck path: .*\.go$ text: 'SA1019: "sigs.k8s.io/cluster-api/util/deprecated/.*" is deprecated: This package is deprecated and is going to be removed when support for v1beta1 will be dropped.' + # Ignore GetEventRecorderFor deprecation (CAPI itself still uses it). + - linters: + - staticcheck + text: 'SA1019: (env|mgr|testEnv).GetEventRecorderFor is deprecated' # Ignore CAPZ v1beta1 deprecations (SharedGallery, VMState) still used for backward compatibility. - linters: - staticcheck diff --git a/Makefile b/Makefile index 316abed384a..7d8de703e40 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ export GOTOOLCHAIN export GO111MODULE=on # Kubebuilder. -export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.34.0 +export KUBEBUILDER_ENVTEST_KUBERNETES_VERSION ?= 1.35.0 export KUBEBUILDER_CONTROLPLANE_START_TIMEOUT ?= 60s export KUBEBUILDER_CONTROLPLANE_STOP_TIMEOUT ?= 60s @@ -74,11 +74,11 @@ ifneq ($(abspath $(ROOT_DIR)),$(GOPATH)/src/sigs.k8s.io/cluster-api-provider-azu endif # Binaries. -CONTROLLER_GEN_VER := v0.19.0 +CONTROLLER_GEN_VER := v0.20.0 CONTROLLER_GEN_BIN := controller-gen CONTROLLER_GEN := $(TOOLS_BIN_DIR)/$(CONTROLLER_GEN_BIN)-$(CONTROLLER_GEN_VER) -CONVERSION_GEN_VER := v0.34.0 +CONVERSION_GEN_VER := v0.35.0 CONVERSION_GEN_BIN := conversion-gen CONVERSION_GEN := $(TOOLS_BIN_DIR)/$(CONVERSION_GEN_BIN)-$(CONVERSION_GEN_VER) @@ -116,7 +116,7 @@ RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER) TRIVY_VER := 0.69.2 -KPROMO_VER := v4.0.5 +KPROMO_VER := 5ab0dbc74b0228c22a93d240596dff77464aee8f KPROMO_BIN := kpromo KPROMO := $(TOOLS_BIN_DIR)/$(KPROMO_BIN)-$(KPROMO_VER) @@ -149,7 +149,7 @@ CODESPELL_BIN := codespell CODESPELL_DIST_DIR := codespell_dist CODESPELL := $(TOOLS_BIN_DIR)/$(CODESPELL_DIST_DIR)/$(CODESPELL_BIN) -SETUP_ENVTEST_VER := release-0.22 +SETUP_ENVTEST_VER := release-0.23 SETUP_ENVTEST_BIN := setup-envtest SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER)) SETUP_ENVTEST_PKG := sigs.k8s.io/controller-runtime/tools/setup-envtest @@ -365,7 +365,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create ./hack/create-custom-cloud-provider-config.sh # Deploy CAPI - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAAPH timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" @@ -394,14 +394,6 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create # Wait for CAPZ deployments $(KUBECTL) wait --for=condition=Available --timeout=5m -n capz-system deployment --all - # This is a temporary fix to apply https://github.com/kubernetes-sigs/cluster-api/pull/13177 which stops setting - # ControlPlaneKubeletLocalMode for K8s v1.36+ clusters. - # Override kubeadm control plane controller image on the management cluster (temporary fix) - # Remove this when CAPI_VERSION above is update to v1.12.3 OR GREATER - timeout --foreground 300 bash -c "until $(KUBECTL) -n capi-kubeadm-control-plane-system get deployment/capi-kubeadm-control-plane-controller-manager > /dev/null 2>&1; do sleep 3; done" - $(KUBECTL) -n capi-kubeadm-control-plane-system set image deployment/capi-kubeadm-control-plane-controller-manager manager="gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:v20260109-v1.12.0-rc.0-186-ga64cfe0cc" - $(KUBECTL) -n capi-kubeadm-control-plane-system rollout status deployment/capi-kubeadm-control-plane-controller-manager --timeout=5m - # required sleep for when creating management and workload cluster simultaneously # Wait for the core CRD resources to be "installed" onto the mgmt cluster before returning control timeout --foreground 300 bash -c "until $(KUBECTL) get clusters -A; do sleep 3; done" diff --git a/Tiltfile b/Tiltfile index ae59212aa12..0fc5df395fb 100644 --- a/Tiltfile +++ b/Tiltfile @@ -22,7 +22,7 @@ settings = { "deploy_cert_manager": True, "preload_images_for_kind": True, "kind_cluster_name": "capz", - "capi_version": "v1.12.4", + "capi_version": "v1.13.0-rc.0", "caaph_version": "v0.6.2", "cert_manager_version": "v1.19.1", "kubernetes_version": "v1.33.6", diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml index f59a1dcbcba..0d42be1a6f3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml index 06329f87304..868a26fa32d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml index 2adab5924f8..38181ff619d 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedcontrolplanes.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml index 01646cf9acc..de6de95d7cf 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedcontrolplanetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml index 5a8eed710a8..856061a9ed3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedmachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml index 8c904d270ff..50317e61e93 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureasomanagedmachinepooltemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureasomanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml index 11bdf91bcf8..06d441d0ae3 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusteridentities.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclusteridentities.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml index 35aa2c50612..e42c11a7ad9 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml index 73bc4c0937d..9301cac5d0c 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azureclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml index e139585838f..57717d1a289 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepoolmachines.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinepoolmachines.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml index 0fabc3a2e1b..73bda3792ac 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml index a6e2f806590..95f9091a2a6 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachines.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachines.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml index f386e8e5565..43114f42036 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremachinetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremachinetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml index 8ebd036b496..581d2ea69cd 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclusters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedclusters.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml index bd4021fad6c..83a7532bc34 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedclustertemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedclustertemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml index aeb28ffdf17..52a6a235a09 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml index 4bd503e2b77..61580515f94 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedcontrolplanetemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedcontrolplanetemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml index 9468624fca2..08efd5ec9c4 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepools.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedmachinepools.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml index 111e9e90545..16cfd6993cb 100644 --- a/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_azuremanagedmachinepooltemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.19.0 + controller-gen.kubebuilder.io/version: v0.20.0 name: azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io spec: group: infrastructure.cluster.x-k8s.io diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 0a5a6197916..61947ed2d4d 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -11,9 +11,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster failurePolicy: Fail - name: default.azuremachinepool.infrastructure.cluster.x-k8s.io + matchPolicy: Equivalent + name: default.azurecluster.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -23,7 +24,7 @@ webhooks: - CREATE - UPDATE resources: - - azuremachinepools + - azureclusters sideEffects: None - admissionReviewVersions: - v1 @@ -32,10 +33,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azurecluster + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate failurePolicy: Fail matchPolicy: Equivalent - name: default.azurecluster.infrastructure.cluster.x-k8s.io + name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -45,7 +46,7 @@ webhooks: - CREATE - UPDATE resources: - - azureclusters + - azureclustertemplates sideEffects: None - admissionReviewVersions: - v1 @@ -54,10 +55,10 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azureclustertemplate + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine failurePolicy: Fail matchPolicy: Equivalent - name: default.azureclustertemplate.infrastructure.cluster.x-k8s.io + name: default.azuremachine.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -67,7 +68,7 @@ webhooks: - CREATE - UPDATE resources: - - azureclustertemplates + - azuremachines sideEffects: None - admissionReviewVersions: - v1 @@ -76,10 +77,9 @@ webhooks: service: name: webhook-service namespace: system - path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachine + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool failurePolicy: Fail - matchPolicy: Equivalent - name: default.azuremachine.infrastructure.cluster.x-k8s.io + name: default.azuremachinepool.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io @@ -89,7 +89,7 @@ webhooks: - CREATE - UPDATE resources: - - azuremachines + - azuremachinepools sideEffects: None - admissionReviewVersions: - v1 @@ -225,27 +225,6 @@ webhooks: resources: - azuremachinepoolmachines sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool - failurePolicy: Fail - name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io - rules: - - apiGroups: - - infrastructure.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - azuremachinepools - sideEffects: None - admissionReviewVersions: - v1 - v1beta1 @@ -394,6 +373,27 @@ webhooks: resources: - azuremachines sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool + failurePolicy: Fail + name: validation.azuremachinepool.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - azuremachinepools + sideEffects: None - admissionReviewVersions: - v1 - v1beta1 diff --git a/controllers/azureasomanagedcontrolplane_controller.go b/controllers/azureasomanagedcontrolplane_controller.go index 868bb7dff57..3072af2ca07 100644 --- a/controllers/azureasomanagedcontrolplane_controller.go +++ b/controllers/azureasomanagedcontrolplane_controller.go @@ -28,6 +28,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + apimachineryruntime "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/tools/clientcmd" "k8s.io/utils/ptr" clusterv1beta1 "sigs.k8s.io/cluster-api/api/core/v1beta1" @@ -346,7 +347,11 @@ func (r *AzureASOManagedControlPlaneReconciler) reconcileKubeconfig(ctx context. }, } - err = r.Patch(ctx, expectedSecret, client.Apply, client.FieldOwner("capz-manager"), client.ForceOwnership) + unstructuredMap, err := apimachineryruntime.DefaultUnstructuredConverter.ToUnstructured(expectedSecret) + if err != nil { + return nil, err + } + err = r.Apply(ctx, client.ApplyConfigurationFromUnstructured(&unstructured.Unstructured{Object: unstructuredMap}), client.FieldOwner("capz-manager"), client.ForceOwnership) if err != nil { return nil, err } diff --git a/controllers/azureasomanagedcontrolplane_controller_test.go b/controllers/azureasomanagedcontrolplane_controller_test.go index a3530acf752..5b8e35f0033 100644 --- a/controllers/azureasomanagedcontrolplane_controller_test.go +++ b/controllers/azureasomanagedcontrolplane_controller_test.go @@ -309,9 +309,12 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { r := &AzureASOManagedControlPlaneReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfig := obj.(*corev1.Secret) - g.Expect(kubeconfig.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) + applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { + data, err := json.Marshal(obj) + g.Expect(err).NotTo(HaveOccurred()) + kubeconfigSecret := &corev1.Secret{} + g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) kubeConfigPatched = true return nil }, @@ -435,11 +438,11 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { r := &AzureASOManagedControlPlaneReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfigSecret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } + applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { + data, err := json.Marshal(obj) + g.Expect(err).NotTo(HaveOccurred()) + kubeconfigSecret := &corev1.Secret{} + g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) kubeConfigPatched = true @@ -574,11 +577,11 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { r := &AzureASOManagedControlPlaneReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(_ context.Context, obj client.Object, _ client.Patch, _ ...client.PatchOption) error { - kubeconfigSecret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } + applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { + data, err := json.Marshal(obj) + g.Expect(err).NotTo(HaveOccurred()) + kubeconfigSecret := &corev1.Secret{} + g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) kubeConfigPatched = true diff --git a/controllers/resource_reconciler.go b/controllers/resource_reconciler.go index 85d458e21ca..2a2dc47feab 100644 --- a/controllers/resource_reconciler.go +++ b/controllers/resource_reconciler.go @@ -103,7 +103,7 @@ func (r *ResourceReconciler) Pause(ctx context.Context) error { spec.SetNamespace(r.owner.GetNamespace()) gvk := spec.GroupVersionKind() log.V(4).Info("pausing resource", "resource", klog.KObj(spec), "resourceVersion", gvk.GroupVersion(), "resourceKind", gvk.Kind) - err := r.Patch(ctx, spec, client.Apply, client.FieldOwner("capz-manager")) + err := r.Apply(ctx, client.ApplyConfigurationFromUnstructured(spec), client.FieldOwner("capz-manager")) if client.IgnoreNotFound(err) != nil { return fmt.Errorf("failed to patch resource: %w", err) } @@ -157,7 +157,7 @@ func (r *ResourceReconciler) reconcile(ctx context.Context) error { gvk := spec.GroupVersionKind() log.V(4).Info("applying resource", "resource", klog.KObj(spec), "resourceVersion", gvk.GroupVersion(), "resourceKind", gvk.Kind) - err := r.Patch(ctx, spec, client.Apply, client.FieldOwner("capz-manager"), client.ForceOwnership) + err := r.Apply(ctx, client.ApplyConfigurationFromUnstructured(spec), client.FieldOwner("capz-manager"), client.ForceOwnership) if err != nil { return fmt.Errorf("failed to apply resource: %w", err) } diff --git a/controllers/resource_reconciler_test.go b/controllers/resource_reconciler_test.go index a8cbcd670ee..ffb79e7e21c 100644 --- a/controllers/resource_reconciler_test.go +++ b/controllers/resource_reconciler_test.go @@ -45,6 +45,7 @@ type FakeClient struct { // server-side apply, so we make our own dollar store version: // https://github.com/kubernetes-sigs/controller-runtime/issues/2341 patchFunc func(context.Context, client.Object, client.Patch, ...client.PatchOption) error + applyFunc func(context.Context, runtime.ApplyConfiguration, ...client.ApplyOption) error } func (c *FakeClient) Patch(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error { @@ -54,6 +55,13 @@ func (c *FakeClient) Patch(ctx context.Context, obj client.Object, patch client. return c.patchFunc(ctx, obj, patch, opts...) } +func (c *FakeClient) Apply(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { + if c.applyFunc == nil { + return c.Client.Apply(ctx, obj, opts...) + } + return c.applyFunc(ctx, obj, opts...) +} + type FakeWatcher struct { watching map[string]struct{} } @@ -106,7 +114,8 @@ func TestResourceReconcilerReconcile(t *testing.T) { r := &ResourceReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { + applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { + o := obj.(client.Object) g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) delete(unpatchedRGs, o.GetName()) return nil @@ -164,7 +173,8 @@ func TestResourceReconcilerReconcile(t *testing.T) { r := &ResourceReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { + applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { + o := obj.(client.Object) g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) delete(unpatchedRGs, o.GetName()) return nil @@ -277,7 +287,7 @@ func TestResourceReconcilerReconcile(t *testing.T) { r := &ResourceReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { + applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { return nil }, }, @@ -399,7 +409,8 @@ func TestResourceReconcilerPause(t *testing.T) { r := &ResourceReconciler{ Client: &FakeClient{ Client: c, - patchFunc: func(ctx context.Context, o client.Object, p client.Patch, po ...client.PatchOption) error { + applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { + o := obj.(client.Object) g.Expect(o.GetAnnotations()).To(HaveKeyWithValue(annotations.ReconcilePolicy, string(annotations.ReconcilePolicySkip))) if err := c.Get(ctx, client.ObjectKeyFromObject(o), &asoresourcesv1.ResourceGroup{}); err != nil { // propagate errors like "NotFound" diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/exp/api/v1beta1/azuremachinepool_webhook.go index abd3d335dce..f444ff09372 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/exp/api/v1beta1/azuremachinepool_webhook.go @@ -24,7 +24,6 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" "github.com/blang/semver" "github.com/pkg/errors" - apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/intstr" @@ -41,8 +40,7 @@ import ( // SetupAzureMachinePoolWebhookWithManager sets up and registers the webhook with the manager. func SetupAzureMachinePoolWebhookWithManager(mgr ctrl.Manager) error { ampw := &azureMachinePoolWebhook{Client: mgr.GetClient()} - return ctrl.NewWebhookManagedBy(mgr). - For(&AzureMachinePool{}). + return ctrl.NewWebhookManagedBy(mgr, &AzureMachinePool{}). WithDefaulter(ampw). WithValidator(ampw). Complete() @@ -56,37 +54,24 @@ type azureMachinePoolWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) Default(_ context.Context, obj runtime.Object) error { - amp, ok := obj.(*AzureMachinePool) - if !ok { - return apierrors.NewBadRequest("expected an AzureMachinePool") - } +func (ampw *azureMachinePoolWebhook) Default(_ context.Context, amp *AzureMachinePool) error { return amp.SetDefaults(ampw.Client) } // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,versions=v1beta1,name=validation.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - amp, ok := obj.(*AzureMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachinePool") - } - +func (ampw *azureMachinePoolWebhook) ValidateCreate(_ context.Context, amp *AzureMachinePool) (admission.Warnings, error) { return nil, amp.Validate(nil, ampw.Client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - amp, ok := newObj.(*AzureMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachinePool") - } +func (ampw *azureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, amp *AzureMachinePool) (admission.Warnings, error) { return nil, amp.Validate(oldObj, ampw.Client) } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *azureMachinePoolWebhook) ValidateDelete(_ context.Context, _ *AzureMachinePool) (admission.Warnings, error) { return nil, nil } diff --git a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go b/exp/api/v1beta1/azuremachinepoolmachine_webhook.go index a294c788005..9ce6f003f14 100644 --- a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go +++ b/exp/api/v1beta1/azuremachinepoolmachine_webhook.go @@ -18,20 +18,16 @@ package v1beta1 import ( "context" - "fmt" "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampm *AzureMachinePoolMachine) SetupWebhookWithManager(mgr ctrl.Manager) error { w := new(azureMachinePoolMachineWebhook) - return ctrl.NewWebhookManagedBy(mgr). - For(ampm). + return ctrl.NewWebhookManagedBy(mgr, ampm). WithValidator(w). Complete() } @@ -40,25 +36,15 @@ func (ampm *AzureMachinePoolMachine) SetupWebhookWithManager(mgr ctrl.Manager) e type azureMachinePoolMachineWebhook struct{} -var _ webhook.CustomValidator = &azureMachinePoolMachineWebhook{} +var _ admission.Validator[*AzureMachinePoolMachine] = &azureMachinePoolMachineWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*azureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ *AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - ampm, ok := newObj.(*AzureMachinePoolMachine) - if !ok { - return nil, fmt.Errorf("expected an AzureMachinePoolMachine object but got %T", ampm) - } - - oldMachine, ok := oldObj.(*AzureMachinePoolMachine) - if !ok { - return nil, errors.New("expected and AzureMachinePoolMachine") - } - +func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldMachine, ampm *AzureMachinePoolMachine) (admission.Warnings, error) { if oldMachine.Spec.ProviderID != "" && ampm.Spec.ProviderID != oldMachine.Spec.ProviderID { return nil, errors.New("providerID is immutable") } @@ -67,6 +53,6 @@ func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldObj, } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*azureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ *AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } diff --git a/go.mod b/go.mod index 58781a95c39..13d461810cd 100644 --- a/go.mod +++ b/go.mod @@ -4,13 +4,6 @@ go 1.25.0 toolchain go1.25.9 -// Workaround for prometheus/common v0.66.0+ breaking change that causes panic -// in cluster-api test framework's TextParser usage. Pin prometheus dependencies -// to versions compatible with otel/exporters/prometheus v0.59.1. -// See: https://github.com/prometheus/common/releases/tag/v0.66.0 -// Remove this once cluster-api/test is updated to use NewTextParser(). -replace github.com/prometheus/otlptranslator => github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f - require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 @@ -43,8 +36,8 @@ require ( github.com/prometheus/client_golang v1.23.2 github.com/spf13/pflag v1.0.10 go.opentelemetry.io/otel v1.43.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 - go.opentelemetry.io/otel/exporters/prometheus v0.59.1 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 + go.opentelemetry.io/otel/exporters/prometheus v0.65.0 go.opentelemetry.io/otel/sdk v1.43.0 go.opentelemetry.io/otel/sdk/metric v1.43.0 go.opentelemetry.io/otel/trace v1.43.0 @@ -54,18 +47,18 @@ require ( golang.org/x/mod v0.34.0 golang.org/x/text v0.35.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.34.3 - k8s.io/apimachinery v0.34.3 - k8s.io/client-go v0.34.3 - k8s.io/cluster-bootstrap v0.34.2 - k8s.io/component-base v0.34.3 + k8s.io/api v0.35.3 + k8s.io/apimachinery v0.35.3 + k8s.io/client-go v0.35.3 + k8s.io/cluster-bootstrap v0.35.3 + k8s.io/component-base v0.35.3 k8s.io/klog/v2 v2.130.1 k8s.io/kubectl v0.34.2 - k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/cloud-provider-azure v1.34.3 - sigs.k8s.io/cluster-api v1.12.4 - sigs.k8s.io/cluster-api/test v1.12.4 - sigs.k8s.io/controller-runtime v0.22.5 + sigs.k8s.io/cluster-api v1.13.0-rc.0 + sigs.k8s.io/cluster-api/test v1.13.0-rc.0 + sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/kind v0.31.0 ) @@ -89,9 +82,8 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.4.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect - github.com/Microsoft/go-winio v0.5.0 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/adrg/xdg v0.5.3 // indirect github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/benbjohnson/clock v1.3.5 // indirect @@ -99,18 +91,16 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/cloudflare/circl v1.6.3 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/docker v28.5.2+incompatible // indirect github.com/docker/go-connections v0.6.0 // indirect - github.com/docker/go-units v0.4.0 // indirect + github.com/docker/go-units v0.5.0 // indirect github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fatih/color v1.18.0 // indirect + github.com/fatih/color v1.19.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect @@ -122,16 +112,14 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.3.0 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/cel-go v0.26.1 // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/go-github/v53 v53.2.0 // indirect - github.com/google/go-querystring v1.1.0 // indirect + github.com/google/go-github/v82 v82.0.0 // indirect + github.com/google/go-querystring v1.2.0 // indirect github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect - github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -150,8 +138,9 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/moby/api v1.54.1 // indirect + github.com/moby/moby/client v0.4.0 // indirect github.com/moby/spdystream v0.5.0 // indirect - github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -163,7 +152,7 @@ require ( github.com/olekukonko/ll v0.1.1 // indirect github.com/olekukonko/tablewriter v1.0.9 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.2 // indirect + github.com/opencontainers/image-spec v1.1.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.2.4 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -181,22 +170,22 @@ require ( github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect github.com/spf13/afero v1.15.0 // indirect github.com/spf13/cast v1.10.0 // indirect - github.com/spf13/cobra v1.10.1 // indirect + github.com/spf13/cobra v1.10.2 // indirect github.com/spf13/viper v1.21.0 // indirect github.com/stoewer/go-strcase v1.3.1 // indirect github.com/subosito/gotenv v1.6.0 // indirect - github.com/valyala/fastjson v1.6.4 // indirect + github.com/valyala/fastjson v1.6.10 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect - go.opentelemetry.io/proto/otlp v1.10.0 // indirect + go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/net v0.52.0 // indirect - golang.org/x/oauth2 v0.35.0 // indirect + golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.42.0 // indirect golang.org/x/term v0.41.0 // indirect @@ -209,12 +198,12 @@ require ( google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/apiextensions-apiserver v0.34.3 // indirect - k8s.io/apiserver v0.34.3 // indirect + k8s.io/apiextensions-apiserver v0.35.3 // indirect + k8s.io/apiserver v0.35.3 // indirect k8s.io/cli-runtime v0.34.2 // indirect k8s.io/cloud-provider v0.34.0 // indirect k8s.io/component-helpers v0.34.2 // indirect - k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 // indirect sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 // indirect @@ -222,6 +211,6 @@ require ( sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index 8d93563af73..8cadf11a92d 100644 --- a/go.sum +++ b/go.sum @@ -117,12 +117,10 @@ github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1 github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= -github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU= -github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= github.com/adrg/xdg v0.5.3 h1:xRnxJXne7+oWDatRhR1JLnvuccuIeCoBu2rtuLqQB78= github.com/adrg/xdg v0.5.3/go.mod h1:nlTsY+NNiCBGCK2tpm09vRqfVzrc2fLmXGpBLF0zlTQ= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= @@ -139,32 +137,26 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM= github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8= -github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.30 h1:ljZNPGgna+4yKv81gfkvkgLEWdtz0NjBR1glaiPI140= -github.com/coredns/corefile-migration v1.0.30/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= +github.com/coredns/corefile-migration v1.0.31 h1:f7WGhY8M2Jn8P2dVO0p7wSQ1QKsMARl6WEyUjCb/V38= +github.com/coredns/corefile-migration v1.0.31/go.mod h1:56DPqONc3njpVPsdilEnfijCwNGC3/kTJLl7i7SPavY= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= github.com/coreos/go-systemd/v22 v22.6.0 h1:aGVa/v8B7hpb0TKl0MWoAavPDmHvobFe5R5zn0bCJWo= github.com/coreos/go-systemd/v22 v22.6.0/go.mod h1:iG+pp635Fo7ZmV/j14KUcmEyWF+0X7Lua8rrTWzYgWU= github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= -github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s= +github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -173,12 +165,10 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM= -github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= -github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= -github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= +github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 h1:7QPwrLT79GlD5sizHf27aoY2RTvw62mO6x7mxkScNk0= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46/go.mod h1:esf2rsHFNlZlxsqsZDojNBcnNs5REqIvRrWRHqX0vEU= github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= @@ -189,8 +179,8 @@ github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjT github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= -github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= -github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/fatih/color v1.19.0 h1:Zp3PiM21/9Ld6FzSKyL5c/BULoe/ONr9KlbYVOfG8+w= +github.com/fatih/color v1.19.0/go.mod h1:zNk67I0ZUT1bEGsSGyCZYZNrHuTkJJB+r6Q9VuMi0LE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -249,13 +239,13 @@ github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PU github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-github/v53 v53.2.0 h1:wvz3FyF53v4BK+AsnvCmeNhf8AkTaeh2SoYu/XUvTtI= -github.com/google/go-github/v53 v53.2.0/go.mod h1:XhFRObz+m/l+UCm9b7KSIC3lT3NWSXGt7mOsAWEloao= -github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= -github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= +github.com/google/go-github/v82 v82.0.0 h1:OH09ESON2QwKCUVMYmMcVu1IFKFoaZHwqYaUtr/MVfk= +github.com/google/go-github/v82 v82.0.0/go.mod h1:hQ6Xo0VKfL8RZ7z1hSfB4fvISg0QqHOqe9BP0qo+WvM= +github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= +github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -267,8 +257,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc h1:GN2Lv3MGO7AS6PrRoT6yV5+wkrOpcszoIsO4+4ds248= -github.com/grafana/regexp v0.0.0-20240518133315-a468a5bfb3bc/go.mod h1:+JKpmjMGhpgPL+rXZ5nsZieVzvarn86asRlBg4uNGnk= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= @@ -305,8 +293,6 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/keybase/go-keychain v0.0.1 h1:way+bWYa6lDppZoZcgMbYsvC7GxljxrskdNInRtuthU= github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo= github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ= github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= @@ -343,12 +329,12 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4= +github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw= +github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g= github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= -github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= -github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= -github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= -github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -359,8 +345,6 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0= github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= -github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= -github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= @@ -379,8 +363,8 @@ github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= -github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= +github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4= @@ -402,8 +386,8 @@ github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNw github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= github.com/prometheus/common v0.67.5 h1:pIgK94WWlQt1WLwAC5j2ynLaBRDiinoAb86HZHTUGI4= github.com/prometheus/common v0.67.5/go.mod h1:SjE/0MzDEEAyrdr5Gqc6G+sXI67maCxzaT3A2+HqjUw= -github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f h1:QQB6SuvGZjK8kdc2YaLJpYhV8fxauOsjE6jgcL6YJ8Q= -github.com/prometheus/otlptranslator v0.0.0-20250717125610-8549f4ab4f8f/go.mod h1:P8AwMgdD7XEr6QRUJ2QWLpiAZTgTE2UYgjlu3svompI= +github.com/prometheus/otlptranslator v1.0.0 h1:s0LJW/iN9dkIH+EnhiD3BlkkP5QVIUVEoIwkU+A6qos= +github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVRBlPWtBNDb7kGR3uKM= github.com/prometheus/procfs v0.20.1 h1:XwbrGOIplXW/AU3YhIhLODXMJYyC1isLFfYCsTEycfc= github.com/prometheus/procfs v0.20.1/go.mod h1:o9EMBZGRyvDrSPH1RqdxhojkuXstoe4UlK79eF5TGGo= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -422,17 +406,14 @@ github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= -github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U= github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg= github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY= github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo= -github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s= -github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0= +github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU= +github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4= github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -445,7 +426,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -463,20 +443,18 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY= github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28= -github.com/valyala/fastjson v1.6.4 h1:uAUNq9Z6ymTgGhcm0UynUAB6tlbakBrz6CQFax3BXVQ= -github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY= +github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4= +github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.etcd.io/etcd/api/v3 v3.6.6 h1:mcaMp3+7JawWv69p6QShYWS8cIWUOl32bFLb6qf8pOQ= -go.etcd.io/etcd/api/v3 v3.6.6/go.mod h1:f/om26iXl2wSkcTA1zGQv8reJRSLVdoEBsi4JdfMrx4= -go.etcd.io/etcd/client/pkg/v3 v3.6.6 h1:uoqgzSOv2H9KlIF5O1Lsd8sW+eMLuV6wzE3q5GJGQNs= -go.etcd.io/etcd/client/pkg/v3 v3.6.6/go.mod h1:YngfUVmvsvOJ2rRgStIyHsKtOt9SZI2aBJrZiWJhCbI= -go.etcd.io/etcd/client/v3 v3.6.6 h1:G5z1wMf5B9SNexoxOHUGBaULurOZPIgGPsW6CN492ec= -go.etcd.io/etcd/client/v3 v3.6.6/go.mod h1:36Qv6baQ07znPR3+n7t+Rk5VHEzVYPvFfGmfF4wBHV8= +go.etcd.io/etcd/api/v3 v3.6.10 h1:jlwjtELjA8yi2VWpOFH+0w0lGr3K6mVDyn0RDB9aaAY= +go.etcd.io/etcd/api/v3 v3.6.10/go.mod h1:pdV4VeFmvhdNjB4LWRkC8ReLyRBAxUOze3GarMhE2sk= +go.etcd.io/etcd/client/pkg/v3 v3.6.10 h1:tBT7podcPhuVbCVkAEzx8bC5I+aqxfLwBN8/As1arrA= +go.etcd.io/etcd/client/pkg/v3 v3.6.10/go.mod h1:WEy3PpwbbEBVRdh1NVJYsuUe/8eyI21PNJRazeD8z/Y= +go.etcd.io/etcd/client/v3 v3.6.10 h1:J598zJ+C/ZPvImypmq5waj84+bovePrlZERHklf34y0= +go.etcd.io/etcd/client/v3 v3.6.10/go.mod h1:iHhUDUcEwaKs1YFq3MgmI9U4zhTVasp/vgdVbFf1RS8= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0 h1:XmiuHzgJt067+a6kwyAzkhXooYVv3/TOw9cM2VfJgUM= @@ -487,14 +465,12 @@ go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/jaeger v1.16.0 h1:YhxxmXZ011C0aDZKoNw+juVWAmEfv/0W2XBOv9aHTaA= go.opentelemetry.io/otel/exporters/jaeger v1.16.0/go.mod h1:grYbBo/5afWlPpdPZYhyn78Bk04hnvxn2+hvxQhKIQM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 h1:wVZXIWjQSeSmMoxF74LzAnpVQOAFDo3pPji9Y4SOFKc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0/go.mod h1:khvBS2IggMFNwZK/6lEeHg/W57h/IX6J4URh57fuI40= -go.opentelemetry.io/otel/exporters/prometheus v0.59.1 h1:HcpSkTkJbggT8bjYP+BjyqPWlD17BH9C5CYNKeDzmcA= -go.opentelemetry.io/otel/exporters/prometheus v0.59.1/go.mod h1:0FJL+gjuUoM07xzik3KPBaN+nz/CoB15kV6WLMiXZag= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0 h1:jOveH/b4lU9HT7y+Gfamf18BqlOuz2PWEvs8yM7Q6XE= +go.opentelemetry.io/otel/exporters/prometheus v0.65.0/go.mod h1:i1P8pcumauPtUI4YNopea1dhzEMuEqWP1xoUZDylLHo= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= @@ -503,8 +479,8 @@ go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfC go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= -go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= -go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= +go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= +go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= @@ -517,64 +493,31 @@ go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= -golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= -golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= +golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= @@ -601,36 +544,38 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -k8s.io/api v0.34.3 h1:D12sTP257/jSH2vHV2EDYrb16bS7ULlHpdNdNhEw2S4= -k8s.io/api v0.34.3/go.mod h1:PyVQBF886Q5RSQZOim7DybQjAbVs8g7gwJNhGtY5MBk= -k8s.io/apiextensions-apiserver v0.34.3 h1:p10fGlkDY09eWKOTeUSioxwLukJnm+KuDZdrW71y40g= -k8s.io/apiextensions-apiserver v0.34.3/go.mod h1:aujxvqGFRdb/cmXYfcRTeppN7S2XV/t7WMEc64zB5A0= -k8s.io/apimachinery v0.34.3 h1:/TB+SFEiQvN9HPldtlWOTp0hWbJ+fjU+wkxysf/aQnE= -k8s.io/apimachinery v0.34.3/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= -k8s.io/apiserver v0.34.3 h1:uGH1qpDvSiYG4HVFqc6A3L4CKiX+aBWDrrsxHYK0Bdo= -k8s.io/apiserver v0.34.3/go.mod h1:QPnnahMO5C2m3lm6fPW3+JmyQbvHZQ8uudAu/493P2w= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= +k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= +k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= +k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= +k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= +k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= +k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= +k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= +k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= -k8s.io/client-go v0.34.3 h1:wtYtpzy/OPNYf7WyNBTj3iUA0XaBHVqhv4Iv3tbrF5A= -k8s.io/client-go v0.34.3/go.mod h1:OxxeYagaP9Kdf78UrKLa3YZixMCfP6bgPwPwNBQBzpM= +k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= +k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= k8s.io/cloud-provider v0.34.0 h1:OgrNE+WSgfvDBQf6WS9qFM7Xr37bc0Og5kkL4hyWDmU= k8s.io/cloud-provider v0.34.0/go.mod h1:JbMa0t6JIGDMLI7Py6bdp9TN6cfuHrWGq+E/X+Ljkmo= -k8s.io/cluster-bootstrap v0.34.2 h1:oKckPeunVCns37BntcsxaOesDul32yzGd3DFLjW2fc8= -k8s.io/cluster-bootstrap v0.34.2/go.mod h1:f21byPR7X5nt12ivZi+J3pb4sG4SH6VySX8KAAJA8BY= -k8s.io/component-base v0.34.3 h1:zsEgw6ELqK0XncCQomgO9DpUIzlrYuZYA0Cgo+JWpVk= -k8s.io/component-base v0.34.3/go.mod h1:5iIlD8wPfWE/xSHTRfbjuvUul2WZbI2nOUK65XL0E/c= +k8s.io/cluster-bootstrap v0.35.3 h1:fDSLN5jLBX6SdEB3EOaOmVytfpLkhUzEpfdijRNkGPs= +k8s.io/cluster-bootstrap v0.35.3/go.mod h1:Sr0FYu1mGqLOrtrPBBh2U323YtTBiIo2oue4w2VvhHI= +k8s.io/component-base v0.35.3 h1:mbKbzoIMy7JDWS/wqZobYW1JDVRn/RKRaoMQHP9c4P0= +k8s.io/component-base v0.35.3/go.mod h1:IZ8LEG30kPN4Et5NeC7vjNv5aU73ku5MS15iZyvyMYk= k8s.io/component-helpers v0.34.2 h1:RIUGDdU+QFzeVKLZ9f05sXTNAtJrRJ3bnbMLrogCrvM= k8s.io/component-helpers v0.34.2/go.mod h1:pLi+GByuRTeFjjcezln8gHL7LcT6HImkwVQ3A2SQaEE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= -k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/kubectl v0.34.2 h1:+fWGrVlDONMUmmQLDaGkQ9i91oszjjRAa94cr37hzqA= k8s.io/kubectl v0.34.2/go.mod h1:X2KTOdtZZNrTWmUD4oHApJ836pevSl+zvC5sI6oO2YQ= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= -k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/cloud-provider-azure v1.34.3 h1:dk+siFumvax/D5UCDeK9565wSA2w4wKXAm8vSt6Ifuw= @@ -639,12 +584,12 @@ sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 h1:7vEaYwdsvOz1OBAtEm6vyc4K sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2/go.mod h1:BgPOvGEdPTyaIWREF7pywm6teBhO3fNVQ+CTPYyr/5w= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 h1:Sy+dyfxemdQaz/UfJYWzALlbLdEaZ7IoKn93JXTqWYs= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4/go.mod h1:RgIi9n/PhULbvPjYZGsjP2zWJf1ZEd1qyA0CYUuSgcE= -sigs.k8s.io/cluster-api v1.12.4 h1:usvoZ+Nblfu//l31hm1B1WUdigb6OnGAJqwt8qWq/iA= -sigs.k8s.io/cluster-api v1.12.4/go.mod h1:ePDeVCVaW6SGxRgDeLt5+KK4TigEnF0LPV6ztEzRzlI= -sigs.k8s.io/cluster-api/test v1.12.4 h1:I1x28SO54mAv3hk/ZQFKr7PKyAviAfil2YpdD9g2OeQ= -sigs.k8s.io/cluster-api/test v1.12.4/go.mod h1:+3Xo0ZughngvRVKKYyq6oL7qgRp9Sdl/6qQ+lkoO6ME= -sigs.k8s.io/controller-runtime v0.22.5 h1:v3nfSUMowX/2WMp27J9slwGFyAt7IV0YwBxAkrUr0GE= -sigs.k8s.io/controller-runtime v0.22.5/go.mod h1:pc5SoYWnWI6I+cBHYYdZ7B6YHZVY5xNfll88JB+vniI= +sigs.k8s.io/cluster-api v1.13.0-rc.0 h1:1RArWJbP1L8ijvM16mofaNsfZiR97WND/tlO2AuZKy0= +sigs.k8s.io/cluster-api v1.13.0-rc.0/go.mod h1:2ztlMTMi6WwMR/6jriSCpF+Vswr652JB1veFMpbh4Lc= +sigs.k8s.io/cluster-api/test v1.13.0-rc.0 h1:BEvd9QM7cVqZfVMqUd0bC+tEl4lH8uNIdikuuPmCYck= +sigs.k8s.io/cluster-api/test v1.13.0-rc.0/go.mod h1:c3ORkUhDgVORVPCbhO68DiG2Wfb/yxy+XAMZp+jFR0s= +sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= +sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/kind v0.31.0 h1:UcT4nzm+YM7YEbqiAKECk+b6dsvc/HRZZu9U0FolL1g= @@ -655,7 +600,7 @@ sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index c180cbb73ad..5804f9f8bfd 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -4,33 +4,31 @@ go 1.25.0 toolchain go1.25.9 -require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20251125201037-d322ff6baa2f +require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12 require ( - github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-logr/logr v1.4.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/pkg/errors v0.9.1 // indirect github.com/x448/float16 v0.8.4 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect - golang.org/x/mod v0.29.0 // indirect - golang.org/x/net v0.47.0 // indirect - golang.org/x/sync v0.18.0 // indirect - golang.org/x/text v0.31.0 // indirect - golang.org/x/tools v0.38.0 // indirect - golang.org/x/tools/go/expect v0.1.1-deprecated // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect + golang.org/x/mod v0.33.0 // indirect + golang.org/x/net v0.52.0 // indirect + golang.org/x/sync v0.20.0 // indirect + golang.org/x/text v0.35.0 // indirect + golang.org/x/tools v0.42.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/apiextensions-apiserver v0.33.3 // indirect - k8s.io/apimachinery v0.33.3 // indirect + k8s.io/apiextensions-apiserver v0.35.3 // indirect + k8s.io/apimachinery v0.35.3 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect - sigs.k8s.io/controller-tools v0.18.0 // indirect - sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect + sigs.k8s.io/controller-tools v0.20.1 // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect - sigs.k8s.io/yaml v1.6.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect ) diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 714db0179f9..87c9aa2023f 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -2,22 +2,17 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= -github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= -github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= -github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= +github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -26,71 +21,48 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFdJifH4BDsTlE89Zl93FEloxaWZfGcifgq8= +github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/gomega v1.38.0 h1:c/WX+w8SLAinvuKKQFh77WEucCnPk4j2OTUr7lt7BeY= -github.com/onsi/gomega v1.38.0/go.mod h1:OcXcwId0b9QsE7Y49u+BTrL4IdKOBOKnD6VQNTJEB6o= +github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= +github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/spf13/pflag v1.0.7 h1:vN6T9TfwStFPFM5XzjsvmzZkLuaLX+HS+0SeFLRgU6M= -github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= +github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= -golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY= -golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I= -golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc= -golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM= -golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= -golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= +go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= +go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= +golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= +golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= +golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= +golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -100,25 +72,25 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apiextensions-apiserver v0.33.3 h1:qmOcAHN6DjfD0v9kxL5udB27SRP6SG/MTopmge3MwEs= -k8s.io/apiextensions-apiserver v0.33.3/go.mod h1:oROuctgo27mUsyp9+Obahos6CWcMISSAPzQ77CAQGz8= -k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA= -k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM= +k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= +k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= +k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= +k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= -k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20251125201037-d322ff6baa2f h1:kI3BCstl9FATm2vjFOlGPulMpSeuQYAprimUKeMSwXY= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20251125201037-d322ff6baa2f/go.mod h1:pbF6Kyjc/24VXLm2g37xe3WH9HKq/wef3bS5TloRbDc= -sigs.k8s.io/controller-tools v0.18.0 h1:rGxGZCZTV2wJreeRgqVoWab/mfcumTMmSwKzoM9xrsE= -sigs.k8s.io/controller-tools v0.18.0/go.mod h1:gLKoiGBriyNh+x1rWtUQnakUYEujErjXs9pf+x/8n1U= -sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= -sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= -sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12 h1:BrkeMi8syvDj8TG+5zvLIWs9LnO+l0kcHTiX5jxG0tY= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12/go.mod h1:VnBRwS02oswO6mRNWuSqF80G8vDY7RfHxQPnCPWqDQg= +sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs= +sigs.k8s.io/controller-tools v0.20.1/go.mod h1:b4qPmjGU3iZwqn34alUU5tILhNa9+VXK+J3QV0fT/uU= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc= -sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps= -sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/internal/webhooks/azureasomanagedcluster_webhook.go b/internal/webhooks/azureasomanagedcluster_webhook.go index 3c942e0f1fe..10ec4c128be 100644 --- a/internal/webhooks/azureasomanagedcluster_webhook.go +++ b/internal/webhooks/azureasomanagedcluster_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedCluster{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedClusterWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedcluster,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedclusters,versions=v1beta1,name=validation.azureasomanagedcluster.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedCluster) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedCluster") - } +func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedClusterWebhook) ValidateCreate(_ context.Context, obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureasomanagedcontrolplane_webhook.go b/internal/webhooks/azureasomanagedcontrolplane_webhook.go index 53fa5bf5aaa..49a35ae551b 100644 --- a/internal/webhooks/azureasomanagedcontrolplane_webhook.go +++ b/internal/webhooks/azureasomanagedcontrolplane_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedControlPlaneWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedControlPlane{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedControlPlane{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedControlPlaneWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedcontrolplane,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedcontrolplanes,versions=v1beta1,name=validation.azureasomanagedcontrolplane.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedControlPlane") - } +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedControlPlaneWebhook) ValidateCreate(_ context.Context } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedControlPlane) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureasomanagedmachinepool_webhook.go b/internal/webhooks/azureasomanagedmachinepool_webhook.go index b94329f0fdd..6a529efd034 100644 --- a/internal/webhooks/azureasomanagedmachinepool_webhook.go +++ b/internal/webhooks/azureasomanagedmachinepool_webhook.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -32,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (ampw *AzureASOManagedMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureASOManagedMachinePool{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureASOManagedMachinePool{}). WithValidator(ampw). Complete() } @@ -45,11 +42,7 @@ type AzureASOManagedMachinePoolWebhook struct { // +kubebuilder:webhook:verbs=create,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azureasomanagedmachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azureasomanagedmachinepools,versions=v1beta1,name=validation.azureasomanagedmachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - _, ok := obj.(*infrav1.AzureASOManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureASOManagedMachinePool") - } +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { if !feature.Gates.Enabled(feature.ASOAPI) { return nil, field.Forbidden( field.NewPath("spec"), @@ -60,11 +53,11 @@ func (ampw *AzureASOManagedMachinePoolWebhook) ValidateCreate(_ context.Context, } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *AzureASOManagedMachinePoolWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (ampw *AzureASOManagedMachinePoolWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureASOManagedMachinePool) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azurecluster_webhook.go b/internal/webhooks/azurecluster_webhook.go index 14eaf359c75..16c47c6cfc6 100644 --- a/internal/webhooks/azurecluster_webhook.go +++ b/internal/webhooks/azurecluster_webhook.go @@ -18,14 +18,11 @@ package webhooks import ( "context" - "fmt" "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -35,8 +32,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureCluster{}). WithValidator(w). WithDefaulter(w). Complete() @@ -48,39 +44,23 @@ func (w *AzureClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { // AzureClusterWebhook implements validating and mutating webhook for AzureCluster. type AzureClusterWebhook struct{} -var _ webhook.CustomValidator = &AzureClusterWebhook{} -var _ webhook.CustomDefaulter = &AzureClusterWebhook{} +var _ admission.Validator[*infrav1.AzureCluster] = &AzureClusterWebhook{} +var _ admission.Defaulter[*infrav1.AzureCluster] = &AzureClusterWebhook{} // Default implements webhook.CustomDefaulter so a webhook will be registered for the type. -func (*AzureClusterWebhook) Default(_ context.Context, obj runtime.Object) error { - c, ok := obj.(*infrav1.AzureCluster) - if !ok { - return fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) Default(_ context.Context, c *infrav1.AzureCluster) error { apiinternal.SetDefaultsAzureCluster(c) return nil } // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureCluster) - if !ok { - return nil, fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureCluster) (admission.Warnings, error) { return validateAzureCluster(c, nil) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureCluster) - if !ok { - return nil, fmt.Errorf("expected an AzureCluster object but got %T", c) - } - +func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureCluster) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureCluster) if err := webhookutils.ValidateImmutable( field.NewPath("spec", "resourceGroup"), @@ -180,6 +160,6 @@ func (*AzureClusterWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj run } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureclusteridentity_webhook.go b/internal/webhooks/azureclusteridentity_webhook.go index aa496d50a1c..45703622cbb 100644 --- a/internal/webhooks/azureclusteridentity_webhook.go +++ b/internal/webhooks/azureclusteridentity_webhook.go @@ -18,13 +18,10 @@ package webhooks import ( "context" - "fmt" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -33,8 +30,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureClusterIdentityWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureClusterIdentity{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureClusterIdentity{}). WithValidator(w). Complete() } @@ -44,27 +40,16 @@ func (w *AzureClusterIdentityWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureClusterIdentityWebhook implements a validating webhook for AzureClusterIdentity. type AzureClusterIdentityWebhook struct{} -var _ webhook.CustomValidator = &AzureClusterIdentityWebhook{} +var _ admission.Validator[*infrav1.AzureClusterIdentity] = &AzureClusterIdentityWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureClusterIdentity) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterIdentity object but got %T", c) - } - +func (*AzureClusterIdentityWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureClusterIdentity) (admission.Warnings, error) { return validateAzureClusterIdentity(c) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureClusterIdentity) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterIdentity object but got %T", c) - } - +func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureClusterIdentity) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureClusterIdentity) if err := webhookutils.ValidateImmutable( field.NewPath("Spec", "Type"), old.Spec.Type, @@ -78,6 +63,6 @@ func (*AzureClusterIdentityWebhook) ValidateUpdate(_ context.Context, oldRaw, ne } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterIdentityWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterIdentityWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureClusterIdentity) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azureclustertemplate_webhook.go b/internal/webhooks/azureclustertemplate_webhook.go index e6bef030763..5ef2c7ecc0b 100644 --- a/internal/webhooks/azureclustertemplate_webhook.go +++ b/internal/webhooks/azureclustertemplate_webhook.go @@ -18,14 +18,11 @@ package webhooks import ( "context" - "fmt" "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -37,8 +34,7 @@ const AzureClusterTemplateImmutableMsg = "AzureClusterTemplate spec.template.spe // SetupWebhookWithManager will set up the webhook to be managed by the specified manager. func (w *AzureClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureClusterTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureClusterTemplate{}). WithValidator(w). WithDefaulter(w). Complete() @@ -50,40 +46,24 @@ func (w *AzureClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureClusterTemplateWebhook implements a validating and defaulting webhook for AzureClusterTemplate. type AzureClusterTemplateWebhook struct{} -var _ webhook.CustomDefaulter = &AzureClusterTemplateWebhook{} +var _ admission.Defaulter[*infrav1.AzureClusterTemplate] = &AzureClusterTemplateWebhook{} // Default implements webhook.CustomDefaulter so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - c, ok := obj.(*infrav1.AzureClusterTemplate) - if !ok { - return fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) Default(_ context.Context, c *infrav1.AzureClusterTemplate) error { apiinternal.SetDefaultsAzureClusterTemplate(c) return nil } -var _ webhook.CustomValidator = &AzureClusterTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureClusterTemplate] = &AzureClusterTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - c, ok := obj.(*infrav1.AzureClusterTemplate) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) ValidateCreate(_ context.Context, c *infrav1.AzureClusterTemplate) (admission.Warnings, error) { return validateAzureClusterTemplate(c) } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, oldRaw, newObj runtime.Object) (admission.Warnings, error) { - c, ok := newObj.(*infrav1.AzureClusterTemplate) - if !ok { - return nil, fmt.Errorf("expected an AzureClusterTemplate object but got %T", c) - } - +func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, old, c *infrav1.AzureClusterTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureClusterTemplate) if !reflect.DeepEqual(c.Spec.Template.Spec, old.Spec.Template.Spec) { allErrs = append(allErrs, field.Invalid(field.NewPath("AzureClusterTemplate", "spec", "template", "spec"), c, AzureClusterTemplateImmutableMsg), @@ -97,6 +77,6 @@ func (*AzureClusterTemplateWebhook) ValidateUpdate(_ context.Context, oldRaw, ne } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureClusterTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureClusterTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureClusterTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremachine_webhook.go b/internal/webhooks/azuremachine_webhook.go index d964acc5a2a..ca52f1be62a 100644 --- a/internal/webhooks/azuremachine_webhook.go +++ b/internal/webhooks/azuremachine_webhook.go @@ -21,7 +21,6 @@ import ( "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -36,8 +35,7 @@ import ( func (mw *AzureMachineWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureMachine{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureMachine{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -52,11 +50,7 @@ type AzureMachineWebhook struct { } // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } +func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureMachine) (admission.Warnings, error) { spec := m.Spec allErrs := validateAzureMachineSpec(spec) @@ -78,16 +72,8 @@ func (mw *AzureMachineWebhook) ValidateCreate(_ context.Context, obj runtime.Obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureMachine) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } - m, ok := newObj.(*infrav1.AzureMachine) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureMachine resource") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "image"), @@ -238,15 +224,11 @@ func (mw *AzureMachineWebhook) ValidateUpdate(_ context.Context, oldObj, newObj } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mw *AzureMachineWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureMachine) (admission.Warnings, error) { return nil, nil } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureMachineWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureMachine) - if !ok { - return apierrors.NewBadRequest("expected an AzureMachine resource") - } +func (mw *AzureMachineWebhook) Default(_ context.Context, m *infrav1.AzureMachine) error { return apiinternal.SetDefaultsAzureMachine(m, mw.client) } diff --git a/internal/webhooks/azuremachinetemplate_webhook.go b/internal/webhooks/azuremachinetemplate_webhook.go index 32685ecb663..e80bd37db08 100644 --- a/internal/webhooks/azuremachinetemplate_webhook.go +++ b/internal/webhooks/azuremachinetemplate_webhook.go @@ -22,12 +22,10 @@ import ( "reflect" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" "sigs.k8s.io/cluster-api/util/topology" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -43,8 +41,7 @@ const ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureMachineTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureMachineTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureMachineTemplate{}). WithValidator(w). WithDefaulter(w). Complete() @@ -56,12 +53,11 @@ func (w *AzureMachineTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) // AzureMachineTemplateWebhook implements a validating and defaulting webhook for AzureMachineTemplate. type AzureMachineTemplateWebhook struct{} -var _ webhook.CustomDefaulter = &AzureMachineTemplateWebhook{} -var _ webhook.CustomValidator = &AzureMachineTemplateWebhook{} +var _ admission.Defaulter[*infrav1.AzureMachineTemplate] = &AzureMachineTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureMachineTemplate] = &AzureMachineTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - r := obj.(*infrav1.AzureMachineTemplate) +func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, r *infrav1.AzureMachineTemplate) (admission.Warnings, error) { spec := r.Spec.Template.Spec allErrs := validateAzureMachineSpec(spec) @@ -104,10 +100,8 @@ func (*AzureMachineTemplateWebhook) ValidateCreate(_ context.Context, obj runtim } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldRaw runtime.Object, newRaw runtime.Object) (admission.Warnings, error) { +func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, old, t *infrav1.AzureMachineTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old := oldRaw.(*infrav1.AzureMachineTemplate) - t := newRaw.(*infrav1.AzureMachineTemplate) req, err := admission.RequestFromContext(ctx) if err != nil { @@ -148,13 +142,12 @@ func (w *AzureMachineTemplateWebhook) ValidateUpdate(ctx context.Context, oldRaw } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (*AzureMachineTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureMachineTemplate) (admission.Warnings, error) { return nil, nil } // Default implements webhookutil.defaulter so a webhook will be registered for the type. -func (*AzureMachineTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - t := obj.(*infrav1.AzureMachineTemplate) +func (*AzureMachineTemplateWebhook) Default(_ context.Context, t *infrav1.AzureMachineTemplate) error { if err := apiinternal.SetDefaultAzureMachineSpecSSHPublicKey(&t.Spec.Template.Spec); err != nil { ctrl.Log.WithName("SetDefault").Error(err, "SetDefaultSSHPublicKey failed") } diff --git a/internal/webhooks/azuremanagedcluster_webhook.go b/internal/webhooks/azuremanagedcluster_webhook.go index b7a413d5571..518b6e8d4a8 100644 --- a/internal/webhooks/azuremanagedcluster_webhook.go +++ b/internal/webhooks/azuremanagedcluster_webhook.go @@ -19,9 +19,7 @@ package webhooks import ( "context" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -29,8 +27,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureManagedClusterWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedCluster{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedCluster{}). WithValidator(w). Complete() } @@ -40,19 +37,19 @@ type AzureManagedClusterWebhook struct{} // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcluster,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedclusters,versions=v1beta1,name=validation.azuremanagedclusters.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -var _ webhook.CustomValidator = &AzureManagedClusterWebhook{} +var _ admission.Validator[*infrav1.AzureManagedCluster] = &AzureManagedClusterWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedCluster) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedclustertemplate_webhook.go b/internal/webhooks/azuremanagedclustertemplate_webhook.go index a0fcd87fdc2..1cc17a6b908 100644 --- a/internal/webhooks/azuremanagedclustertemplate_webhook.go +++ b/internal/webhooks/azuremanagedclustertemplate_webhook.go @@ -19,9 +19,7 @@ package webhooks import ( "context" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" @@ -29,8 +27,7 @@ import ( // SetupWebhookWithManager sets up and registers the webhook with the manager. func (w *AzureManagedClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedClusterTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedClusterTemplate{}). WithValidator(w). Complete() } @@ -40,19 +37,19 @@ func (w *AzureManagedClusterTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Ma // AzureManagedClusterTemplateWebhook implements a validating webhook for AzureManagedClusterTemplate. type AzureManagedClusterTemplateWebhook struct{} -var _ webhook.CustomValidator = &AzureManagedClusterTemplateWebhook{} +var _ admission.Validator[*infrav1.AzureManagedClusterTemplate] = &AzureManagedClusterTemplateWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateCreate(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateCreate(_ context.Context, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateUpdate(_ context.Context, _, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateUpdate(_ context.Context, _, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (w *AzureManagedClusterTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (w *AzureManagedClusterTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedClusterTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedcontrolplane_webhook.go b/internal/webhooks/azuremanagedcontrolplane_webhook.go index 90b722d481d..c52a3edfbf4 100644 --- a/internal/webhooks/azuremanagedcontrolplane_webhook.go +++ b/internal/webhooks/azuremanagedcontrolplane_webhook.go @@ -22,7 +22,6 @@ import ( "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" @@ -47,8 +46,7 @@ func (mw *AzureManagedControlPlaneWebhook) SetupWebhookWithManager(mgr ctrl.Mana mw.client = mgr.GetClient() mw.logger = mgr.GetLogger().WithName("AzureManagedControlPlane") - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedControlPlane{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedControlPlane{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -63,12 +61,7 @@ type AzureManagedControlPlaneWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureManagedControlPlane) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - +func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, m *infrav1.AzureManagedControlPlane) error { m.Spec.Version = apiinternal.NormalizeVersion(m.Spec.Version) m.Spec.SKU = apiinternal.DefaultSku(mw.logger, m.Spec.SKU) m.Spec.FleetsMember = apiinternal.DefaultFleetsMember(m.Spec.FleetsMember, m.Labels) @@ -91,26 +84,13 @@ func (mw *AzureManagedControlPlaneWebhook) Default(_ context.Context, obj runtim // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedcontrolplane,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedcontrolplanes,versions=v1beta1,name=validation.azuremanagedcontrolplanes.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - +func (mw *AzureManagedControlPlaneWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { return nil, validateAzureManagedControlPlane(m, mw.client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } - m, ok := newObj.(*infrav1.AzureManagedControlPlane) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlane") - } immutableFields := []struct { path *field.Path @@ -218,6 +198,6 @@ func (mw *AzureManagedControlPlaneWebhook) ValidateUpdate(_ context.Context, old } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mw *AzureManagedControlPlaneWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedControlPlane) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go b/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go index 521a3d9c41f..415072fd835 100644 --- a/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go +++ b/internal/webhooks/azuremanagedcontrolplanetemplate_webhook.go @@ -21,7 +21,6 @@ import ( "github.com/go-logr/logr" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -37,8 +36,7 @@ func (mcpw *AzureManagedControlPlaneTemplateWebhook) SetupWebhookWithManager(mgr mcpw.client = mgr.GetClient() mcpw.logger = mgr.GetLogger().WithName("AzureManagedControlPlaneTemplate") - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedControlPlaneTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedControlPlaneTemplate{}). WithDefaulter(mcpw). WithValidator(mcpw). Complete() @@ -54,36 +52,19 @@ type AzureManagedControlPlaneTemplateWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - mcp, ok := obj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } +func (mcpw *AzureManagedControlPlaneTemplateWebhook) Default(_ context.Context, mcp *infrav1.AzureManagedControlPlaneTemplate) error { apiinternal.SetDefaultsAzureManagedControlPlaneTemplate(mcpw.logger, mcp) return nil } // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mcp, ok := obj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } - +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateCreate(_ context.Context, mcp *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { return nil, validateAzureManagedControlPlaneTemplate(mcp, mcpw.client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Context, old, mcp *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } - mcp, ok := newObj.(*infrav1.AzureManagedControlPlaneTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedControlPlaneTemplate") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "template", "spec", "subscriptionID"), old.Spec.Template.Spec.SubscriptionID, @@ -191,6 +172,6 @@ func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateUpdate(_ context.Co } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) { +func (mcpw *AzureManagedControlPlaneTemplateWebhook) ValidateDelete(_ context.Context, _ *infrav1.AzureManagedControlPlaneTemplate) (admission.Warnings, error) { return nil, nil } diff --git a/internal/webhooks/azuremanagedmachinepool_webhook.go b/internal/webhooks/azuremanagedmachinepool_webhook.go index 889bff91370..cd2f9dfcfc7 100644 --- a/internal/webhooks/azuremanagedmachinepool_webhook.go +++ b/internal/webhooks/azuremanagedmachinepool_webhook.go @@ -22,7 +22,6 @@ import ( "github.com/pkg/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" @@ -40,8 +39,7 @@ var validNodePublicPrefixID = regexp.MustCompile(`(?i)^/?subscriptions/[0-9a-f]{ func (mw *AzureManagedMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedMachinePool{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedMachinePool{}). WithDefaulter(mw). WithValidator(mw). Complete() @@ -55,11 +53,7 @@ type AzureManagedMachinePoolWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, obj runtime.Object) error { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, m *infrav1.AzureManagedMachinePool) error { if m.Labels == nil { m.Labels = make(map[string]string) } @@ -79,12 +73,7 @@ func (mw *AzureManagedMachinePoolWebhook) Default(_ context.Context, obj runtime //+kubebuilder:webhook:verbs=create;update;delete,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepool,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepools,versions=v1beta1,name=validation.azuremanagedmachinepools.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } - +func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { var errs []error errs = append(errs, validateMaxPods( @@ -132,15 +121,7 @@ func (mw *AzureManagedMachinePoolWebhook) ValidateCreate(_ context.Context, obj } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - old, ok := oldObj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } - m, ok := newObj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, old, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { var allErrs field.ErrorList if err := webhookutils.ValidateImmutable( @@ -286,11 +267,7 @@ func (mw *AzureManagedMachinePoolWebhook) ValidateUpdate(_ context.Context, oldO } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mw *AzureManagedMachinePoolWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - m, ok := obj.(*infrav1.AzureManagedMachinePool) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePool") - } +func (mw *AzureManagedMachinePoolWebhook) ValidateDelete(_ context.Context, m *infrav1.AzureManagedMachinePool) (admission.Warnings, error) { if m.Spec.Mode != string(infrav1.NodePoolModeSystem) { return nil, nil } diff --git a/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go b/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go index f69305ead4f..3e3580f04e6 100644 --- a/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go +++ b/internal/webhooks/azuremanagedmachinepooltemplate_webhook.go @@ -21,7 +21,6 @@ import ( "github.com/pkg/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" kerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/ptr" @@ -38,8 +37,7 @@ import ( func (mpw *AzureManagedMachinePoolTemplateWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { mpw.client = mgr.GetClient() - return ctrl.NewWebhookManagedBy(mgr). - For(&infrav1.AzureManagedMachinePoolTemplate{}). + return ctrl.NewWebhookManagedBy(mgr, &infrav1.AzureManagedMachinePoolTemplate{}). WithDefaulter(mpw). WithValidator(mpw). Complete() @@ -53,11 +51,7 @@ type AzureManagedMachinePoolTemplateWebhook struct { } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, obj runtime.Object) error { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } +func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) error { if mp.Labels == nil { mp.Labels = make(map[string]string) } @@ -75,12 +69,7 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) Default(_ context.Context, ob //+kubebuilder:webhook:verbs=create;update;delete,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremanagedmachinepooltemplate,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremanagedmachinepooltemplates,versions=v1beta1,name=validation.azuremanagedmachinepooltemplates.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } - +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { var errs []error errs = append(errs, validateMaxPods( @@ -124,16 +113,8 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateCreate(_ context.Cont } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Context, old, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { var allErrs field.ErrorList - old, ok := oldObj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } - mp, ok := newObj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } if err := webhookutils.ValidateImmutable( field.NewPath("spec", "template", "spec", "name"), @@ -270,11 +251,7 @@ func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateUpdate(_ context.Cont } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { - mp, ok := obj.(*infrav1.AzureManagedMachinePoolTemplate) - if !ok { - return nil, apierrors.NewBadRequest("expected an AzureManagedMachinePoolTemplate") - } +func (mpw *AzureManagedMachinePoolTemplateWebhook) ValidateDelete(_ context.Context, mp *infrav1.AzureManagedMachinePoolTemplate) (admission.Warnings, error) { if mp.Spec.Template.Spec.Mode != string(infrav1.NodePoolModeSystem) { return nil, nil } diff --git a/test/e2e/capi_test.go b/test/e2e/capi_test.go index 80809bcb730..18d993707b2 100644 --- a/test/e2e/capi_test.go +++ b/test/e2e/capi_test.go @@ -87,8 +87,8 @@ var _ = Describe("Running the Cluster API E2E tests", func() { }) Context("Running the MachineDeployment rollout spec", func() { - capi_e2e.MachineDeploymentRolloutSpec(ctx, func() capi_e2e.MachineDeploymentRolloutSpecInput { - return capi_e2e.MachineDeploymentRolloutSpecInput{ + capi_e2e.KCPAndMachineDeploymentRolloutSpec(ctx, func() capi_e2e.KCPAndMachineDeploymentRolloutSpecInput { + return capi_e2e.KCPAndMachineDeploymentRolloutSpecInput{ E2EConfig: e2eConfig, ClusterctlConfigPath: clusterctlConfigPath, BootstrapClusterProxy: bootstrapClusterProxy, diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index 0a522a44fd6..c1f58904c21 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -5,10 +5,16 @@ images: loadBehavior: mustLoad - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.4 loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.0-rc.0 + loadBehavior: tryLoad - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.4 loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.0-rc.0 + loadBehavior: tryLoad - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.4 loadBehavior: tryLoad + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.0-rc.0 + loadBehavior: tryLoad - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.0 loadBehavior: tryLoad @@ -36,6 +42,17 @@ providers: new: "imagePullPolicy: IfNotPresent" - old: "- --leader-elect" new: "- --leader-elect\n - --remote-connection-grace-period=3m" + - name: v1.13.0-rc.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/core-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" + - old: "- --leader-elect" + new: "- --leader-elect\n - --remote-connection-grace-period=3m" - name: kubeadm type: BootstrapProvider @@ -58,6 +75,15 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" + - name: v1.13.0-rc.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/bootstrap-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" - name: kubeadm type: ControlPlaneProvider @@ -80,6 +106,15 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" + - name: v1.13.0-rc.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/control-plane-components.yaml + type: url + contract: v1beta2 + files: + - sourcePath: "../data/shared/v1beta1/metadata.yaml" + replacements: + - old: "imagePullPolicy: Always" + new: "imagePullPolicy: IfNotPresent" - name: azure type: InfrastructureProvider diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml new file mode 100644 index 00000000000..fe274e5f993 --- /dev/null +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kcp-taints.yaml @@ -0,0 +1,15 @@ +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane +spec: + machineTemplate: + taints: + - key: "pre-existing-on-initialization-taint" + value: "on-initialization-value" + effect: PreferNoSchedule + propagation: OnInitialization + - key: "pre-existing-always-taint" + value: "always-value" + effect: PreferNoSchedule + propagation: Always diff --git a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml index afd4db9339d..03116109b1c 100644 --- a/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml +++ b/test/e2e/data/infrastructure-azure/v1beta1/cluster-template-md-taints/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ../../../../../../templates/addons/cluster-api-helm/cloud-provider-azure.yaml - ../../../../../../templates/addons/cluster-api-helm/cloud-provider-azure-ci.yaml patches: +- path: kcp-taints.yaml - path: ../../../../../../templates/azure-cluster-identity/azurecluster-identity-ref.yaml - path: ../../../../../../templates/test/ci/patches/cluster-label-calico.yaml - path: ../../../../../../templates/test/ci/patches/cluster-label-cloud-provider-azure.yaml diff --git a/test/e2e/data/shared/v1beta1/metadata.yaml b/test/e2e/data/shared/v1beta1/metadata.yaml index fa0c67eb29f..f79cfd066a0 100644 --- a/test/e2e/data/shared/v1beta1/metadata.yaml +++ b/test/e2e/data/shared/v1beta1/metadata.yaml @@ -1,6 +1,9 @@ apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 13 + contract: v1beta2 - major: 1 minor: 12 contract: v1beta2 From eb7d7a4070ed7959cdadf59bb2117e6f96d244f4 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 10 Apr 2026 13:33:46 -0600 Subject: [PATCH 25/61] Update trivy version to v0.69.3 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 7d8de703e40..725b9e56e39 100644 --- a/Makefile +++ b/Makefile @@ -114,7 +114,7 @@ RELEASE_NOTES_VER := v0.18.0 RELEASE_NOTES_BIN := release-notes RELEASE_NOTES := $(TOOLS_BIN_DIR)/$(RELEASE_NOTES_BIN)-$(RELEASE_NOTES_VER) -TRIVY_VER := 0.69.2 +TRIVY_VER := 0.69.3 KPROMO_VER := 5ab0dbc74b0228c22a93d240596dff77464aee8f KPROMO_BIN := kpromo From d8a0b2e5eaabda18c3924bc6a538d0a00372b725 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 10 Apr 2026 15:15:37 -0600 Subject: [PATCH 26/61] Bump CAAPH preload image to v0.6.2 --- test/e2e/config/azure-dev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index c1f58904c21..a92b9e58317 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -15,7 +15,7 @@ images: loadBehavior: tryLoad - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.0-rc.0 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.0 + - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.2 loadBehavior: tryLoad providers: From df78d7376b5699f414a5c36d14878969d4f6d7a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 13:50:09 +0000 Subject: [PATCH 27/61] dependabot(deps): bump golang.org/x/mod from 0.34.0 to 0.35.0 Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.34.0 to 0.35.0. - [Commits](https://github.com/golang/mod/compare/v0.34.0...v0.35.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 13d461810cd..1975f389bb3 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( go.uber.org/mock v0.6.0 golang.org/x/crypto v0.49.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b - golang.org/x/mod v0.34.0 + golang.org/x/mod v0.35.0 golang.org/x/text v0.35.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.35.3 @@ -190,7 +190,7 @@ require ( golang.org/x/sys v0.42.0 // indirect golang.org/x/term v0.41.0 // indirect golang.org/x/time v0.12.0 // indirect - golang.org/x/tools v0.42.0 // indirect + golang.org/x/tools v0.43.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect diff --git a/go.sum b/go.sum index 8cadf11a92d..4e8c166fea8 100644 --- a/go.sum +++ b/go.sum @@ -497,8 +497,8 @@ golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= -golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= -golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= +golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= @@ -516,8 +516,8 @@ golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= From 8adb85ac3577101d31b06c0e6f3b52e08d907ede Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 13:50:39 +0000 Subject: [PATCH 28/61] dependabot(deps): bump the all-github-actions group with 3 updates Bumps the all-github-actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `step-security/harden-runner` from 2.16.1 to 2.17.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/fe104658747b27e96e4f7e80cd0a94068e53901d...f808768d1510423e83855289c910610ca9b43176) Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/153bb8e04406b158c6c84fc1615b65b24149a1fe...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/cover.yaml | 2 +- .github/workflows/dependabot-code-gen.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint-docs.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/scorecards.yml | 4 ++-- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index fdc24476782..a3718fbcf3c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index f91e9839cfe..922e013d335 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index 25cfc46f1cb..67c06f6ddd6 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - name: Get Go version diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b4a506d62ae..13a2108384d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml index a2bce629e6e..650bffe1ce1 100644 --- a/.github/workflows/lint-docs.yaml +++ b/.github/workflows/lint-docs.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index df6ed9a8ab5..a85b38b2a30 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: release_tag: ${{ steps.release-version.outputs.release_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - name: Checkout code @@ -92,7 +92,7 @@ jobs: needs: push_release_tag steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit - name: Set env @@ -118,7 +118,7 @@ jobs: curl -L "https://raw.githubusercontent.com/${{ github.repository }}/main/CHANGELOG/${{ env.RELEASE_TAG }}.md" \ -o "${{ env.RELEASE_TAG }}.md" - name: Release - uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # tag=v2.6.1 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # tag=v3.0.0 with: draft: true files: out/* diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3e0aa480002..595c6ce0a32 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1 + uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 with: egress-policy: audit @@ -63,7 +63,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: SARIF file path: results.sarif From 669989868d919a9b034eac0278c47fb4fca7ced0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 17:09:38 +0000 Subject: [PATCH 29/61] dependabot(deps): bump golang.org/x/crypto from 0.49.0 to 0.50.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.49.0 to 0.50.0. - [Commits](https://github.com/golang/crypto/compare/v0.49.0...v0.50.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 1975f389bb3..8127257a407 100644 --- a/go.mod +++ b/go.mod @@ -42,10 +42,10 @@ require ( go.opentelemetry.io/otel/sdk/metric v1.43.0 go.opentelemetry.io/otel/trace v1.43.0 go.uber.org/mock v0.6.0 - golang.org/x/crypto v0.49.0 + golang.org/x/crypto v0.50.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b golang.org/x/mod v0.35.0 - golang.org/x/text v0.35.0 + golang.org/x/text v0.36.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.35.3 k8s.io/apimachinery v0.35.3 @@ -187,8 +187,8 @@ require ( golang.org/x/net v0.52.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect - golang.org/x/term v0.41.0 // indirect + golang.org/x/sys v0.43.0 // indirect + golang.org/x/term v0.42.0 // indirect golang.org/x/time v0.12.0 // indirect golang.org/x/tools v0.43.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect diff --git a/go.sum b/go.sum index 4e8c166fea8..4ed9be3b86e 100644 --- a/go.sum +++ b/go.sum @@ -493,8 +493,8 @@ go.yaml.in/yaml/v2 v2.4.4 h1:tuyd0P+2Ont/d6e2rl3be67goVK4R6deVxCUX5vyPaQ= go.yaml.in/yaml/v2 v2.4.4/go.mod h1:gMZqIpDtDqOfM0uNfy0SkpRhvUryYH0Z6wdMYcacYXQ= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4= -golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA= +golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI= +golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= @@ -508,12 +508,12 @@ golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= -golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= +golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= From 00b200ccfb5aded1f05b6cf36fe89e36710d14c0 Mon Sep 17 00:00:00 2001 From: William Yao Date: Mon, 13 Apr 2026 10:17:57 -0700 Subject: [PATCH 30/61] Implement smarter retry for az commands in peer-vnets flow Signed-off-by: William Yao --- scripts/peer-vnets.sh | 113 ++++++++++++++++++++++++++++++++---------- 1 file changed, 88 insertions(+), 25 deletions(-) diff --git a/scripts/peer-vnets.sh b/scripts/peer-vnets.sh index 35ef21d3e76..9d3522483ca 100755 --- a/scripts/peer-vnets.sh +++ b/scripts/peer-vnets.sh @@ -51,6 +51,43 @@ print_step() { echo -e "${BOLD}${CYAN}Step $1:${NC} $2" } +# Retry wrapper for az commands to handle transient 429 (Too Many Requests) errors. +# Only retries when stderr indicates throttling; other errors fail immediately. +# Usage: az_retry az [args...] +az_retry() { + local max_retries="$1" + shift + local attempt=0 + local wait_time=5 + local stderr_file + stderr_file=$(mktemp) + # shellcheck disable=SC2064 + trap "rm -f '$stderr_file'" RETURN + while true; do + local exit_code=0 + "$@" 2> >(tee "$stderr_file" >&2) || exit_code=$? + if [ "$exit_code" -eq 0 ]; then + return 0 + fi + # Only retry on throttling (429) errors; fail immediately for anything else + if ! grep -qi -e "429" -e "Too Many Requests" -e "RetryAfter" -e "throttl" "$stderr_file"; then + return "$exit_code" + fi + attempt=$((attempt + 1)) + if [ "$attempt" -ge "$max_retries" ]; then + print_error "Command throttled after $max_retries attempts: $*" + return 1 + fi + print_warning "Throttled (attempt $attempt/$max_retries), retrying in ${wait_time}s..." + sleep "$wait_time" + # Exponential backoff capped at 60s + wait_time=$(( wait_time * 2 )) + if [ "$wait_time" -gt 60 ]; then + wait_time=60 + fi + done +} + usage() { cat < @@ -168,33 +205,53 @@ peer_vnets() { # Get VNET IDs with improved error handling az network vnet wait --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --created --timeout "${WAIT_TIMEOUT}" || error "Timeout waiting for management VNET" - MGMT_VNET_ID=$(az network vnet show --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --query id --output tsv) || error "Failed to get management VNET ID" + MGMT_VNET_ID=$(az_retry 5 az network vnet show --resource-group "${AKS_RESOURCE_GROUP}" --name "${AKS_MGMT_VNET_NAME}" --query id --output tsv) || error "Failed to get management VNET ID" print_step "1/4" "${AKS_MGMT_VNET_NAME} found and ${MGMT_VNET_ID} found" az network vnet wait --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --created --timeout "${WAIT_TIMEOUT}" || error "Timeout waiting for workload VNET" - WORKLOAD_VNET_ID=$(az network vnet show --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --query id --output tsv) || error "Failed to get workload VNET ID" + WORKLOAD_VNET_ID=$(az_retry 5 az network vnet show --resource-group "${CLUSTER_NAME}" --name "${CLUSTER_NAME}-vnet" --query id --output tsv) || error "Failed to get workload VNET ID" print_step "2/4" "${CLUSTER_NAME}-vnet found and ${WORKLOAD_VNET_ID} found" - # Peer mgmt vnet with improved error handling - az network vnet peering create \ + # Create both peerings with --no-wait to reduce sequential API calls and + # mitigate 429 (Too Many Requests) throttling from Azure Resource Manager. + az_retry 5 az network vnet peering create \ --name "mgmt-to-${CLUSTER_NAME}" \ --resource-group "${AKS_RESOURCE_GROUP}" \ --vnet-name "${AKS_MGMT_VNET_NAME}" \ --remote-vnet "${WORKLOAD_VNET_ID}" \ --allow-vnet-access true \ --allow-forwarded-traffic true \ - --only-show-errors --output none || error "Failed to create management peering" - print_step "3/4" "mgmt-to-${CLUSTER_NAME} peering created in ${AKS_MGMT_VNET_NAME}" + --no-wait \ + --only-show-errors --output none || error "Failed to submit management peering" - # Peer workload vnet with improved error handling - az network vnet peering create \ + az_retry 5 az network vnet peering create \ --name "${CLUSTER_NAME}-to-mgmt" \ --resource-group "${CLUSTER_NAME}" \ --vnet-name "${CLUSTER_NAME}-vnet" \ --remote-vnet "${MGMT_VNET_ID}" \ --allow-vnet-access true \ --allow-forwarded-traffic true \ - --only-show-errors --output none || error "Failed to create workload peering" + --no-wait \ + --only-show-errors --output none || error "Failed to submit workload peering" + + print_info "Both peering requests submitted, waiting for completion..." + + # Wait for both peerings to complete. The wait command has built-in polling + # with backoff which handles transient errors more gracefully than synchronous creates. + az network vnet peering wait \ + --name "mgmt-to-${CLUSTER_NAME}" \ + --resource-group "${AKS_RESOURCE_GROUP}" \ + --vnet-name "${AKS_MGMT_VNET_NAME}" \ + --created --timeout "${WAIT_TIMEOUT}" \ + --only-show-errors --output none || error "Timeout waiting for management peering to complete" + print_step "3/4" "mgmt-to-${CLUSTER_NAME} peering created in ${AKS_MGMT_VNET_NAME}" + + az network vnet peering wait \ + --name "${CLUSTER_NAME}-to-mgmt" \ + --resource-group "${CLUSTER_NAME}" \ + --vnet-name "${CLUSTER_NAME}-vnet" \ + --created --timeout "${WAIT_TIMEOUT}" \ + --only-show-errors --output none || error "Timeout waiting for workload peering to complete" print_step "4/4" "${CLUSTER_NAME}-to-mgmt peering created in ${CLUSTER_NAME}-vnet" print_success "VNET peering completed successfully" } @@ -204,25 +261,39 @@ create_private_dns_zone() { print_header "Creating private DNS zone" # Create private DNS zone with improved error handling - az network private-dns zone create \ + az_retry 5 az network private-dns zone create \ --resource-group "${CLUSTER_NAME}" \ --name "${DNS_ZONE}" \ --only-show-errors --output none || error "Failed to create private DNS zone" - az network private-dns zone wait \ + az_retry 5 az network private-dns zone wait \ --resource-group "${CLUSTER_NAME}" \ --name "${DNS_ZONE}" \ --created --timeout "${WAIT_TIMEOUT}" \ --only-show-errors --output none || error "Timeout waiting for private DNS zone" print_step "1/4" "${DNS_ZONE} private DNS zone created in ${CLUSTER_NAME}" - # Link private DNS Zone to workload vnet with improved error handling - az network private-dns link vnet create \ + # Create both VNet links with --no-wait to reduce sequential API calls + az_retry 5 az network private-dns link vnet create \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ --name "${CLUSTER_NAME}-to-mgmt" \ --virtual-network "${WORKLOAD_VNET_ID}" \ --registration-enabled false \ - --only-show-errors --output none || error "Failed to create workload DNS link" + --no-wait \ + --only-show-errors --output none || error "Failed to submit workload DNS link" + + az_retry 5 az network private-dns link vnet create \ + --resource-group "${CLUSTER_NAME}" \ + --zone-name "${DNS_ZONE}" \ + --name "mgmt-to-${CLUSTER_NAME}" \ + --virtual-network "${MGMT_VNET_ID}" \ + --registration-enabled false \ + --no-wait \ + --only-show-errors --output none || error "Failed to submit management DNS link" + + print_info "Both DNS link requests submitted, waiting for completion..." + + # Wait for both links to complete az network private-dns link vnet wait \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ @@ -231,14 +302,6 @@ create_private_dns_zone() { --only-show-errors --output none || error "Timeout waiting for workload DNS link" print_step "2/4" "workload cluster vnet ${CLUSTER_NAME}-vnet linked with private DNS zone" - # Link private DNS Zone to mgmt vnet with improved error handling - az network private-dns link vnet create \ - --resource-group "${CLUSTER_NAME}" \ - --zone-name "${DNS_ZONE}" \ - --name "mgmt-to-${CLUSTER_NAME}" \ - --virtual-network "${MGMT_VNET_ID}" \ - --registration-enabled false \ - --only-show-errors --output none || error "Failed to create management DNS link" az network private-dns link vnet wait \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ @@ -248,7 +311,7 @@ create_private_dns_zone() { print_step "3/4" "management cluster vnet ${AKS_MGMT_VNET_NAME} linked with private DNS zone" # Create private DNS zone record with improved error handling - az network private-dns record-set a add-record \ + az_retry 5 az network private-dns record-set a add-record \ --resource-group "${CLUSTER_NAME}" \ --zone-name "${DNS_ZONE}" \ --record-set-name "@" \ @@ -319,7 +382,7 @@ wait_and_fix_nsg_rules() { print_info "Allowed TCP ports: $tcp_ports" if az network nsg rule show --resource-group "$rg" --nsg-name "$nsg" --name "NRMS-Rule-101" --output none 2>/dev/null; then # shellcheck disable=SC2086 - az network nsg rule update \ + az_retry 5 az network nsg rule update \ --resource-group "$rg" \ --nsg-name "$nsg" \ --name "NRMS-Rule-101" \ @@ -337,7 +400,7 @@ wait_and_fix_nsg_rules() { print_info "Configuring NRMS-Rule-103 in NSG '$nsg' (Resource Group: '$rg')" print_info "Allowed UDP ports: $udp_ports" # shellcheck disable=SC2086 - az network nsg rule update \ + az_retry 5 az network nsg rule update \ --resource-group "$rg" \ --nsg-name "$nsg" \ --name "NRMS-Rule-103" \ From bc80e3b3f3d5dbaf6f155af93fd4d422c80727bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 20:51:08 +0000 Subject: [PATCH 31/61] dependabot(deps): bump github.com/moby/spdystream from 0.5.0 to 0.5.1 Bumps [github.com/moby/spdystream](https://github.com/moby/spdystream) from 0.5.0 to 0.5.1. - [Release notes](https://github.com/moby/spdystream/releases) - [Commits](https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1) --- updated-dependencies: - dependency-name: github.com/moby/spdystream dependency-version: 0.5.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8127257a407..384b3e396b2 100644 --- a/go.mod +++ b/go.mod @@ -140,7 +140,7 @@ require ( github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/moby/api v1.54.1 // indirect github.com/moby/moby/client v0.4.0 // indirect - github.com/moby/spdystream v0.5.0 // indirect + github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect diff --git a/go.sum b/go.sum index 4ed9be3b86e..bab68653acc 100644 --- a/go.sum +++ b/go.sum @@ -333,8 +333,8 @@ github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4= github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw= github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= +github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= From 9128981dbd14bdda896ad724e82edfbb14f2c7ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 15:03:33 +0000 Subject: [PATCH 32/61] dependabot(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azcore Bumps [github.com/Azure/azure-sdk-for-go/sdk/azcore](https://github.com/Azure/azure-sdk-for-go) from 1.21.0 to 1.21.1. - [Release notes](https://github.com/Azure/azure-sdk-for-go/releases) - [Commits](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.21.0...sdk/azcore/v1.21.1) --- updated-dependencies: - dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azcore dependency-version: 1.21.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 384b3e396b2..4002ed34337 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.25.0 toolchain go1.25.9 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 @@ -66,7 +66,7 @@ require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect cel.dev/expr v0.25.1 // indirect dario.cat/mergo v1.0.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.4.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerregistry/armcontainerregistry v1.2.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v6 v6.6.0 // indirect @@ -184,7 +184,7 @@ require ( go.opentelemetry.io/proto/otlp v1.9.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/net v0.53.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.43.0 // indirect diff --git a/go.sum b/go.sum index bab68653acc..99d860adfac 100644 --- a/go.sum +++ b/go.sum @@ -6,14 +6,14 @@ dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0 h1:fou+2+WFTib47nS+nz/ozhEBnvU96bKHy6LjRsY4E28= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.0/go.mod h1:t76Ruy8AHvUAC8GfMWJMa0ElSbuIcO03NLpynfbgsPA= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1 h1:jHb/wfvRikGdxMXYV3QG/SzUOPYN9KEUUuC0Yd0/vC0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.21.1/go.mod h1:pzBXCYn05zvYIrwLgtK8Ap8QcjRg+0i76tMQdWN6wOk= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 h1:Hk5QBxZQC1jb2Fwj6mpzme37xbCDdNTxU7O9eb5+LB4= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1/go.mod h1:IYus9qsFobWIc2YVwe/WPjcnyCkPKtnHAqUYeebc8z0= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2 h1:yz1bePFlP5Vws5+8ez6T3HWXPmwOK7Yvq8QxDBD3SKY= github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.2/go.mod h1:Pa9ZNPuoNu/GztvBSKk9J1cDJW6vk/n0zLtV4mgd8N8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0 h1:fhqpLE3UEXi9lPaBRpQ6XuRW0nU7hgg4zlmZZa+a9q4= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.12.0/go.mod h1:7dCRMLwisfRH3dBupKeNCioWYUZ4SS09Z14H+7i8ZoY= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2 v2.1.0 h1:WYADp5XlioccEnBBK9sVUaHVno76l7WeTcWCumN86kM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2 v2.1.0/go.mod h1:PK8v1aAd2Wx6eTcbUYhYstGpspqNqhZYiM8GLFdq2A0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappconfiguration v1.1.1 h1:iRc20pGuVlc1HwRO2bg0m1tfP9rkPB0K88trl8Fei2w= @@ -499,8 +499,8 @@ golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= From 84d92151c79db388d9adeec9af342a32b1117b0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 15:03:57 +0000 Subject: [PATCH 33/61] dependabot(deps): bump the all-github-actions group with 4 updates Bumps the all-github-actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action), [actions/cache](https://github.com/actions/cache) and [tj-actions/changed-files](https://github.com/tj-actions/changed-files). Updates `step-security/harden-runner` from 2.17.0 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...8d3c67de8e2fe68ef647c8db1e6a09f647780f40) Updates `github/codeql-action` from 4.35.1 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225) Updates `actions/cache` from 5.0.4 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/668228422ae6a00e4ad889ee87cd7109ec5666a7...27d5ce7f107fe9357f9df03efb73ab90386fccae) Updates `tj-actions/changed-files` from 47.0.5 to 47.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](https://github.com/tj-actions/changed-files/compare/22103cc46bda19c2b464ffe86db46df6922fd323...9426d40962ed5378910ee2e21d5f8c6fcbf2dd96) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github-actions - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/cover.yaml | 2 +- .github/workflows/dependabot-code-gen.yml | 4 ++-- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint-docs.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- .github/workflows/scorecards.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a3718fbcf3c..c6e4ab3c747 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index 922e013d335..5de3cf5b191 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index 67c06f6ddd6..e3a5a6f86a4 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Get Go version @@ -33,7 +33,7 @@ jobs: id: go - name: Check out code into the Go module directory uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # tag=v5.0.4 + - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # tag=v5.0.5 name: Restore go cache with: path: | diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 13a2108384d..4b8fb809f2e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml index 650bffe1ce1..2794370b6fa 100644 --- a/.github/workflows/lint-docs.yaml +++ b/.github/workflows/lint-docs.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a85b38b2a30..be971c02dcf 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: release_tag: ${{ steps.release-version.outputs.release_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Checkout code @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 - name: Get changed files id: changed-markdown-files - uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # tag=v47.0.5 + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # tag=v47.0.6 with: files: CHANGELOG/**.md - name: Get release version @@ -92,7 +92,7 @@ jobs: needs: push_release_tag steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit - name: Set env diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 595c6ce0a32..ad904b77cc5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0 + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 with: egress-policy: audit @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1 + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 with: sarif_file: results.sarif From 8ee5c39411f1e2c0e3339364c36eb36ede40485d Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 20 Apr 2026 09:24:20 -0600 Subject: [PATCH 34/61] Bump CAPI dependency to v1.13.0-rc.1 --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ hack/tools/go.mod | 10 +++++----- hack/tools/go.sum | 24 ++++++++++++------------ 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/go.mod b/go.mod index 384b3e396b2..06358a627bd 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/prometheus/client_golang v1.23.2 github.com/spf13/pflag v1.0.10 go.opentelemetry.io/otel v1.43.0 - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 go.opentelemetry.io/otel/exporters/prometheus v0.65.0 go.opentelemetry.io/otel/sdk v1.43.0 go.opentelemetry.io/otel/sdk/metric v1.43.0 @@ -56,8 +56,8 @@ require ( k8s.io/kubectl v0.34.2 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/cloud-provider-azure v1.34.3 - sigs.k8s.io/cluster-api v1.13.0-rc.0 - sigs.k8s.io/cluster-api/test v1.13.0-rc.0 + sigs.k8s.io/cluster-api v1.13.0-rc.1 + sigs.k8s.io/cluster-api/test v1.13.0-rc.1 sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/kind v0.31.0 ) @@ -179,12 +179,12 @@ require ( github.com/xlab/treeprint v1.2.0 // indirect go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 // indirect go.opentelemetry.io/otel/metric v1.43.0 // indirect - go.opentelemetry.io/proto/otlp v1.9.0 // indirect + go.opentelemetry.io/proto/otlp v1.10.0 // indirect go.yaml.in/yaml/v2 v2.4.4 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/net v0.53.0 // indirect golang.org/x/oauth2 v0.36.0 // indirect golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.43.0 // indirect diff --git a/go.sum b/go.sum index bab68653acc..8fab99af97c 100644 --- a/go.sum +++ b/go.sum @@ -465,10 +465,10 @@ go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= go.opentelemetry.io/otel/exporters/jaeger v1.16.0 h1:YhxxmXZ011C0aDZKoNw+juVWAmEfv/0W2XBOv9aHTaA= go.opentelemetry.io/otel/exporters/jaeger v1.16.0/go.mod h1:grYbBo/5afWlPpdPZYhyn78Bk04hnvxn2+hvxQhKIQM= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0 h1:ao6Oe+wSebTlQ1OEht7jlYTzQKE+pnx/iNywFvTbuuI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.41.0/go.mod h1:u3T6vz0gh/NVzgDgiwkgLxpsSF6PaPmo2il0apGJbls= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 h1:mq/Qcf28TWz719lE3/hMB4KkyDuLJIvgJnFGcd0kEUI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0/go.mod h1:yk5LXEYhsL2htyDNJbEq7fWzNEigeEdV5xBF/Y+kAv0= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0 h1:88Y4s2C8oTui1LGM6bTWkw0ICGcOLCAI5l6zsD1j20k= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0/go.mod h1:Vl1/iaggsuRlrHf/hfPJPvVag77kKyvrLeD10kpMl+A= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0 h1:RAE+JPfvEmvy+0LzyUA25/SGawPwIUbZ6u0Wug54sLc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0/go.mod h1:AGmbycVGEsRx9mXMZ75CsOyhSP6MFIcj/6dnG+vhVjk= go.opentelemetry.io/otel/exporters/prometheus v0.65.0 h1:jOveH/b4lU9HT7y+Gfamf18BqlOuz2PWEvs8yM7Q6XE= go.opentelemetry.io/otel/exporters/prometheus v0.65.0/go.mod h1:i1P8pcumauPtUI4YNopea1dhzEMuEqWP1xoUZDylLHo= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= @@ -479,8 +479,8 @@ go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfC go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= -go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= -go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= +go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= +go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y= @@ -499,8 +499,8 @@ golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM= golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs= golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= @@ -584,10 +584,10 @@ sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 h1:7vEaYwdsvOz1OBAtEm6vyc4K sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2/go.mod h1:BgPOvGEdPTyaIWREF7pywm6teBhO3fNVQ+CTPYyr/5w= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 h1:Sy+dyfxemdQaz/UfJYWzALlbLdEaZ7IoKn93JXTqWYs= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4/go.mod h1:RgIi9n/PhULbvPjYZGsjP2zWJf1ZEd1qyA0CYUuSgcE= -sigs.k8s.io/cluster-api v1.13.0-rc.0 h1:1RArWJbP1L8ijvM16mofaNsfZiR97WND/tlO2AuZKy0= -sigs.k8s.io/cluster-api v1.13.0-rc.0/go.mod h1:2ztlMTMi6WwMR/6jriSCpF+Vswr652JB1veFMpbh4Lc= -sigs.k8s.io/cluster-api/test v1.13.0-rc.0 h1:BEvd9QM7cVqZfVMqUd0bC+tEl4lH8uNIdikuuPmCYck= -sigs.k8s.io/cluster-api/test v1.13.0-rc.0/go.mod h1:c3ORkUhDgVORVPCbhO68DiG2Wfb/yxy+XAMZp+jFR0s= +sigs.k8s.io/cluster-api v1.13.0-rc.1 h1:AHzLoinv1AuuMkBwAfWeSDV+JsPubAB7BgaKqoQpSB4= +sigs.k8s.io/cluster-api v1.13.0-rc.1/go.mod h1:DNgWpqSGIc8tWI4vwCbgLhDcnDNuDZ2L/FQur4ulAW0= +sigs.k8s.io/cluster-api/test v1.13.0-rc.1 h1:QyrDjSShQILiOctO6NHYU67gl1qJoS3ypNHI4SVkQKo= +sigs.k8s.io/cluster-api/test v1.13.0-rc.1/go.mod h1:uN9BzpjtzUwDr9nClw95VldtT3L97ZsKiA/z5Dde3Rk= sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 5804f9f8bfd..3bac4e13808 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -4,7 +4,7 @@ go 1.25.0 toolchain go1.25.9 -require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12 +require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect @@ -15,11 +15,11 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/x448/float16 v0.8.4 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect - golang.org/x/mod v0.33.0 // indirect - golang.org/x/net v0.52.0 // indirect + golang.org/x/mod v0.34.0 // indirect + golang.org/x/net v0.53.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/text v0.35.0 // indirect - golang.org/x/tools v0.42.0 // indirect + golang.org/x/text v0.36.0 // indirect + golang.org/x/tools v0.43.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect k8s.io/apiextensions-apiserver v0.35.3 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 87c9aa2023f..bfad558cc03 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -47,18 +47,18 @@ go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= -golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= +golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA= +golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= -golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI= +golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= +golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -82,8 +82,8 @@ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12 h1:BrkeMi8syvDj8TG+5zvLIWs9LnO+l0kcHTiX5jxG0tY= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260331155620-21fdc56ddd12/go.mod h1:VnBRwS02oswO6mRNWuSqF80G8vDY7RfHxQPnCPWqDQg= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb h1:A0OltmsbqI6u3v5/3nElz9/86VmGajHAUlIzG0r4Mug= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb/go.mod h1:/gNJAf/oJ+1MId6ydMeUIFntI1mng8ZH0HTdVuJCC7o= sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs= sigs.k8s.io/controller-tools v0.20.1/go.mod h1:b4qPmjGU3iZwqn34alUU5tILhNa9+VXK+J3QV0fT/uU= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= From ee2dc17926cebc0624e77574e0bc12d072d5fce3 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 20 Apr 2026 13:55:32 -0600 Subject: [PATCH 35/61] Update Kubernetes versions to 1.35 --- Makefile | 2 +- Tiltfile | 2 +- docs/book/src/developers/development.md | 2 +- docs/book/src/managed/managedcluster.md | 4 ++-- hack/create-dev-cluster.sh | 2 +- templates/flavors/README.md | 6 +++--- test/e2e/config/azure-dev.yaml | 10 +++++----- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 725b9e56e39..0638fcc273d 100644 --- a/Makefile +++ b/Makefile @@ -128,7 +128,7 @@ GINKGO_VER := $(shell go list -m -f '{{.Version}}' github.com/onsi/ginkgo/v2) GINKGO_BIN := ginkgo GINKGO := $(TOOLS_BIN_DIR)/$(GINKGO_BIN)-$(GINKGO_VER) -KUBECTL_VER := v1.33.6 +KUBECTL_VER := v1.35.4 KUBECTL_BIN := kubectl KUBECTL := $(TOOLS_BIN_DIR)/$(KUBECTL_BIN)-$(KUBECTL_VER) diff --git a/Tiltfile b/Tiltfile index d1a4ed95410..d1d2f472aa4 100644 --- a/Tiltfile +++ b/Tiltfile @@ -25,7 +25,7 @@ settings = { "capi_version": "v1.13.0-rc.0", "caaph_version": "v0.6.2", "cert_manager_version": "v1.20.1", - "kubernetes_version": "v1.33.6", + "kubernetes_version": "v1.35.4", "aks_kubernetes_version": "v1.30.2", "flatcar_version": "3374.2.1", "azure_location": "eastus", diff --git a/docs/book/src/developers/development.md b/docs/book/src/developers/development.md index 94278d0bb62..0b9b3c41f6e 100644 --- a/docs/book/src/developers/development.md +++ b/docs/book/src/developers/development.md @@ -403,7 +403,7 @@ export CONTROL_PLANE_MACHINE_COUNT=3 export AZURE_CONTROL_PLANE_MACHINE_TYPE="Standard_B2s" export AZURE_NODE_MACHINE_TYPE="Standard_B2s" export WORKER_MACHINE_COUNT=2 -export KUBERNETES_VERSION="v1.33.6" +export KUBERNETES_VERSION="v1.35.4" # Identity secret. export AZURE_CLUSTER_IDENTITY_SECRET_NAME="cluster-identity-secret" diff --git a/docs/book/src/managed/managedcluster.md b/docs/book/src/managed/managedcluster.md index 0f8f5a798f1..9fee3e02b44 100644 --- a/docs/book/src/managed/managedcluster.md +++ b/docs/book/src/managed/managedcluster.md @@ -40,7 +40,7 @@ executing clusterctl. # Kubernetes values export CLUSTER_NAME="my-cluster" export WORKER_MACHINE_COUNT=2 -export KUBERNETES_VERSION="v1.33.6" +export KUBERNETES_VERSION="v1.35.4" # Azure values export AZURE_LOCATION="southcentralus" @@ -357,7 +357,7 @@ spec: resourceGroupName: foo-bar sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} subscriptionID: 00000000-0000-0000-0000-000000000000 # fake uuid - version: v1.33.6 + version: v1.35.4 identity: type: UserAssigned userAssignedIdentityResourceID: /subscriptions/00000000-0000-0000-0000-00000000/resourcegroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/ diff --git a/hack/create-dev-cluster.sh b/hack/create-dev-cluster.sh index 7fe3d6a92eb..12643e46ff1 100755 --- a/hack/create-dev-cluster.sh +++ b/hack/create-dev-cluster.sh @@ -53,7 +53,7 @@ export CONTROL_PLANE_MACHINE_COUNT=${CONTROL_PLANE_MACHINE_COUNT:-3} export AZURE_CONTROL_PLANE_MACHINE_TYPE="${CONTROL_PLANE_MACHINE_TYPE:-Standard_B2s}" export AZURE_NODE_MACHINE_TYPE="${NODE_MACHINE_TYPE:-Standard_B2s}" export WORKER_MACHINE_COUNT=${WORKER_MACHINE_COUNT:-2} -export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.33.6}" +export KUBERNETES_VERSION="${KUBERNETES_VERSION:-v1.35.4}" export CLUSTER_TEMPLATE="${CLUSTER_TEMPLATE:-cluster-template.yaml}" # identity secret settings. diff --git a/templates/flavors/README.md b/templates/flavors/README.md index a619e33282a..2120d999e77 100644 --- a/templates/flavors/README.md +++ b/templates/flavors/README.md @@ -4,7 +4,7 @@ In `clusterctl` the infrastructure provider authors can provide different type o or flavors; use the --flavor flag to specify which flavor to use; e.g ```shell -clusterctl generate cluster my-cluster --kubernetes-version v1.33.6 \ +clusterctl generate cluster my-cluster --kubernetes-version v1.35.4 \ --flavor private > my-cluster.yaml ``` @@ -66,7 +66,7 @@ worker-templates: AZURE_LOCATION: eastus AZURE_RESOURCE_GROUP: test-resource-group-name CONTROL_PLANE_MACHINE_COUNT: "1" - KUBERNETES_VERSION: v1.33.6 + KUBERNETES_VERSION: v1.35.4 AZURE_CONTROL_PLANE_MACHINE_TYPE: Standard_B2s WORKER_MACHINE_COUNT: "2" AZURE_NODE_MACHINE_TYPE: Standard_B2s @@ -88,6 +88,6 @@ worker-templates: metadata: AZURE_CONTROL_PLANE_MACHINE_TYPE: Standard_B2s AZURE_LOCATION: southcentralus - KUBERNETES_VERSION: v1.33.6 + KUBERNETES_VERSION: v1.35.4 WORKER_MACHINE_COUNT: "1" ``` diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index a92b9e58317..5e45a878660 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -259,17 +259,17 @@ providers: variables: AKS_KUBERNETES_VERSION: "latest" AKS_KUBERNETES_VERSION_UPGRADE_FROM: "latest-1" - KUBERNETES_VERSION: "${KUBERNETES_VERSION:-stable-1.33}" - KUBERNETES_VERSION_API_UPGRADE_FROM: "v1.32.10" + KUBERNETES_VERSION: "${KUBERNETES_VERSION:-stable-1.35}" + KUBERNETES_VERSION_API_UPGRADE_FROM: "${KUBERNETES_VERSION_API_UPGRADE_FROM:-stable-1.34}" # CAPZ_GALLERY_VERSION specifies the community gallery image version for the base node image. # This is separate from KUBERNETES_VERSION to allow testing custom Kubernetes builds with a # newer base image. Falls back to KUBERNETES_VERSION if not set. - CAPZ_GALLERY_VERSION: "${CAPZ_GALLERY_VERSION:-${KUBERNETES_VERSION:-stable-1.33}}" + CAPZ_GALLERY_VERSION: "${CAPZ_GALLERY_VERSION:-${KUBERNETES_VERSION:-stable-1.35}}" FLATCAR_VERSION: "${FLATCAR_VERSION:-latest}" ETCD_VERSION_UPGRADE_TO: "" # Use default COREDNS_VERSION_UPGRADE_TO: "" # Use default - KUBERNETES_VERSION_UPGRADE_TO: "${KUBERNETES_VERSION_UPGRADE_TO:-stable-1.33}" - KUBERNETES_VERSION_UPGRADE_FROM: "${KUBERNETES_VERSION_UPGRADE_FROM:-stable-1.32}" + KUBERNETES_VERSION_UPGRADE_TO: "${KUBERNETES_VERSION_UPGRADE_TO:-stable-1.35}" + KUBERNETES_VERSION_UPGRADE_FROM: "${KUBERNETES_VERSION_UPGRADE_FROM:-stable-1.34}" CNI: "${PWD}/templates/addons/calico.yaml" ADDONS_PATH: "${PWD}/templates/addons" REDACT_LOG_SCRIPT: "${PWD}/hack/log/redact.sh" From ec43dc07429e40d77493415faacfd933bb9c6661 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Mon, 20 Apr 2026 15:08:40 -0600 Subject: [PATCH 36/61] Use concrete semver for KUBERNETES_VERSION_API_UPGRADE_FROM The CAPI ClusterctlUpgradeSpec requires a semantic version for InitWithKubernetesVersion. Change the default from stable-1.34 to v1.34.7 so the apiversion-upgrade presubmit can parse the version. --- test/e2e/config/azure-dev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index 5e45a878660..e1219c5f977 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -260,7 +260,7 @@ variables: AKS_KUBERNETES_VERSION: "latest" AKS_KUBERNETES_VERSION_UPGRADE_FROM: "latest-1" KUBERNETES_VERSION: "${KUBERNETES_VERSION:-stable-1.35}" - KUBERNETES_VERSION_API_UPGRADE_FROM: "${KUBERNETES_VERSION_API_UPGRADE_FROM:-stable-1.34}" + KUBERNETES_VERSION_API_UPGRADE_FROM: "${KUBERNETES_VERSION_API_UPGRADE_FROM:-v1.34.7}" # CAPZ_GALLERY_VERSION specifies the community gallery image version for the base node image. # This is separate from KUBERNETES_VERSION to allow testing custom Kubernetes builds with a # newer base image. Falls back to KUBERNETES_VERSION if not set. From c8e476a23c7226499a8d8394dbcc05cc70f0dbba Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 21 Apr 2026 09:51:47 -0600 Subject: [PATCH 37/61] Bump cert-manager to v1.20.2 --- Tiltfile | 2 +- hack/install-cert-manager.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Tiltfile b/Tiltfile index d1d2f472aa4..6e7aadc5692 100644 --- a/Tiltfile +++ b/Tiltfile @@ -24,7 +24,7 @@ settings = { "kind_cluster_name": "capz", "capi_version": "v1.13.0-rc.0", "caaph_version": "v0.6.2", - "cert_manager_version": "v1.20.1", + "cert_manager_version": "v1.20.2", "kubernetes_version": "v1.35.4", "aks_kubernetes_version": "v1.30.2", "flatcar_version": "3374.2.1", diff --git a/hack/install-cert-manager.sh b/hack/install-cert-manager.sh index 1b5f2d64ff0..e1b90a535a7 100755 --- a/hack/install-cert-manager.sh +++ b/hack/install-cert-manager.sh @@ -54,7 +54,7 @@ source "${REPO_ROOT}/hack/common-vars.sh" make --directory="${REPO_ROOT}" "${KUBECTL##*/}" ## Install cert manager and wait for availability -"${KUBECTL}" apply -f https://github.com/jetstack/cert-manager/releases/download/v1.20.1/cert-manager.yaml +"${KUBECTL}" apply -f https://github.com/jetstack/cert-manager/releases/download/v1.20.2/cert-manager.yaml "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-cainjector "${KUBECTL}" wait --for=condition=Available --timeout=5m -n cert-manager deployment/cert-manager-webhook From ff8cf073fe916c2108b5eed2cb60bfb44647ef9f Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 21 Apr 2026 11:32:14 -0600 Subject: [PATCH 38/61] Bump CAPI to v1.13.0, old upgrade version to v1.12.7 --- Makefile | 2 +- Tiltfile | 2 +- .../getting-started-with-capi-operator.md | 2 +- go.mod | 4 +- go.sum | 8 ++-- hack/tools/go.mod | 2 +- hack/tools/go.sum | 4 +- test/e2e/config/azure-dev.yaml | 38 +++++++++---------- 8 files changed, 31 insertions(+), 31 deletions(-) diff --git a/Makefile b/Makefile index 0638fcc273d..18d7a5c0a78 100644 --- a/Makefile +++ b/Makefile @@ -365,7 +365,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create ./hack/create-custom-cloud-provider-config.sh # Deploy CAPI - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAAPH timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" diff --git a/Tiltfile b/Tiltfile index d1d2f472aa4..443eff3c6e2 100644 --- a/Tiltfile +++ b/Tiltfile @@ -22,7 +22,7 @@ settings = { "deploy_cert_manager": True, "preload_images_for_kind": True, "kind_cluster_name": "capz", - "capi_version": "v1.13.0-rc.0", + "capi_version": "v1.13.0", "caaph_version": "v0.6.2", "cert_manager_version": "v1.20.1", "kubernetes_version": "v1.35.4", diff --git a/docs/book/src/developers/getting-started-with-capi-operator.md b/docs/book/src/developers/getting-started-with-capi-operator.md index 4897c18ffbd..a30b27dd056 100644 --- a/docs/book/src/developers/getting-started-with-capi-operator.md +++ b/docs/book/src/developers/getting-started-with-capi-operator.md @@ -120,7 +120,7 @@ helm install cert-manager jetstack/cert-manager --namespace cert-manager --creat Create a `values.yaml` file for the CAPI Operator Helm chart like so: ```yaml -core: "cluster-api:v1.12.4" +core: "cluster-api:v1.13.0" infrastructure: "azure:v1.17.2" addon: "helm:v0.6.2" manager: diff --git a/go.mod b/go.mod index 81b75f7acda..35c6eb02ca1 100644 --- a/go.mod +++ b/go.mod @@ -56,8 +56,8 @@ require ( k8s.io/kubectl v0.34.2 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/cloud-provider-azure v1.34.3 - sigs.k8s.io/cluster-api v1.13.0-rc.1 - sigs.k8s.io/cluster-api/test v1.13.0-rc.1 + sigs.k8s.io/cluster-api v1.13.0 + sigs.k8s.io/cluster-api/test v1.13.0 sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/kind v0.31.0 ) diff --git a/go.sum b/go.sum index 7f1c5b5b3f1..058ecffa576 100644 --- a/go.sum +++ b/go.sum @@ -584,10 +584,10 @@ sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 h1:7vEaYwdsvOz1OBAtEm6vyc4K sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2/go.mod h1:BgPOvGEdPTyaIWREF7pywm6teBhO3fNVQ+CTPYyr/5w= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 h1:Sy+dyfxemdQaz/UfJYWzALlbLdEaZ7IoKn93JXTqWYs= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4/go.mod h1:RgIi9n/PhULbvPjYZGsjP2zWJf1ZEd1qyA0CYUuSgcE= -sigs.k8s.io/cluster-api v1.13.0-rc.1 h1:AHzLoinv1AuuMkBwAfWeSDV+JsPubAB7BgaKqoQpSB4= -sigs.k8s.io/cluster-api v1.13.0-rc.1/go.mod h1:DNgWpqSGIc8tWI4vwCbgLhDcnDNuDZ2L/FQur4ulAW0= -sigs.k8s.io/cluster-api/test v1.13.0-rc.1 h1:QyrDjSShQILiOctO6NHYU67gl1qJoS3ypNHI4SVkQKo= -sigs.k8s.io/cluster-api/test v1.13.0-rc.1/go.mod h1:uN9BzpjtzUwDr9nClw95VldtT3L97ZsKiA/z5Dde3Rk= +sigs.k8s.io/cluster-api v1.13.0 h1:xX0vAQ/a9mv0OwW+Tlx/EqmIdPHQAMp+T+gxalSZ3gc= +sigs.k8s.io/cluster-api v1.13.0/go.mod h1:DNgWpqSGIc8tWI4vwCbgLhDcnDNuDZ2L/FQur4ulAW0= +sigs.k8s.io/cluster-api/test v1.13.0 h1:1MWOFmL4YzJDIvd3mPqOIIm0T/RSw6O7Ugge94vhBws= +sigs.k8s.io/cluster-api/test v1.13.0/go.mod h1:uN9BzpjtzUwDr9nClw95VldtT3L97ZsKiA/z5Dde3Rk= sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 3bac4e13808..1aacfb6b49a 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -4,7 +4,7 @@ go 1.25.0 toolchain go1.25.9 -require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb +require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index bfad558cc03..3e960d82a7b 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -82,8 +82,8 @@ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb h1:A0OltmsbqI6u3v5/3nElz9/86VmGajHAUlIzG0r4Mug= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260414142840-70c3dad9facb/go.mod h1:/gNJAf/oJ+1MId6ydMeUIFntI1mng8ZH0HTdVuJCC7o= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c h1:1KWb+zphK3devFi/geiLps3VhB8/5qxCmEGaVFXA5HQ= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c/go.mod h1:/gNJAf/oJ+1MId6ydMeUIFntI1mng8ZH0HTdVuJCC7o= sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs= sigs.k8s.io/controller-tools v0.20.1/go.mod h1:b4qPmjGU3iZwqn34alUU5tILhNa9+VXK+J3QV0fT/uU= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index e1219c5f977..d5f1d6db9fd 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -3,17 +3,17 @@ managementClusterName: capz-e2e images: - name: ${MANAGER_IMAGE} loadBehavior: mustLoad - - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.0-rc.0 + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.0 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.0-rc.0 + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.0 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.4 + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.0-rc.0 + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.0 loadBehavior: tryLoad - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.2 loadBehavior: tryLoad @@ -31,8 +31,8 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/core-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/core-components.yaml type: url contract: v1beta2 files: @@ -42,8 +42,8 @@ providers: new: "imagePullPolicy: IfNotPresent" - old: "- --leader-elect" new: "- --leader-elect\n - --remote-connection-grace-period=3m" - - name: v1.13.0-rc.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/core-components.yaml + - name: v1.13.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/core-components.yaml type: url contract: v1beta2 files: @@ -66,8 +66,8 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/bootstrap-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/bootstrap-components.yaml type: url contract: v1beta2 files: @@ -75,8 +75,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.13.0-rc.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/bootstrap-components.yaml + - name: v1.13.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/bootstrap-components.yaml type: url contract: v1beta2 files: @@ -97,8 +97,8 @@ providers: new: --metrics-addr=:8080 files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" - - name: v1.12.4 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.4/control-plane-components.yaml + - name: v1.12.7 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.7/control-plane-components.yaml type: url contract: v1beta2 files: @@ -106,8 +106,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.13.0-rc.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0-rc.0/control-plane-components.yaml + - name: v1.13.0 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/control-plane-components.yaml type: url contract: v1beta2 files: @@ -296,7 +296,7 @@ variables: WINDOWS_CONTAINERD_URL: "${WINDOWS_CONTAINERD_URL:-}" AZURE_CNI_V1_MANIFEST_PATH: "${PWD}/templates/addons/azure-cni-v1.yaml" OLD_CAPI_UPGRADE_VERSION: "v1.11.7" - LATEST_CAPI_UPGRADE_VERSION: "v1.12.4" + LATEST_CAPI_UPGRADE_VERSION: "v1.12.7" OLD_PROVIDER_UPGRADE_VERSION: "v1.22.2" LATEST_PROVIDER_UPGRADE_VERSION: "v1.23.0" OLD_CAAPH_UPGRADE_VERSION: "v0.5.3" From e9c0a3ad888b51ce0ffedde66606cfeecde29909 Mon Sep 17 00:00:00 2001 From: William Yao Date: Wed, 22 Apr 2026 10:45:18 -0700 Subject: [PATCH 39/61] Add multi zone template for Cloud Provider Azure CI Signed-off-by: William Yao --- ...ow-machine-pool-ci-version-multi-zone.yaml | 635 ++++++++++++++++++ .../kustomization.yaml | 10 + .../patches/machine-pool-multi-zone.yaml | 10 + 3 files changed, 655 insertions(+) create mode 100644 templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml create mode 100644 templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml create mode 100644 templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml new file mode 100644 index 00000000000..a123b7b77b7 --- /dev/null +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml @@ -0,0 +1,635 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + labels: + cloud-provider: ${CLOUD_PROVIDER_AZURE_LABEL:=azure} + cni: calico + name: ${CLUSTER_NAME} + namespace: default +spec: + clusterNetwork: + pods: + cidrBlocks: + - 192.168.0.0/16 + controlPlaneRef: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlane + name: ${CLUSTER_NAME}-control-plane + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + additionalTags: + buildProvenance: ${BUILD_PROVENANCE} + creationTimestamp: ${TIMESTAMP} + jobName: ${JOB_NAME} + identityRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterIdentity + name: ${CLUSTER_IDENTITY_NAME} + location: ${AZURE_LOCATION} + networkSpec: + subnets: + - name: control-plane-subnet + role: control-plane + - name: node-subnet + role: node + vnet: + name: ${AZURE_VNET_NAME:=${CLUSTER_NAME}-vnet} + resourceGroup: ${AZURE_RESOURCE_GROUP:=${CLUSTER_NAME}} + subscriptionID: ${AZURE_SUBSCRIPTION_ID} +--- +apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +kind: KubeadmControlPlane +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + kubeadmConfigSpec: + clusterConfiguration: + apiServer: + extraArgs: {} + timeoutForControlPlane: 20m + controllerManager: + extraArgs: + allocate-node-cidrs: "false" + cloud-provider: external + cluster-name: ${CLUSTER_NAME} + v: "4" + etcd: + local: + dataDir: /var/lib/etcddisk/etcd + extraArgs: + quota-backend-bytes: "8589934592" + kubernetesVersion: ci/${CI_VERSION} + diskSetup: + filesystems: + - device: /dev/disk/azure/scsi1/lun0 + extraOpts: + - -E + - lazy_itable_init=1,lazy_journal_init=1 + filesystem: ext4 + label: etcd_disk + - device: ephemeral0.1 + filesystem: ext4 + label: ephemeral0 + replaceFS: ntfs + partitions: + - device: /dev/disk/azure/scsi1/lun0 + layout: true + overwrite: false + tableType: gpt + files: + - contentFrom: + secret: + key: control-plane-azure.json + name: ${CLUSTER_NAME}-control-plane-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # Run the az login command with managed identity + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + echo "Use OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + else + echo "Using curl to download the OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + fi + owner: root:root + path: /tmp/oot-cred-provider.sh + permissions: "0744" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # This test installs release packages or binaries that are a result of the CI and release builds. + # It runs '... --version' commands to verify that the binaries are correctly installed + # and finally uninstalls the packages. + # For the release packages it tests all versions in the support skew. + LINE_SEPARATOR="*************************************************" + echo "$${LINE_SEPARATOR}" + CI_VERSION=${CI_VERSION} + + # Note: We assume if kubectl has the right version, everything else has as well + if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then + echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" + exit 0 + fi + if [[ "$${CI_VERSION}" != "" ]]; then + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" + # Set CI_URL to the released binaries for actually released versions. + if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then + CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + fi + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev + # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl + echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" + wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done + + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io + fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done + fi + echo "* checking binary versions" + echo "ctr version: " "$(ctr version)" + echo "kubeadm version: " "$(kubeadm version -o=short)" + echo "kubectl version: " "$(kubectl version --client=true)" + echo "kubelet version: " "$(kubelet --version)" + echo "$${LINE_SEPARATOR}" + owner: root:root + path: /tmp/kubeadm-bootstrap.sh + permissions: "0744" + initConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + mounts: + - - LABEL=etcd_disk + - /var/lib/etcddisk + postKubeadmCommands: [] + preKubeadmCommands: + - bash -c /tmp/oot-cred-provider.sh + - bash -c /tmp/kubeadm-bootstrap.sh + verbosity: 5 + machineTemplate: + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + name: ${CLUSTER_NAME}-control-plane + replicas: ${CONTROL_PLANE_MACHINE_COUNT:=1} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachineTemplate +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + template: + spec: + dataDisks: + - diskSizeGB: 256 + lun: 0 + nameSuffix: etcddisk + identity: UserAssigned + image: + computeGallery: + gallery: ClusterAPI-f72ceb4f-5159-4c26-a0fe-2ea738f0d019 + name: capi-ubun2-2404 + version: latest + osDisk: + diskSizeGB: 128 + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + userAssignedIdentities: + - providerID: azure:///subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} + vmSize: ${AZURE_CONTROL_PLANE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + failureDomains: + - "1" + - "2" + - "3" + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: + labels: + nodepool: pool1 + spec: + bootstrap: + configRef: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfig + name: ${CLUSTER_NAME}-mp-0 + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachinePool + name: ${CLUSTER_NAME}-mp-0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureMachinePool +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + identity: UserAssigned + location: ${AZURE_LOCATION} + strategy: + rollingUpdate: + deletePolicy: Oldest + maxSurge: 25% + maxUnavailable: 1 + type: RollingUpdate + template: + image: + computeGallery: + gallery: ClusterAPI-f72ceb4f-5159-4c26-a0fe-2ea738f0d019 + name: capi-ubun2-2404 + version: latest + osDisk: + diskSizeGB: 30 + managedDisk: + storageAccountType: Premium_LRS + osType: Linux + sshPublicKey: ${AZURE_SSH_PUBLIC_KEY_B64:=""} + vmExtensions: + - name: CustomScript + protectedSettings: + commandToExecute: | + #!/bin/sh + echo "This script is a no-op used for extension testing purposes ..." + touch test_file + publisher: Microsoft.Azure.Extensions + version: "2.1" + vmSize: ${AZURE_NODE_MACHINE_TYPE} + userAssignedIdentities: + - providerID: azure:///subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${CI_RG:=capz-ci}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/${USER_IDENTITY:=cloud-provider-user-identity} +--- +apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +kind: KubeadmConfig +metadata: + name: ${CLUSTER_NAME}-mp-0 + namespace: default +spec: + files: + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # Run the az login command with managed identity + if az login --identity > /dev/null 2>&1; then + echo "Logged in Azure with managed identity" + echo "Use OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" -f /var/lib/kubelet/credential-provider/acr-credential-provider --auth-mode login + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + az storage blob download --blob-url "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" -f /var/lib/kubelet/credential-provider-config.yaml --auth-mode login + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + else + echo "Using curl to download the OOT credential provider" + mkdir -p /var/lib/kubelet/credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider/acr-credential-provider "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/azure-acr-credential-provider" + chmod 755 /var/lib/kubelet/credential-provider/acr-credential-provider + curl --retry 10 --retry-delay 5 -w "response status code is %{http_code}" -Lo /var/lib/kubelet/credential-provider-config.yaml "https://${AZURE_STORAGE_ACCOUNT}.blob.core.windows.net/${AZURE_BLOB_CONTAINER_NAME}/${IMAGE_TAG_ACR_CREDENTIAL_PROVIDER}/credential-provider-config.yaml" + chmod 644 /var/lib/kubelet/credential-provider-config.yaml + fi + owner: root:root + path: /tmp/oot-cred-provider.sh + permissions: "0744" + - content: | + #!/bin/bash + + set -o nounset + set -o pipefail + set -o errexit + [[ $(id -u) != 0 ]] && SUDO="sudo" || SUDO="" + + # This test installs release packages or binaries that are a result of the CI and release builds. + # It runs '... --version' commands to verify that the binaries are correctly installed + # and finally uninstalls the packages. + # For the release packages it tests all versions in the support skew. + LINE_SEPARATOR="*************************************************" + echo "$${LINE_SEPARATOR}" + CI_VERSION=${CI_VERSION} + + # Note: We assume if kubectl has the right version, everything else has as well + if [[ $(kubectl version --client=true -o json | jq '.clientVersion.gitVersion' -r) = "$${CI_VERSION}" ]]; then + echo "Detected Kubernetes $${CI_VERSION} via kubectl version, nothing to do" + exit 0 + fi + if [[ "$${CI_VERSION}" != "" ]]; then + CI_DIR=/tmp/k8s-ci + mkdir -p "$${CI_DIR}" + declare -a PACKAGES_TO_TEST=("kubectl" "kubelet" "kubeadm") + # Let's just also download the control plane images for worker nodes. It's easier then optimizing it. + declare -a CONTAINERS_TO_TEST=("kube-apiserver" "kube-controller-manager" "kube-proxy" "kube-scheduler") + CONTAINER_EXT="tar" + echo "* testing version $${CI_VERSION}" + CI_URL="https://dl.k8s.io/ci/$${CI_VERSION}/bin/linux/amd64" + # Set CI_URL to the released binaries for actually released versions. + if [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$${CI_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+-(beta|rc).[0-9]+$ ]]; then + CI_URL="https://dl.k8s.io/release/$${CI_VERSION}/bin/linux/amd64" + fi + for CI_PACKAGE in "$${PACKAGES_TO_TEST[@]}"; do + # Browser: https://console.cloud.google.com/storage/browser/k8s-release-dev?project=k8s-release-dev + # e.g.: https://storage.googleapis.com/k8s-release-dev/ci/v1.21.0-beta.1.378+cf3374e43491c5/bin/linux/amd64/kubectl + echo "* downloading binary: $${CI_URL}/$${CI_PACKAGE}" + wget --inet4-only "$${CI_URL}/$${CI_PACKAGE}" -O "$${CI_DIR}/$${CI_PACKAGE}" + chmod +x "$${CI_DIR}/$${CI_PACKAGE}" + mv "$${CI_DIR}/$${CI_PACKAGE}" "/usr/bin/$${CI_PACKAGE}" + done + + systemctl restart kubelet + IMAGE_REGISTRY_PREFIX=registry.k8s.io + # Kubernetes builds from 1.20 through 1.24 are tagged with k8s.gcr.io + if [[ "$${CI_VERSION}" =~ ^v1\.(1[0-9]|2[0-4])[\.[0-9]+ ]]; then + IMAGE_REGISTRY_PREFIX=k8s.gcr.io + fi + for CI_CONTAINER in "$${CONTAINERS_TO_TEST[@]}"; do + echo "* downloading package: $${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + wget --inet4-only "$${CI_URL}/$${CI_CONTAINER}.$${CONTAINER_EXT}" -O "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" + $${SUDO} ctr -n k8s.io images import "$${CI_DIR}/$${CI_CONTAINER}.$${CONTAINER_EXT}" || echo "* ignoring expected 'ctr images import' result" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + $${SUDO} ctr -n k8s.io images tag "$${IMAGE_REGISTRY_PREFIX}/$${CI_CONTAINER}-amd64:$${CI_VERSION//+/_}" "gcr.io/k8s-staging-ci-images/$${CI_CONTAINER}:$${CI_VERSION//+/_}" + done + fi + echo "* checking binary versions" + echo "ctr version: " "$(ctr version)" + echo "kubeadm version: " "$(kubeadm version -o=short)" + echo "kubectl version: " "$(kubectl version --client=true)" + echo "kubelet version: " "$(kubelet --version)" + echo "$${LINE_SEPARATOR}" + owner: root:root + path: /tmp/kubeadm-bootstrap.sh + permissions: "0744" + - contentFrom: + secret: + key: worker-node-azure.json + name: ${CLUSTER_NAME}-mp-0-azure-json + owner: root:root + path: /etc/kubernetes/azure.json + permissions: "0644" + joinConfiguration: + nodeRegistration: + kubeletExtraArgs: + cloud-provider: external + image-credential-provider-bin-dir: /var/lib/kubelet/credential-provider + image-credential-provider-config: /var/lib/kubelet/credential-provider-config.yaml + name: '{{ ds.meta_data["local_hostname"] }}' + preKubeadmCommands: + - bash -c /tmp/oot-cred-provider.sh + - bash -c /tmp/kubeadm-bootstrap.sh +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureClusterIdentity +metadata: + labels: + clusterctl.cluster.x-k8s.io/move-hierarchy: "true" + name: ${CLUSTER_IDENTITY_NAME} + namespace: default +spec: + allowedNamespaces: {} + clientID: ${AZURE_CLIENT_ID_USER_ASSIGNED_IDENTITY} + tenantID: ${AZURE_TENANT_ID} + type: ${CLUSTER_IDENTITY_TYPE:=WorkloadIdentity} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: ${CLUSTER_NAME}-control-plane + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + maxUnhealthy: 100% + selector: + matchLabels: + cluster.x-k8s.io/control-plane: "" + unhealthyConditions: + - status: Unknown + timeout: 300s + type: Ready + - status: "False" + timeout: 300s + type: Ready +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachineHealthCheck +metadata: + name: ${CLUSTER_NAME}-mhc-0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + maxUnhealthy: 100% + selector: + matchLabels: + nodepool: pool1 + unhealthyConditions: + - status: "True" + timeout: 30s + type: E2ENodeUnhealthy +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: calico + namespace: default +spec: + chartName: tigera-operator + clusterSelector: + matchLabels: + cni: calico + namespace: tigera-operator + releaseName: projectcalico + repoURL: https://docs.tigera.io/calico/charts + valuesTemplate: | + installation: + cni: + type: Calico + ipam: + type: Calico + calicoNetwork: + bgp: Disabled + windowsDataplane: HNS + mtu: 1350 + ipPools:{{range $i, $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }} + - cidr: {{ $cidr }} + encapsulation: VXLAN{{end}} + typhaDeployment: + spec: + template: + spec: + # By default, typha tolerates all NoSchedule taints. This breaks + # scale-ins when it continuously gets scheduled onto an + # out-of-date Node that is being deleted. Tolerate only the + # NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists + registry: capzcicommunity.azurecr.io + serviceCIDRs: + - 10.96.0.0/12 # must match cluster service CIDR (this is the default) + # Image and registry configuration for the tigera/operator pod + tigeraOperator: + image: tigera/operator + registry: capzcicommunity.azurecr.io + calicoctl: + image: capzcicommunity.azurecr.io/calico/ctl + # when kubernetesServiceEndpoint (required for windows) is added + # DNS configuration is needed to look up the api server name properly + # https://github.com/projectcalico/calico/issues/9536 + dnsConfig: + nameservers: + - 127.0.0.53 + options: + - name: edns0 + - name: trust-ad + kubernetesServiceEndpoint: + host: "{{ .Cluster.spec.controlPlaneEndpoint.host }}" + port: "{{ .Cluster.spec.controlPlaneEndpoint.port }}" + # By default, tigera tolerates all NoSchedule taints. This breaks upgrades + # when it continuously gets scheduled onto an out-of-date Node that is being + # deleted. Tolerate only the NoSchedule taints that are expected. + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/not-ready + operator: Exists + version: ${CALICO_VERSION} +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: azuredisk-csi-driver-chart + namespace: default +spec: + chartName: azuredisk-csi-driver + clusterSelector: + matchLabels: + azuredisk-csi: "true" + namespace: kube-system + releaseName: azuredisk-csi-driver-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/azuredisk-csi-driver/master/charts + valuesTemplate: |- + controller: + replicas: 1 + runOnControlPlane: true + windows: + useHostProcessContainers: {{ hasKey .Cluster.metadata.labels "cni-windows" }} +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: cloud-provider-azure-chart + namespace: default +spec: + chartName: cloud-provider-azure + clusterSelector: + matchLabels: + cloud-provider: azure + releaseName: cloud-provider-azure-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo + valuesTemplate: | + infra: + clusterName: {{ .Cluster.metadata.name }} + cloudControllerManager: + clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} + logVerbosity: 4 +--- +apiVersion: addons.cluster.x-k8s.io/v1alpha1 +kind: HelmChartProxy +metadata: + name: cloud-provider-azure-chart-ci + namespace: default +spec: + chartName: cloud-provider-azure + clusterSelector: + matchLabels: + cloud-provider: azure-ci + releaseName: cloud-provider-azure-oot + repoURL: https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo + valuesTemplate: | + infra: + clusterName: {{ .Cluster.metadata.name }} + cloudControllerManager: + cloudConfig: ${CLOUD_CONFIG:-"/etc/kubernetes/azure.json"} + cloudConfigSecretName: ${CONFIG_SECRET_NAME:-""} + clusterCIDR: {{ .Cluster.spec.clusterNetwork.pods.cidrBlocks | join "," }} + imageName: "${CCM_IMAGE_NAME:-""}" + imageRepository: "${IMAGE_REGISTRY:-""}" + imageTag: "${IMAGE_TAG_CCM:-""}" + logVerbosity: ${CCM_LOG_VERBOSITY:-4} + replicas: ${CCM_COUNT:-1} + enableDynamicReloading: ${ENABLE_DYNAMIC_RELOADING:-false} + cloudNodeManager: + imageName: "${CNM_IMAGE_NAME:-""}" + imageRepository: "${IMAGE_REGISTRY:-""}" + imageTag: "${IMAGE_TAG_CNM:-""}" diff --git a/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml new file mode 100644 index 00000000000..5f6b93039b7 --- /dev/null +++ b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: +- ../prow-machine-pool-ci-version +patches: +- path: patches/machine-pool-multi-zone.yaml + +sortOptions: + order: fifo diff --git a/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml new file mode 100644 index 00000000000..f134e2009a2 --- /dev/null +++ b/templates/test/ci/prow-machine-pool-ci-version-multi-zone/patches/machine-pool-multi-zone.yaml @@ -0,0 +1,10 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: "${CLUSTER_NAME}-mp-0" + namespace: default +spec: + failureDomains: + - "1" + - "2" + - "3" From 5f7f9dd9687e1bebf30ce7843c2584f726dfe689 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 23 Apr 2026 11:24:12 -0600 Subject: [PATCH 40/61] Add release notes for v1.22.3 --- CHANGELOG/v1.22.3.md | 64 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 CHANGELOG/v1.22.3.md diff --git a/CHANGELOG/v1.22.3.md b/CHANGELOG/v1.22.3.md new file mode 100644 index 00000000000..00e74342fef --- /dev/null +++ b/CHANGELOG/v1.22.3.md @@ -0,0 +1,64 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.11.10 ([#6249](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6249), [@mboersma](https://github.com/mboersma)) + + +## Dependencies + +### Added +- github.com/moby/moby/api: [v1.54.1](https://github.com/moby/moby/tree/api/v1.54.1) +- github.com/moby/moby/client: [v0.4.0](https://github.com/moby/moby/tree/client/v0.4.0) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/Azure/go-ansiterm: [306776e → faa5f7b](https://github.com/Azure/go-ansiterm/compare/306776e...faa5f7b) +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-connections: [v0.5.0 → v0.6.0](https://github.com/docker/go-connections/compare/v0.5.0...v0.6.0) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/emicklei/go-restful/v3: [v3.12.2 → v3.13.0](https://github.com/emicklei/go-restful/compare/v3.12.2...v3.13.0) +- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.27.7 → v2.28.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.27.7...v2.28.0) +- github.com/moby/term: [v0.5.0 → v0.5.2](https://github.com/moby/term/compare/v0.5.0...v0.5.2) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/metric: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.40.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.40.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- golang.org/x/crypto: v0.47.0 → v0.49.0 +- golang.org/x/mod: v0.32.0 → v0.33.0 +- golang.org/x/net: v0.49.0 → v0.52.0 +- golang.org/x/oauth2: v0.34.0 → v0.35.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.40.0 → v0.42.0 +- golang.org/x/telemetry: 8fff8a5 → e7419c6 +- golang.org/x/term: v0.39.0 → v0.41.0 +- golang.org/x/text: v0.33.0 → v0.35.0 +- golang.org/x/tools: v0.40.0 → v0.42.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 8636f87 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 8636f87 → 9d38bb4 +- google.golang.org/grpc: v1.79.3 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- sigs.k8s.io/cluster-api/test: v1.11.7 → v1.11.10 +- sigs.k8s.io/cluster-api: v1.11.7 → v1.11.10 + +### Removed +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.3.3+incompatible](https://github.com/docker/docker/tree/v28.3.3) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.2...v1.22.3 From edfcf737c0591fabf5124622a4df1a220ae3eb22 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 23 Apr 2026 13:52:44 -0600 Subject: [PATCH 41/61] Add release notes for v1.22.4 --- CHANGELOG/{v1.22.3.md => v1.22.4.md} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename CHANGELOG/{v1.22.3.md => v1.22.4.md} (99%) diff --git a/CHANGELOG/v1.22.3.md b/CHANGELOG/v1.22.4.md similarity index 99% rename from CHANGELOG/v1.22.3.md rename to CHANGELOG/v1.22.4.md index 00e74342fef..af6449c67d0 100644 --- a/CHANGELOG/v1.22.3.md +++ b/CHANGELOG/v1.22.4.md @@ -4,7 +4,6 @@ - Bump CAPI to v1.11.10 ([#6249](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6249), [@mboersma](https://github.com/mboersma)) - ## Dependencies ### Added @@ -61,4 +60,4 @@ ## Details -https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.2...v1.22.3 +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.22.2...v1.22.4 From d06851e13745660eaadf053c6437c4fc464143a0 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 23 Apr 2026 14:02:00 -0600 Subject: [PATCH 42/61] Add release notes for v1.23.1 (#6254) --- CHANGELOG/v1.23.1.md | 57 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 CHANGELOG/v1.23.1.md diff --git a/CHANGELOG/v1.23.1.md b/CHANGELOG/v1.23.1.md new file mode 100644 index 00000000000..395db54068b --- /dev/null +++ b/CHANGELOG/v1.23.1.md @@ -0,0 +1,57 @@ +## Changes by Kind + +### Other (Cleanup or Flake) + +- Bump CAPI to v1.12.7 ([#6250](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6250), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- github.com/moby/moby/api: [v1.54.1](https://github.com/moby/moby/tree/api/v1.54.1) +- github.com/moby/moby/client: [v0.4.0](https://github.com/moby/moby/tree/client/v0.4.0) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/coredns/corefile-migration: [v1.0.30 → v1.0.31](https://github.com/coredns/corefile-migration/compare/v1.0.30...v1.0.31) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.41.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- golang.org/x/crypto: v0.48.0 → v0.49.0 +- golang.org/x/net: v0.50.0 → v0.52.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.41.0 → v0.42.0 +- golang.org/x/telemetry: bd525da → e7419c6 +- golang.org/x/term: v0.40.0 → v0.41.0 +- golang.org/x/text: v0.34.0 → v0.35.0 +- golang.org/x/tools: v0.41.0 → v0.42.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 4cfbd41 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 4cfbd41 → 9d38bb4 +- google.golang.org/grpc: v1.79.1 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- sigs.k8s.io/cluster-api/test: v1.12.4 → v1.12.7 +- sigs.k8s.io/cluster-api: v1.12.4 → v1.12.7 + +### Removed +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.5.2+incompatible](https://github.com/docker/docker/tree/v28.5.2) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.23.0...v1.23.1 From 17444b54975e1c9e52c296e1e66745459ee365ec Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Thu, 23 Apr 2026 16:08:45 -0600 Subject: [PATCH 43/61] Bump Azure Service Operator from v2.13.0 to v2.16.0 (#6238) * Bump Azure Service Operator from v2.13.0 to v2.14.0 - Remove startup probe patches from kustomization.yaml (ASO v2.14.0 ships its own startup probe) - Regenerate ASO CRDs * Bump Azure Service Operator from v2.14.0 to v2.15.1 - Regenerate ASO CRDs - No breaking changes in this release * Bump Azure Service Operator from v2.15.1 to v2.16.0 ASO v2.16.0 removes the v1api20210501 and v1api20231102preview API versions. - Remove v1api20210501 import and scheme registration from main.go (only used for scheme registration, no functional code) - Migrate preview API from v1api20231102preview to v1api20240402preview in agentpools, managedclusters, controllers, mutators, and e2e tests - Update hub storage version from v1api20240901/storage to v1api20250801/storage (new conversion hub in ASO v2.16.0) - Regenerate ASO CRDs --- azure/converters/managedagentpool.go | 8 +- azure/converters/managedagentpool_test.go | 2 +- azure/services/agentpools/agentpools.go | 2 +- azure/services/agentpools/agentpools_test.go | 2 +- azure/services/agentpools/spec.go | 4 +- azure/services/agentpools/spec_test.go | 2 +- .../managedclusters/managedclusters.go | 2 +- .../managedclusters/managedclusters_test.go | 2 +- azure/services/managedclusters/spec.go | 4 +- azure/services/managedclusters/spec_test.go | 2 +- azure/services/privateendpoints/spec_test.go | 2 +- config/aso/crds.yaml | 51971 ++++++++-------- config/aso/kustomization.yaml | 20 +- .../azuremanagedmachinepool_reconciler.go | 2 +- go.mod | 11 +- go.sum | 60 +- main.go | 4 - pkg/mutators/azureasomanagedcontrolplane.go | 8 +- .../azureasomanagedcontrolplane_test.go | 2 +- test/e2e/aks_patches.go | 2 +- test/e2e/azure_clusterproxy.go | 2 +- 21 files changed, 25346 insertions(+), 26768 deletions(-) diff --git a/azure/converters/managedagentpool.go b/azure/converters/managedagentpool.go index cc29b7f29bf..b515882d0d8 100644 --- a/azure/converters/managedagentpool.go +++ b/azure/converters/managedagentpool.go @@ -23,7 +23,7 @@ import ( // then updated to the user-defined value. If the field is immutable, this // update will fail. The linter should catch if there are missing fields, // but verify that check is actually working. - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "k8s.io/utils/ptr" ) @@ -40,12 +40,15 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma EnableFIPS: properties.EnableFIPS, EnableNodePublicIP: properties.EnableNodePublicIP, EnableUltraSSD: properties.EnableUltraSSD, + GatewayProfile: properties.GatewayProfile, GpuInstanceProfile: properties.GpuInstanceProfile, + GpuProfile: properties.GpuProfile, HostGroupReference: properties.HostGroupReference, KubeletConfig: properties.KubeletConfig, KubeletDiskType: properties.KubeletDiskType, LinuxOSConfig: properties.LinuxOSConfig, MaxCount: properties.MaxCount, + MessageOfTheDay: properties.MessageOfTheDay, MaxPods: properties.MaxPods, MinCount: properties.MinCount, Mode: properties.Mode, @@ -59,6 +62,7 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma OsDiskType: properties.OsDiskType, OsSKU: properties.OsSKU, OsType: properties.OsType, + PodIPAllocationMode: properties.PodIPAllocationMode, PodSubnetReference: properties.PodSubnetReference, PowerState: properties.PowerState, PropertyBag: properties.PropertyBag, @@ -71,6 +75,8 @@ func AgentPoolToManagedClusterAgentPoolProfile(pool *asocontainerservicev1hub.Ma Tags: properties.Tags, Type: properties.Type, UpgradeSettings: properties.UpgradeSettings, + VirtualMachineNodesStatus: properties.VirtualMachineNodesStatus, + VirtualMachinesProfile: properties.VirtualMachinesProfile, VmSize: properties.VmSize, VnetSubnetReference: properties.VnetSubnetReference, WindowsProfile: properties.WindowsProfile, diff --git a/azure/converters/managedagentpool_test.go b/azure/converters/managedagentpool_test.go index c03b13eaaa5..ed331380078 100644 --- a/azure/converters/managedagentpool_test.go +++ b/azure/converters/managedagentpool_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" . "github.com/onsi/gomega" "k8s.io/utils/ptr" diff --git a/azure/services/agentpools/agentpools.go b/azure/services/agentpools/agentpools.go index a9e7e7d3177..79e1f0d2255 100644 --- a/azure/services/agentpools/agentpools.go +++ b/azure/services/agentpools/agentpools.go @@ -19,7 +19,7 @@ package agentpools import ( "context" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "k8s.io/utils/ptr" clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" diff --git a/azure/services/agentpools/agentpools_test.go b/azure/services/agentpools/agentpools_test.go index d121fd31fac..8009694a671 100644 --- a/azure/services/agentpools/agentpools_test.go +++ b/azure/services/agentpools/agentpools_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/gomega" "github.com/pkg/errors" "go.uber.org/mock/gomock" diff --git a/azure/services/agentpools/spec.go b/azure/services/agentpools/spec.go index 57d72c71d7d..64f16a46d6d 100644 --- a/azure/services/agentpools/spec.go +++ b/azure/services/agentpools/spec.go @@ -20,8 +20,8 @@ import ( "context" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/azure/services/agentpools/spec_test.go b/azure/services/agentpools/spec_test.go index 7784d5ad0d6..f478a9b1914 100644 --- a/azure/services/agentpools/spec_test.go +++ b/azure/services/agentpools/spec_test.go @@ -20,7 +20,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/azure/services/managedclusters/managedclusters.go b/azure/services/managedclusters/managedclusters.go index 3b50cff0cf6..747df015d08 100644 --- a/azure/services/managedclusters/managedclusters.go +++ b/azure/services/managedclusters/managedclusters.go @@ -21,7 +21,7 @@ import ( "fmt" "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" diff --git a/azure/services/managedclusters/managedclusters_test.go b/azure/services/managedclusters/managedclusters_test.go index 02417242886..f5fcebfed1d 100644 --- a/azure/services/managedclusters/managedclusters_test.go +++ b/azure/services/managedclusters/managedclusters_test.go @@ -21,7 +21,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/gomega" "go.uber.org/mock/gomock" corev1 "k8s.io/api/core/v1" diff --git a/azure/services/managedclusters/spec.go b/azure/services/managedclusters/spec.go index cd350460d8b..497e1aeed74 100644 --- a/azure/services/managedclusters/spec.go +++ b/azure/services/managedclusters/spec.go @@ -24,8 +24,8 @@ import ( "sort" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/pkg/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/azure/services/managedclusters/spec_test.go b/azure/services/managedclusters/spec_test.go index 7886b10b80c..700de17542e 100644 --- a/azure/services/managedclusters/spec_test.go +++ b/azure/services/managedclusters/spec_test.go @@ -21,7 +21,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/azure/services/privateendpoints/spec_test.go b/azure/services/privateendpoints/spec_test.go index 933271e635e..0552c3060e6 100644 --- a/azure/services/privateendpoints/spec_test.go +++ b/azure/services/privateendpoints/spec_test.go @@ -102,7 +102,7 @@ var ( }, } - fakeASOPrivateEndpointsStatus = asonetworkv1.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded{ + fakeASOPrivateEndpointsStatus = asonetworkv1.PrivateEndpoint_STATUS{ ApplicationSecurityGroups: []asonetworkv1.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded{ { Id: ptr.To(fakePrivateEndpoint.ApplicationSecurityGroups[0]), diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index 093ed7a676f..e815101e8ac 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -3,10 +3,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: bastionhosts.network.azure.com spec: conversion: @@ -22,6 +22,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: BastionHost listKind: BastionHostList plural: bastionhosts @@ -1700,10 +1703,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: extensions.kubernetesconfiguration.azure.com spec: conversion: @@ -1719,6 +1722,9 @@ spec: - v1 group: kubernetesconfiguration.azure.com names: + categories: + - azure + - kubernetesconfiguration kind: Extension listKind: ExtensionList plural: extensions @@ -4173,10 +4179,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: fleetsmembers.containerservice.azure.com spec: conversion: @@ -4192,6 +4198,9 @@ spec: - v1 group: containerservice.azure.com names: + categories: + - azure + - containerservice kind: FleetsMember listKind: FleetsMemberList plural: fleetsmembers @@ -4726,41 +4735,9 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 - labels: - app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 - name: managedclusters.containerservice.azure.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: azureserviceoperator-webhook-service - namespace: azureserviceoperator-system - path: /convert - port: 443 - conversionReviewVersions: - - v1 - group: containerservice.azure.com - names: - kind: ManagedCluster - listKind: ManagedClusterList - plural: managedclusters - singular: managedcluster - preserveUnknownFields: false - scope: Namespaced - versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready @@ -4774,9 +4751,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20210501 + name: v1api20250301 schema: openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/stable/2025-03-01/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: description: |- @@ -4797,379 +4778,19 @@ spec: type: object spec: properties: - aadProfile: - properties: - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - properties: - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - required: - - enabled - type: object - type: object - agentPoolProfiles: - items: - properties: - availabilityZones: - items: - type: string - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - kubeletConfig: - properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - minimum: 2 - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - enum: - - OS - - Temporary - type: string - linuxOSConfig: - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - enum: - - System - - User - type: string - name: - pattern: ^[a-z][a-z0-9]{0,11}$ - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - enum: - - Ephemeral - - Managed - type: string - osSKU: - enum: - - CBLMariner - - Ubuntu - type: string - osType: - enum: - - Linux - - Windows - type: string - podSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - enum: - - Regular - - Spot - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets - type: string - upgradeSettings: - properties: - maxSurge: - type: string - type: object - vmSize: - type: string - vnetSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - apiServerAccessProfile: - properties: - authorizedIPRanges: - items: - type: string - type: array - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - properties: - balance-similar-node-groups: - type: string - expander: - enum: - - least-waste - - most-pods - - priority - - random - type: string - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - properties: - upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable - type: string - type: object azureName: description: |- AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn't have to be. - maxLength: 63 + maxLength: 50 minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: description: |- @@ -5188,274 +4809,355 @@ spec: description: Name is the Kubernetes name of the resource. type: string type: object - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - properties: - name: - type: string - type: - enum: - - EdgeZone - type: string - type: object - fqdnSubdomain: + group: + description: 'Group: The group this member belongs to for multi-cluster update management.' + maxLength: 50 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string - httpProxyConfig: - properties: - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - identity: + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure properties: - type: - enum: - - None - - SystemAssigned - - UserAssigned - type: string - userAssignedIdentities: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - identityProfile: - additionalProperties: - properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: + key: description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. type: string name: - description: Name is the Kubernetes name of the resource. + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - type: object - type: object + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array type: object - kubernetesVersion: - type: string - linuxProfile: + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/Fleet resource properties: - adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string - ssh: + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + required: + - clusterResourceReference + - owner + type: object + status: + properties: + clusterResourceId: + description: |- + ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + description: |- + ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. + Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in + the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header + fields. + type: string + group: + description: 'Group: The group this member belongs to for multi-cluster update management.' + type: string + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + name: + description: 'Name: The name of the resource' + type: string + provisioningState: + description: 'ProvisioningState: The status of the last operation.' + type: string + status: + description: 'Status: Status information of the last operation for fleet member.' + properties: + lastOperationError: + description: 'LastOperationError: The last operation error of the fleet member' properties: - publicKeys: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' items: + description: The resource management error additional info. properties: - keyData: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' type: string - required: - - keyData type: object type: array - required: - - publicKeys - type: object - required: - - adminUsername - - ssh - type: object - location: - type: string - networkProfile: - properties: - dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ - type: string - dockerBridgeCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ - type: string - loadBalancerProfile: - properties: - allocatedOutboundPorts: - maximum: 64000 - minimum: 0 - type: integer - effectiveOutboundIPs: + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' items: properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string type: object type: array - idleTimeoutInMinutes: - maximum: 120 - minimum: 4 - type: integer - managedOutboundIPs: - properties: - count: - maximum: 100 - minimum: 1 - type: integer - type: object - outboundIPPrefixes: - properties: - publicIPPrefixes: - items: - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - outboundIPs: - properties: - publicIPs: - items: - properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string type: object - loadBalancerSku: - enum: - - basic - - standard + lastOperationId: + description: 'LastOperationId: The last operation ID for the fleet member' type: string - networkMode: - enum: - - bridge - - transparent + type: object + systemData: + description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string - networkPlugin: - enum: - - azure - - kubenet + createdBy: + description: 'CreatedBy: The identity that created the resource.' type: string - networkPolicy: - enum: - - azure - - calico + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' type: string - outboundType: - enum: - - loadBalancer - - userDefinedRouting + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string - podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' type: string - serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object - nodeResourceGroup: + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250301storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20250301.FleetsMember + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/stable/2025-03-01/fleets.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20250301.FleetsMember_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + clusterResourceReference: + description: |- + ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. + e.g.: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + group: type: string operatorSpec: description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + Storage version of v1api20250301.FleetsMemberOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: description: |- DestinationExpression is a CEL expression and a destination to store the result in. The destination may @@ -5485,7 +5187,6 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: description: |- DestinationExpression is a CEL expression and a destination to store the result in. The destination may @@ -5514,50 +5215,14 @@ spec: - value type: object type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object type: object + originalVersion: + type: string owner: description: |- Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource + reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) @@ -5566,183 +5231,273 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object - podIdentityProfile: + required: + - clusterResourceReference + - owner + type: object + status: + description: Storage version of v1api20250301.FleetsMember_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clusterResourceId: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + eTag: + type: string + group: + type: string + id: + type: string + name: + type: string + provisioningState: + type: string + status: + description: |- + Storage version of v1api20250301.FleetMemberStatus_STATUS + Status information for the fleet member properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - properties: - bindingSelector: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + lastOperationError: + description: |- + Storage version of v1api20250301.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: type: string - identity: + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250301.ErrorAdditionalInfo_STATUS + The resource management error additional info. properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string type: object - name: - type: string - namespace: - type: string - required: - - identity - - name - - namespace - type: object - type: array - userAssignedIdentityExceptions: - items: - properties: - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - required: - - name - - namespace - - podLabels - type: object - type: array - type: object - privateLinkResources: - items: - properties: - groupId: - type: string - name: - type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - items: + type: array + code: type: string - type: array - type: - type: string - type: object - type: array - servicePrincipalProfile: - properties: - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced + details: + items: + description: Storage version of v1api20250301.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250301.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource + target: type: string - required: - - key - - name type: object - required: - - clientId - type: object - sku: - properties: - name: - enum: - - Basic + lastOperationId: type: string - tier: - enum: - - Free - - Paid - type: string - type: object - tags: - additionalProperties: - type: string type: object - windowsProfile: + systemData: + description: |- + Storage version of v1api20250301.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. properties: - adminPassword: + $propertyBag: + additionalProperties: + type: string description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - adminUsername: + createdAt: type: string - enableCSIProxy: - type: boolean - licenseType: - enum: - - None - - Windows_Server + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: type: string - required: - - adminUsername type: object - required: - - location - - owner + type: + type: string type: object - status: + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: managedclusters.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: ManagedCluster + listKind: ManagedClusterList + plural: managedclusters + singular: managedcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: properties: aadProfile: properties: @@ -5772,15 +5527,8 @@ spec: type: object enabled: type: boolean - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object + required: + - enabled type: object type: object agentPoolProfiles: @@ -5792,6 +5540,29 @@ spec: type: array count: type: integer + creationData: + properties: + sourceResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -5803,7 +5574,33 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string + hostGroupReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: properties: allowedUnsafeSysctls: @@ -5811,6 +5608,7 @@ spec: type: string type: array containerLogMaxFiles: + minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -5832,6 +5630,9 @@ spec: type: string type: object kubeletDiskType: + enum: + - OS + - Temporary type: string linuxOSConfig: properties: @@ -5908,17 +5709,37 @@ spec: minCount: type: integer mode: + enum: + - System + - User type: string name: - type: string - nodeImageVersion: + pattern: ^[a-z][a-z0-9]{0,11}$ type: string nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string + nodePublicIPPrefixReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: items: type: string @@ -5926,27 +5747,88 @@ spec: orchestratorVersion: type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + enum: + - Ephemeral + - Managed type: string osSKU: + enum: + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 type: string osType: + enum: + - Linux + - Windows type: string - podSubnetID: - type: string + podSubnetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: properties: code: + enum: + - Running + - Stopped type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: + proximityPlacementGroupReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + enum: + - Deallocate + - Delete type: string scaleSetPriority: + enum: + - Regular + - Spot type: string spotMaxPrice: type: number @@ -5955,6 +5837,9 @@ spec: type: string type: object type: + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: properties: @@ -5963,8 +5848,33 @@ spec: type: object vmSize: type: string - vnetSubnetID: + vnetSubnetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array apiServerAccessProfile: @@ -5973,6 +5883,8 @@ spec: items: type: string type: array + disableRunCommand: + type: boolean enablePrivateCluster: type: boolean enablePrivateClusterPublicFQDN: @@ -5985,6 +5897,11 @@ spec: balance-similar-node-groups: type: string expander: + enum: + - least-waste + - most-pods + - priority + - random type: string max-empty-bulk-delete: type: string @@ -6020,58 +5937,61 @@ spec: autoUpgradeProfile: properties: upgradeChannel: + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object - azurePortalFQDN: - type: string - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array + azureMonitorProfile: + properties: + metrics: + properties: + enabled: + type: boolean + kubeStateMetrics: + properties: + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + required: + - enabled + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + type: string disableLocalAccounts: type: boolean - diskEncryptionSetID: - type: string + diskEncryptionSetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object dnsPrefix: type: string enablePodSecurityPolicy: @@ -6083,10 +6003,10 @@ spec: name: type: string type: + enum: + - EdgeZone type: string type: object - fqdn: - type: string fqdnSubdomain: type: string httpProxyConfig: @@ -6102,35 +6022,101 @@ spec: trustedCa: type: string type: object - id: - type: string identity: properties: - principalId: - type: string - tenantId: - type: string type: + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: - additionalProperties: + items: properties: - clientId: - type: string - principalId: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: object + type: array type: object identityProfile: additionalProperties: properties: clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: object kubernetesVersion: @@ -6138,6 +6124,7 @@ spec: linuxProfile: properties: adminUsername: + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: properties: @@ -6146,38 +6133,80 @@ spec: properties: keyData: type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: type: string - maxAgentPools: - type: integer - name: - type: string networkProfile: properties: dnsServiceIP: + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string dockerBridgeCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + ipFamilies: + items: + enum: + - IPv4 + - IPv6 + type: string + type: array loadBalancerProfile: properties: allocatedOutboundPorts: + maximum: 64000 + minimum: 0 type: integer effectiveOutboundIPs: items: properties: - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array + enableMultipleStandardLoadBalancers: + type: boolean idleTimeoutInMinutes: + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: properties: count: + maximum: 100 + minimum: 1 + type: integer + countIPv6: + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: @@ -6185,8 +6214,26 @@ spec: publicIPPrefixes: items: properties: - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -6195,213 +6242,618 @@ spec: publicIPs: items: properties: - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object type: object loadBalancerSku: + enum: + - basic + - standard + type: string + natGatewayProfile: + properties: + effectiveOutboundIPs: + items: + properties: + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + maximum: 120 + minimum: 4 + type: integer + managedOutboundIPProfile: + properties: + count: + maximum: 16 + minimum: 1 + type: integer + type: object + type: object + networkDataplane: + enum: + - azure + - cilium type: string networkMode: + enum: + - bridge + - transparent type: string networkPlugin: + enum: + - azure + - kubenet + - none + type: string + networkPluginMode: + enum: + - overlay type: string networkPolicy: + enum: + - azure + - calico + - cilium type: string outboundType: + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + podCidrs: + items: + type: string + type: array serviceCidr: + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string + serviceCidrs: + items: + type: string + type: array type: object nodeResourceGroup: type: string - podIdentityProfile: + oidcIssuerProfile: properties: - allowNetworkPluginKubenet: - type: boolean enabled: type: boolean - userAssignedIdentities: + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: - bindingSelector: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - namespace: - type: string - provisioningInfo: - properties: - error: - properties: - error: - properties: - code: - type: string - details: - items: - properties: - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string + required: + - name + - value type: object type: array - userAssignedIdentityExceptions: + configMaps: + description: 'ConfigMaps: configures where to place operator written ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - namespace: + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string - podLabels: - additionalProperties: - type: string - type: object + required: + - name + - value type: object type: array - type: object - powerState: - properties: - code: - type: string - type: object - privateFQDN: - type: string - privateLinkResources: - items: - properties: - groupId: - type: string - id: - type: string - name: - type: string - privateLinkServiceID: - type: string - requiredMembers: - items: - type: string - type: array - type: - type: string + secrets: + description: 'Secrets: configures where to place Azure generated secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + properties: + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + properties: + bindingSelector: + type: string + identity: + properties: + clientId: + type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: + type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + items: + properties: + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object + privateLinkResources: + items: + properties: + groupId: + type: string + name: + type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string type: object type: array - provisioningState: + publicNetworkAccess: + enum: + - Disabled + - Enabled type: string + securityProfile: + properties: + azureKeyVaultKms: + properties: + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + enum: + - Private + - Public + type: string + keyVaultResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + properties: + logAnalyticsWorkspaceResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + properties: + enabled: + type: boolean + type: object + type: object + imageCleaner: + properties: + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + properties: + enabled: + type: boolean + type: object + type: object servicePrincipalProfile: properties: clientId: type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId type: object sku: properties: name: + enum: + - Base type: string tier: + enum: + - Free + - Standard type: string type: object + storageProfile: + properties: + blobCSIDriver: + properties: + enabled: + type: boolean + type: object + diskCSIDriver: + properties: + enabled: + type: boolean + type: object + fileCSIDriver: + properties: + enabled: + type: boolean + type: object + snapshotController: + properties: + enabled: + type: boolean + type: object + type: object tags: additionalProperties: type: string type: object - type: - type: string windowsProfile: properties: + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: type: string enableCSIProxy: type: boolean + gmsaProfile: + properties: + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object licenseType: + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object + workloadAutoScalerProfile: + properties: + keda: + properties: + enabled: + type: boolean + required: + - enabled + type: object + type: object + required: + - location + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501storage - schema: - openAPIV3Schema: - description: Storage version of v1api20210501.ManagedCluster - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20210501.ManagedCluster_Spec + status: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20210501.ManagedClusterAADProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: items: type: string @@ -6421,40 +6873,40 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20210501.ManagedClusterAddonProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string type: object enabled: type: boolean + identity: + properties: + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object availabilityZones: items: type: string type: array count: type: integer + creationData: + properties: + sourceResourceId: + type: string + type: object + currentOrchestratorVersion: + type: string enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -6467,16 +6919,10 @@ spec: type: boolean gpuInstanceProfile: type: string + hostGroupID: + type: string kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: items: type: string @@ -6505,27 +6951,11 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20210501.SysctlConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: type: integer fsFileMax: @@ -6598,30 +7028,14 @@ spec: type: string name: type: string + nodeImageVersion: + type: string nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + nodePublicIPPrefixID: + type: string nodeTaints: items: type: string @@ -6636,28 +7050,19 @@ spec: type: string osType: type: string - podSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + podSubnetID: + type: string + powerState: properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + code: type: string type: object + provisioningState: + type: string proximityPlacementGroupID: type: string + scaleDownMode: + type: string scaleSetEvictionPolicy: type: string scaleSetPriority: @@ -6671,56 +7076,26 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object maxSurge: type: string type: object vmSize: type: string - vnetSubnetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + vnetSubnetID: + type: string + workloadRuntime: + type: string type: object type: array apiServerAccessProfile: - description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: items: type: string type: array + disableRunCommand: + type: boolean enablePrivateCluster: type: boolean enablePrivateClusterPublicFQDN: @@ -6729,15 +7104,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: type: string expander: @@ -6774,45 +7141,77 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object upgradeChannel: type: string type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + azureMonitorProfile: + properties: + metrics: + properties: + enabled: + type: boolean + kubeStateMetrics: + properties: + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azurePortalFQDN: + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: type: string disableLocalAccounts: type: boolean - diskEncryptionSetIDReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + type: string dnsPrefix: type: string enablePodSecurityPolicy: @@ -6820,32 +7219,18 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20210501.ExtendedLocation properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string type: type: string type: object + fqdn: + type: string fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: type: string httpsProxy: @@ -6857,124 +7242,48 @@ spec: trustedCa: type: string type: object + id: + type: string identity: - description: Storage version of v1api20210501.ManagedClusterIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + principalId: + type: string + tenantId: + type: string type: type: string userAssignedIdentities: - items: - description: Storage version of v1api20210501.UserAssignedIdentityDetails + additionalProperties: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: - description: Storage version of v1api20210501.UserAssignedIdentity properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: type: string objectId: type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object type: object kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20210501.ContainerServiceLinuxProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: type: string ssh: - description: Storage version of v1api20210501.ContainerServiceSshConfiguration properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: items: - description: Storage version of v1api20210501.ContainerServiceSshPublicKey properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: type: string type: object @@ -6983,444 +7292,202 @@ spec: type: object location: type: string + maxAgentPools: + type: integer + name: + type: string networkProfile: - description: Storage version of v1api20210501.ContainerServiceNetworkProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: type: string dockerBridgeCidr: type: string + ipFamilies: + items: + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + type: string type: object type: array + enableMultipleStandardLoadBalancers: + type: boolean idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: type: integer + countIPv6: + type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: items: - description: Storage version of v1api20210501.ResourceReference properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: type: string + natGatewayProfile: + properties: + effectiveOutboundIPs: + items: + properties: + id: + type: string + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + properties: + count: + type: integer + type: object + type: object + networkDataplane: + type: string networkMode: type: string networkPlugin: type: string + networkPluginMode: + type: string networkPolicy: type: string outboundType: type: string podCidr: type: string + podCidrs: + items: + type: string + type: array serviceCidr: type: string + serviceCidrs: + items: + type: string + type: array type: object nodeResourceGroup: type: string - operatorSpec: - description: |- - Storage version of v1api20210501.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + oidcIssuerProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: + enabled: + type: boolean + issuerURL: + type: string + type: object + podIdentityProfile: + properties: + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + bindingSelector: type: string + identity: + properties: + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + type: string + provisioningInfo: + properties: + error: + properties: + error: + properties: + code: + type: string + details: + items: + properties: + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: type: string - required: - - name - - value type: object type: array - secretExpressions: + userAssignedIdentityExceptions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: type: string - required: - - name - - value + podLabels: + additionalProperties: + type: string + type: object type: object type: array - secrets: - description: Storage version of v1api20210501.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource + powerState: properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. + code: type: string type: object - podIdentityProfile: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: Storage version of v1api20210501.ManagedClusterPodIdentity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: Storage version of v1api20210501.UserAssignedIdentity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityException - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object + privateFQDN: + type: string privateLinkResources: items: - description: Storage version of v1api20210501.PrivateLinkResource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: type: string + id: + type: string name: type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: items: type: string @@ -7429,94 +7496,171 @@ spec: type: string type: object type: array - servicePrincipalProfile: - description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile + provisioningState: + type: string + publicNetworkAccess: + type: string + securityProfile: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. + azureKeyVaultKms: properties: - key: - description: Key is the key in the Kubernetes secret being referenced + enabled: + type: boolean + keyId: type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource + keyVaultNetworkAccess: type: string - required: - - key - - name + keyVaultResourceId: + type: string + type: object + defender: + properties: + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + properties: + enabled: + type: boolean + type: object + type: object + imageCleaner: + properties: + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + properties: + enabled: + type: boolean type: object type: object + servicePrincipalProfile: + properties: + clientId: + type: string + type: object sku: - description: Storage version of v1api20210501.ManagedClusterSKU properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: type: string tier: type: string type: object + storageProfile: + properties: + blobCSIDriver: + properties: + enabled: + type: boolean + type: object + diskCSIDriver: + properties: + enabled: + type: boolean + type: object + fileCSIDriver: + properties: + enabled: + type: boolean + type: object + snapshotController: + properties: + enabled: + type: boolean + type: object + type: object + systemData: + properties: + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string type: object + type: + type: string windowsProfile: - description: Storage version of v1api20210501.ManagedClusterWindowsProfile properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object adminUsername: type: string enableCSIProxy: type: boolean + gmsaProfile: + properties: + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object licenseType: type: string type: object - required: - - owner + workloadAutoScalerProfile: + properties: + keda: + properties: + enabled: + type: boolean + type: object + type: object type: object - status: - description: Storage version of v1api20210501.ManagedCluster_STATUS + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20230201storage + schema: + openAPIV3Schema: + description: Storage version of v1api20230201.ManagedCluster + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20230201.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -7526,7 +7670,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: Storage version of v1api20210501.ManagedClusterAADProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterAADProfile properties: $propertyBag: additionalProperties: @@ -7554,7 +7698,7 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20210501.ManagedClusterAddonProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterAddonProfile properties: $propertyBag: additionalProperties: @@ -7569,28 +7713,11 @@ spec: type: object enabled: type: boolean - identity: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20210501.ManagedClusterAgentPoolProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile properties: $propertyBag: additionalProperties: @@ -7605,6 +7732,37 @@ spec: type: array count: type: integer + creationData: + description: Storage version of v1api20230201.CreationData + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -7617,8 +7775,28 @@ spec: type: boolean gpuInstanceProfile: type: string + hostGroupReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig_STATUS + description: Storage version of v1api20230201.KubeletConfig properties: $propertyBag: additionalProperties: @@ -7655,7 +7833,7 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig_STATUS + description: Storage version of v1api20230201.LinuxOSConfig properties: $propertyBag: additionalProperties: @@ -7667,7 +7845,7 @@ spec: swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20210501.SysctlConfig_STATUS + description: Storage version of v1api20230201.SysctlConfig properties: $propertyBag: additionalProperties: @@ -7748,14 +7926,30 @@ spec: type: string name: type: string - nodeImageVersion: - type: string nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string + nodePublicIPPrefixReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: items: type: string @@ -7770,10 +7964,28 @@ spec: type: string osType: type: string - podSubnetID: - type: string + podSubnetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: - description: Storage version of v1api20210501.PowerState_STATUS + description: Storage version of v1api20230201.PowerState properties: $propertyBag: additionalProperties: @@ -7785,26 +7997,44 @@ spec: code: type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS + proximityPlacementGroupReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: - $propertyBag: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + scaleDownMode: + type: string + scaleSetEvictionPolicy: + type: string + scaleSetPriority: + type: string + spotMaxPrice: + type: number + tags: + additionalProperties: + type: string + type: object + type: + type: string + upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings + properties: + $propertyBag: additionalProperties: type: string description: |- @@ -7816,12 +8046,32 @@ spec: type: object vmSize: type: string - vnetSubnetID: + vnetSubnetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + workloadRuntime: type: string type: object type: array apiServerAccessProfile: - description: Storage version of v1api20210501.ManagedClusterAPIServerAccessProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile properties: $propertyBag: additionalProperties: @@ -7834,6 +8084,8 @@ spec: items: type: string type: array + disableRunCommand: + type: boolean enablePrivateCluster: type: boolean enablePrivateClusterPublicFQDN: @@ -7842,7 +8094,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20210501.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -7887,7 +8139,7 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20210501.ManagedClusterAutoUpgradeProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile properties: $propertyBag: additionalProperties: @@ -7899,55 +8151,72 @@ spec: upgradeChannel: type: string type: object - azurePortalFQDN: - type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. + azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + properties: + $propertyBag: + additionalProperties: type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string + type: object + type: object + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string disableLocalAccounts: type: boolean - diskEncryptionSetID: - type: string + diskEncryptionSetReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object dnsPrefix: type: string enablePodSecurityPolicy: @@ -7955,7 +8224,7 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20210501.ExtendedLocation_STATUS + description: Storage version of v1api20230201.ExtendedLocation properties: $propertyBag: additionalProperties: @@ -7969,12 +8238,10 @@ spec: type: type: string type: object - fqdn: - type: string fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20210501.ManagedClusterHTTPProxyConfig_STATUS + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig properties: $propertyBag: additionalProperties: @@ -7994,10 +8261,8 @@ spec: trustedCa: type: string type: object - id: - type: string identity: - description: Storage version of v1api20210501.ManagedClusterIdentity_STATUS + description: Storage version of v1api20230201.ManagedClusterIdentity properties: $propertyBag: additionalProperties: @@ -8006,15 +8271,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - principalId: - type: string - tenantId: - type: string type: type: string userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20210501.ManagedClusterIdentity_UserAssignedIdentities_STATUS + items: + description: Storage version of v1api20230201.UserAssignedIdentityDetails properties: $propertyBag: additionalProperties: @@ -8023,16 +8284,32 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - clientId: - type: string - principalId: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: object + type: array type: object identityProfile: additionalProperties: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS + description: Storage version of v1api20230201.UserAssignedIdentity properties: $propertyBag: additionalProperties: @@ -8043,16 +8320,68 @@ spec: type: object clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: object kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20210501.ContainerServiceLinuxProfile_STATUS + description: Storage version of v1api20230201.ContainerServiceLinuxProfile properties: $propertyBag: additionalProperties: @@ -8064,7 +8393,7 @@ spec: adminUsername: type: string ssh: - description: Storage version of v1api20210501.ContainerServiceSshConfiguration_STATUS + description: Storage version of v1api20230201.ContainerServiceSshConfiguration properties: $propertyBag: additionalProperties: @@ -8075,7 +8404,7 @@ spec: type: object publicKeys: items: - description: Storage version of v1api20210501.ContainerServiceSshPublicKey_STATUS + description: Storage version of v1api20230201.ContainerServiceSshPublicKey properties: $propertyBag: additionalProperties: @@ -8092,12 +8421,8 @@ spec: type: object location: type: string - maxAgentPools: - type: integer - name: - type: string networkProfile: - description: Storage version of v1api20210501.ContainerServiceNetworkProfile_STATUS + description: Storage version of v1api20230201.ContainerServiceNetworkProfile properties: $propertyBag: additionalProperties: @@ -8110,8 +8435,12 @@ spec: type: string dockerBridgeCidr: type: string + ipFamilies: + items: + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile properties: $propertyBag: additionalProperties: @@ -8124,7 +8453,7 @@ spec: type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20210501.ResourceReference_STATUS + description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: @@ -8133,14 +8462,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array + enableMultipleStandardLoadBalancers: + type: boolean idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -8151,9 +8500,11 @@ spec: type: object count: type: integer + countIPv6: + type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -8164,7 +8515,7 @@ spec: type: object publicIPPrefixes: items: - description: Storage version of v1api20210501.ResourceReference_STATUS + description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: @@ -8173,13 +8524,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20210501.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -8190,7 +8559,7 @@ spec: type: object publicIPs: items: - description: Storage version of v1api20210501.ResourceReference_STATUS + description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: @@ -8199,31 +8568,120 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object type: object loadBalancerSku: type: string + natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: Storage version of v1api20230201.ResourceReference + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object + type: object + networkDataplane: + type: string networkMode: type: string networkPlugin: type: string + networkPluginMode: + type: string networkPolicy: type: string outboundType: type: string podCidr: type: string + podCidrs: + items: + type: string + type: array serviceCidr: type: string + serviceCidrs: + items: + type: string + type: array type: object nodeResourceGroup: type: string - podIdentityProfile: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProfile_STATUS + oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile properties: $propertyBag: additionalProperties: @@ -8232,109 +8690,294 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowNetworkPluginKubenet: - type: boolean enabled: type: boolean - userAssignedIdentities: + type: object + operatorSpec: + description: |- + Storage version of v1api20230201.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMapExpressions: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentity_STATUS + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: - $propertyBag: - additionalProperties: - type: string + key: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. type: string - identity: - description: Storage version of v1api20210501.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - namespace: + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string - provisioningInfo: - description: Storage version of v1api20210501.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningError_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object + required: + - name + - value + type: object + type: array + configMaps: + description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Storage version of v1api20230201.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentity + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: + type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object type: object - provisioningState: + name: + type: string + namespace: type: string type: object type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20210501.ManagedClusterPodIdentityException_STATUS + description: Storage version of v1api20230201.ManagedClusterPodIdentityException properties: $propertyBag: additionalProperties: @@ -8354,24 +8997,9 @@ spec: type: object type: array type: object - powerState: - description: Storage version of v1api20210501.PowerState_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string privateLinkResources: items: - description: Storage version of v1api20210501.PrivateLinkResource_STATUS + description: Storage version of v1api20230201.PrivateLinkResource properties: $propertyBag: additionalProperties: @@ -8382,12 +9010,28 @@ spec: type: object groupId: type: string - id: - type: string name: type: string - privateLinkServiceID: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: items: type: string @@ -8396,10 +9040,130 @@ spec: type: string type: object type: array - provisioningState: + publicNetworkAccess: type: string + securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object servicePrincipalProfile: - description: Storage version of v1api20210501.ManagedClusterServicePrincipalProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile properties: $propertyBag: additionalProperties: @@ -8410,9 +9174,26 @@ spec: type: object clientId: type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object type: object sku: - description: Storage version of v1api20210501.ManagedClusterSKU_STATUS + description: Storage version of v1api20230201.ManagedClusterSKU properties: $propertyBag: additionalProperties: @@ -8426,14 +9207,75 @@ spec: tier: type: string type: object + storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object tags: additionalProperties: type: string type: object - type: - type: string windowsProfile: - description: Storage version of v1api20210501.ManagedClusterWindowsProfile_STATUS + description: Storage version of v1api20230201.ManagedClusterWindowsProfile properties: $propertyBag: additionalProperties: @@ -8442,57 +9284,94 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: type: string enableCSIProxy: type: boolean - licenseType: - type: string - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20230201 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: + gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + required: + - owner type: object - spec: + status: + description: Storage version of v1api20230201.ManagedCluster_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object aadProfile: + description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminGroupObjectIDs: items: type: string @@ -8512,20 +9391,51 @@ spec: type: object addonProfiles: additionalProperties: + description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object config: additionalProperties: type: string type: object enabled: type: boolean - required: - - enabled + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object type: object agentPoolProfiles: items: + description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object availabilityZones: items: type: string @@ -8533,28 +9443,20 @@ spec: count: type: integer creationData: + description: Storage version of v1api20230201.CreationData_STATUS properties: - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + sourceResourceId: + type: string type: object + currentOrchestratorVersion: + type: string enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -8566,41 +9468,24 @@ spec: enableUltraSSD: type: boolean gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string - hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + hostGroupID: + type: string kubeletConfig: + description: Storage version of v1api20230201.KubeletConfig_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: - minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -8622,16 +9507,29 @@ spec: type: string type: object kubeletDiskType: - enum: - - OS - - Temporary type: string linuxOSConfig: + description: Storage version of v1api20230201.LinuxOSConfig_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object swapFileSizeMB: type: integer sysctls: + description: Storage version of v1api20230201.SysctlConfig_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object fsAioMaxNr: type: integer fsFileMax: @@ -8701,37 +9599,17 @@ spec: minCount: type: integer mode: - enum: - - System - - User type: string name: - pattern: ^[a-z][a-z0-9]{0,11}$ + type: string + nodeImageVersion: type: string nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + nodePublicIPPrefixID: + type: string nodeTaints: items: type: string @@ -8739,88 +9617,37 @@ spec: orchestratorVersion: type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - enum: - - Ephemeral - - Managed type: string osSKU: - enum: - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - enum: - - Linux - - Windows type: string - podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + podSubnetID: + type: string powerState: + description: Storage version of v1api20230201.PowerState_STATUS properties: - code: - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string scaleDownMode: - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete type: string scaleSetPriority: - enum: - - Regular - - Spot type: string spotMaxPrice: type: number @@ -8829,48 +9656,38 @@ spec: type: string type: object type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: + description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object maxSurge: type: string type: object vmSize: type: string - vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + vnetSubnetID: + type: string workloadRuntime: - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array apiServerAccessProfile: + description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object authorizedIPRanges: items: type: string @@ -8885,15 +9702,18 @@ spec: type: string type: object autoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object balance-similar-node-groups: type: string expander: - enum: - - least-waste - - most-pods - - priority - - random type: string max-empty-bulk-delete: type: string @@ -8927,63 +9747,108 @@ spec: type: string type: object autoUpgradeProfile: + description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean kubeStateMetrics: + description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object - required: - - enabled type: object type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: type: string disableLocalAccounts: type: boolean - diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + type: string dnsPrefix: type: string enablePodSecurityPolicy: @@ -8991,19 +9856,35 @@ spec: enableRBAC: type: boolean extendedLocation: + description: Storage version of v1api20230201.ExtendedLocation_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: type: string type: - enum: - - EdgeZone type: string type: object + fqdn: + type: string fqdnSubdomain: type: string httpProxyConfig: + description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS properties: - httpProxy: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + httpProxy: type: string httpsProxy: type: string @@ -9014,302 +9895,287 @@ spec: trustedCa: type: string type: object + id: + type: string identity: + description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + principalId: + type: string + tenantId: + type: string type: - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - items: + additionalProperties: + description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: type: string objectId: type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object type: object kubernetesVersion: type: string linuxProfile: + description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: + description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicKeys: items: + description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: type: string + maxAgentPools: + type: integer + name: + type: string networkProfile: + description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string dockerBridgeCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string ipFamilies: items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allocatedOutboundPorts: - maximum: 64000 - minimum: 0 type: integer effectiveOutboundIPs: items: + description: Storage version of v1api20230201.ResourceReference_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: - maximum: 100 - minimum: 1 type: integer countIPv6: - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPPrefixes: items: + description: Storage version of v1api20230201.ResourceReference_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object outboundIPs: + description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPs: items: + description: Storage version of v1api20230201.ResourceReference_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: - enum: - - basic - - standard type: string natGatewayProfile: + description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object effectiveOutboundIPs: items: + description: Storage version of v1api20230201.ResourceReference_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: + description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - enum: - - azure - - cilium type: string networkMode: - enum: - - bridge - - transparent type: string networkPlugin: - enum: - - azure - - kubenet - - none type: string networkPluginMode: - enum: - - overlay type: string networkPolicy: - enum: - - azure - - calico - - cilium type: string outboundType: - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: @@ -9319,256 +10185,186 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: + description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean + issuerURL: + type: string type: object - operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + podIdentityProfile: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS properties: - key: + $propertyBag: + additionalProperties: + type: string description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: type: string + identity: + description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: type: string - required: - - name - - value type: object type: array - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. + userAssignedIdentityExceptions: + items: + description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + properties: + $propertyBag: + additionalProperties: type: string - required: - - key - - name - type: object - principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' - properties: - key: - description: Key is the key in the ConfigMap being referenced + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value + type: object type: object type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource + powerState: + description: Storage version of v1api20230201.PowerState_STATUS properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object - podIdentityProfile: - properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - properties: - bindingSelector: - type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - required: - - identity - - name - - namespace - type: object - type: array - userAssignedIdentityExceptions: - items: - properties: - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - required: - - name - - namespace - - podLabels - type: object - type: array - type: object + privateFQDN: + type: string privateLinkResources: items: + description: Storage version of v1api20230201.PrivateLinkResource_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object groupId: type: string + id: + type: string name: type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: items: type: string @@ -9577,174 +10373,238 @@ spec: type: string type: object type: array + provisioningState: + type: string publicNetworkAccess: - enum: - - Disabled - - Enabled type: string securityProfile: + description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object azureKeyVaultKms: + description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: - enum: - - Private - - Public type: string - keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultResourceId: + type: string type: object defender: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS properties: - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + logAnalyticsWorkspaceResourceId: + type: string securityMonitoring: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object imageCleaner: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean intervalHours: type: integer type: object workloadIdentity: + description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object servicePrincipalProfile: + description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS properties: - clientId: - type: string - secret: + $propertyBag: + additionalProperties: + type: string description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - required: - - clientId + clientId: + type: string type: object sku: + description: Storage version of v1api20230201.ManagedClusterSKU_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - enum: - - Base type: string tier: - enum: - - Free - - Standard type: string type: object storageProfile: + description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object blobCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object diskCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object fileCSIDriver: + description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object snapshotController: + description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object + systemData: + description: Storage version of v1api20230201.SystemData_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string type: object + type: + type: string windowsProfile: + description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS properties: - adminPassword: + $propertyBag: + additionalProperties: + type: string description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: + description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object dnsServer: type: string enabled: @@ -9753,2463 +10613,3721 @@ spec: type: string type: object licenseType: - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keda: + description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean - required: - - enabled type: object type: object - required: - - location - - owner type: object - status: + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: properties: aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object + required: + - enabled type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: + description: Profile for the container service agent pool. properties: availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string - hostGroupID: - type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary type: string linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User type: string name: + description: 'Name: Windows agent pool names must be 6 characters or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ type: string - nodeImageVersion: - type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP + type: string + type: object + type: array + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' + type: object + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - nodePublicIPPrefixID: - type: string nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed type: string osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 type: string osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows type: string - podSubnetID: - type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded properties: code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot type: string spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: + drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 + type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetID: - type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. type: string type: object autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random type: string max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: + description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - Unmanaged + type: string upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object + required: + - enabled type: object type: object - azurePortalFQDN: - type: string - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetID: - type: string + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone type: string type: object - fqdn: - type: string fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - id: - type: string identity: + description: 'Identity: The identity of the managed cluster, if configured.' properties: - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: + delegatedResources: additionalProperties: + description: Delegated resource properties - internal use only. properties: - clientId: + location: + description: 'Location: The source resource location - internal use only.' type: string - principalId: + referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned + type: string + userAssignedIdentities: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for the resource + properties: + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array type: object identityProfile: additionalProperties: + description: Details about a user assigned identity. properties: clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: + description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object + description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: + description: Contains information about SSH certificate public key data. properties: keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: - type: string - maxAgentPools: - type: integer - name: + description: 'Location: The geo-location where the resource lives' type: string networkProfile: + description: 'NetworkProfile: The network configuration profile.' properties: dnsServiceIP: - type: string - dockerBridgeCidr: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: + enum: + - IPv4 + - IPv6 type: string type: array loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard type: string natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' + enum: + - azure + - cilium type: string networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' + enum: + - bridge + - transparent type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' + enum: + - azure + - kubenet + - none type: string networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should use.' + enum: + - overlay type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' + enum: + - azure + - calico + - cilium type: string outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. items: type: string type: array serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean - issuerURL: - type: string type: object - podIdentityProfile: + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: 'ConfigMaps: configures where to place operator written ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + principalId: + description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: 'Secrets: configures where to place Azure generated secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' + items: + description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: + description: 'Identity: The user assigned identity details.' properties: clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: + description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object name: + description: 'Name: The name of the pod identity.' type: string namespace: + description: 'Namespace: The namespace of the pod identity.' type: string - provisioningInfo: - properties: - error: - properties: - error: - properties: - code: - type: string - details: - items: - properties: - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: - type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: + description: 'Name: The name of the pod identity exception.' type: string namespace: + description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string + description: 'PodLabels: The pod labels to match.' type: object + required: + - name + - namespace + - podLabels type: object type: array type: object - powerState: - properties: - code: - type: string - type: object - privateFQDN: - type: string privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: + description: A private link resource properties: groupId: - type: string - id: + description: 'GroupId: The group ID of the resource.' type: string name: + description: 'Name: The name of the private link resource.' type: string - privateLinkServiceID: - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array - provisioningState: - type: string publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access for AKS' + enum: + - Disabled + - Enabled type: string securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public type: string - keyVaultResourceId: - type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object defender: + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - logAnalyticsWorkspaceResourceId: - type: string + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' + properties: + istio: + description: 'Istio: Istio service mesh configuration.' + properties: + certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' + type: object + required: + - enabled + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + maxItems: 2 + type: array + type: object + mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio + type: string + required: + - mode + type: object servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. properties: clientId: + description: 'ClientId: The ID for the service principal.' type: string + secret: + description: 'Secret: The secret password associated with the service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId type: object sku: + description: 'Sku: The managed cluster SKU.' properties: name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base type: string tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object - systemData: - properties: - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial + type: string tags: additionalProperties: type: string + description: 'Tags: Resource tags.' + type: object + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' + properties: + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' + properties: + forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. + type: string + type: object type: object - type: - type: string windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters type: string enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: + description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + required: + - enabled + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean + required: + - enabled type: object type: object + required: + - location + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20230201storage - schema: - openAPIV3Schema: - description: Storage version of v1api20230201.ManagedCluster - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20230201.ManagedCluster_Spec + status: + description: Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile + description: 'AadProfile: The Azure Active Directory configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile + description: A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean + identity: + description: 'Identity: Information of user assigned identity used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile + description: Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' + type: string count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: Storage version of v1api20230201.CreationData + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string - hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: + description: 'Name: Windows agent pool names must be 6 characters or less.' + type: string + networkProfile: + description: 'NetworkProfile: Network-related settings of an agent pool.' + properties: + allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' + items: + description: The port range. + properties: + portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + type: integer + portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + type: integer + protocol: + description: 'Protocol: The network protocol of the port.' + type: string + type: object + type: array + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' + items: + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' + items: + description: Contains the IPTag associated with the object. + properties: + ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' + type: string + tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' + type: string + type: object + type: array + type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object powerState: - description: Storage version of v1api20230201.PowerState + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object - proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' + type: string scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: - $propertyBag: - additionalProperties: - type: string + drainTimeoutInMinutes: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. type: string max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: + description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + type: string upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object type: object type: object - azureName: + azurePortalFQDN: description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. + type: string + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. type: string disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' type: string type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string identity: - description: Storage version of v1api20230201.ManagedClusterIdentity + description: 'Identity: The identity of the managed cluster, if configured.' properties: - $propertyBag: + delegatedResources: additionalProperties: - type: string + description: Delegated resource properties - internal use only. + properties: + location: + description: 'Location: The source resource location - internal use only.' + type: string + referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' + type: string + tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' + type: string + type: object description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' + type: string type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: - items: - description: Storage version of v1api20230201.UserAssignedIdentityDetails + additionalProperties: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned identity.' + type: string type: object - type: array + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity + description: Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object + description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey + description: Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: - type: string - type: object + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. + type: string + type: object type: array type: object type: object location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' + type: integer + name: + description: 'Name: The name of the resource' type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile + description: 'NetworkProfile: The network configuration profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServiceIP: - type: string - dockerBridgeCidr: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. type: string ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer + backendPoolType: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: Storage version of v1api20230201.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: Storage version of v1api20230201.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: - description: Storage version of v1api20230201.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: Storage version of v1api20230201.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. items: type: string type: array serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. type: string serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - Storage version of v1api20230201.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. properties: - $propertyBag: - additionalProperties: - type: string + allowNetworkPluginKubenet: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + description: Details about the pod identity assigned to the Managed Cluster. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + description: 'Name: The name of the pod identity.' type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + details: + description: 'Details: A list of additional details about the error.' + items: + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string - required: - - name - - value type: object type: array - configMaps: - description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + description: 'Name: The name of the pod identity exception.' type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + description: 'Namespace: The namespace of the pod identity exception.' type: string - required: - - name - - value + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object type: object type: array - secrets: - description: Storage version of v1api20230201.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource + powerState: + description: 'PowerState: The Power State of the cluster.' properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. + code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object - podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: Storage version of v1api20230201.UserAssignedIdentity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: Storage version of v1api20230201.PrivateLinkResource + description: A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' type: string name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile + description: 'SecurityProfile: Security profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string - keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string + logAnalyticsWorkspaceResourceId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object - servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile + serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. + istio: + description: 'Istio: Istio service mesh configuration.' properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: + certificateAuthority: description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca + properties: + plugin: + description: 'Plugin: Plugin certificates information for Service Mesh.' + properties: + certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' + type: string + certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' + type: string + keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key Vault.' + type: string + rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' + type: string + type: object + type: object + components: + description: 'Components: Istio components configuration.' + properties: + egressGateways: + description: 'EgressGateways: Istio egress gateways.' + items: + description: Istio egress gateway configuration. + properties: + enabled: + description: 'Enabled: Whether to enable the egress gateway.' + type: boolean + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' + type: object + type: object + type: array + ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' + items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + enabled: + description: 'Enabled: Whether to enable the ingress gateway.' + type: boolean + mode: + description: 'Mode: Mode of an ingress gateway.' + type: string + type: object + type: array + type: object + revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade + items: + type: string + type: array type: object + mode: + description: 'Mode: Mode of the service mesh.' + type: string + type: object + servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. + properties: + clientId: + description: 'ClientId: The ID for the service principal.' + type: string type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU + description: 'Sku: The managed cluster SKU.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of a managed cluster SKU.' type: string tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile + description: 'StorageProfile: Storage profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object + supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object tags: additionalProperties: type: string + description: 'Tags: Resource tags.' type: object - windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' + type: string + upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. + overrideSettings: + description: 'OverrideSettings: Settings for overrides.' properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: + forceUpgrade: description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. + type: boolean + until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. type: string - required: - - key - - name type: object + type: object + windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' + properties: adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' + properties: dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: + description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' + properties: + enabled: + description: 'Enabled: Whether to enable KEDA.' + type: boolean + type: object + verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object - required: - - owner type: object - status: - description: Storage version of v1api20230201.ManagedCluster_STATUS + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20231001storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20231001.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20231001.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -12219,7 +14337,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: @@ -12247,7 +14367,9 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -12262,28 +14384,13 @@ spec: type: object enabled: type: boolean - identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. properties: $propertyBag: additionalProperties: @@ -12296,10 +14403,32 @@ spec: items: type: string type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: type: integer creationData: - description: Storage version of v1api20230201.CreationData_STATUS + description: |- + Storage version of v1api20231001.CreationData + Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: @@ -12308,11 +14437,27 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string enableAutoScaling: type: boolean enableEncryptionAtHost: @@ -12325,10 +14470,33 @@ spec: type: boolean gpuInstanceProfile: type: string - hostGroupID: - type: string + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig_STATUS + description: |- + Storage version of v1api20231001.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -12365,7 +14533,9 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig_STATUS + description: |- + Storage version of v1api20231001.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -12377,7 +14547,9 @@ spec: swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig_STATUS + description: |- + Storage version of v1api20231001.SysctlConfig + Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: @@ -12458,14 +14630,107 @@ spec: type: string name: type: string - nodeImageVersion: - type: string + networkProfile: + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile + Network settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowedHostPorts: + items: + description: |- + Storage version of v1api20231001.PortRange + The port range. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: + type: integer + portStart: + type: integer + protocol: + type: string + type: object + type: array + applicationSecurityGroupsReferences: + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + nodePublicIPTags: + items: + description: |- + Storage version of v1api20231001.IPTag + Contains the IPTag associated with the object. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + ipTagType: + type: string + tag: + type: string + type: object + type: array + type: object nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: items: type: string @@ -12480,10 +14745,33 @@ spec: type: string osType: type: string - podSubnetID: - type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: - description: Storage version of v1api20230201.PowerState_STATUS + description: |- + Storage version of v1api20231001.PowerState + Describes the Power State of the cluster properties: $propertyBag: additionalProperties: @@ -12495,10 +14783,26 @@ spec: code: type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object scaleDownMode: type: string scaleSetEvictionPolicy: @@ -12514,7 +14818,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings + Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: @@ -12523,19 +14829,44 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + drainTimeoutInMinutes: + type: integer maxSurge: type: string type: object vmSize: type: string - vnetSubnetID: - type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object workloadRuntime: type: string type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: @@ -12558,7 +14889,7 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -12603,7 +14934,9 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -12612,11 +14945,15 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + nodeOSUpgradeChannel: + type: string upgradeChannel: type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: @@ -12626,7 +14963,11 @@ spec: resources, allowing for full fidelity round trip conversions type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: @@ -12638,7 +14979,11 @@ spec: enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: $propertyBag: additionalProperties: @@ -12654,57 +14999,35 @@ spec: type: object type: object type: object - azurePortalFQDN: - type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. type: string disableLocalAccounts: type: boolean - diskEncryptionSetID: - type: string + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object dnsPrefix: type: string enablePodSecurityPolicy: @@ -12712,8 +15035,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation_STATUS - properties: + description: |- + Storage version of v1api20231001.ExtendedLocation + The complex type of the extended location. + properties: $propertyBag: additionalProperties: type: string @@ -12726,12 +15051,12 @@ spec: type: type: string type: object - fqdn: - type: string fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: @@ -12751,10 +15076,10 @@ spec: trustedCa: type: string type: object - id: - type: string identity: - description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterIdentity + Identity for the managed cluster. properties: $propertyBag: additionalProperties: @@ -12763,15 +15088,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: + delegatedResources: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS + description: |- + Storage version of v1api20231001.DelegatedResource + Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: @@ -12780,16 +15101,77 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - clientId: + location: type: string - principalId: + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + tenantId: type: string type: object type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20231001.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. properties: $propertyBag: additionalProperties: @@ -12800,16 +15182,70 @@ spec: type: object clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: object kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: @@ -12821,7 +15257,9 @@ spec: adminUsername: type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: @@ -12832,7 +15270,9 @@ spec: type: object publicKeys: items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: @@ -12849,12 +15289,10 @@ spec: type: object location: type: string - maxAgentPools: - type: integer - name: - type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile + Profile of network configuration. properties: $propertyBag: additionalProperties: @@ -12865,14 +15303,14 @@ spec: type: object dnsServiceIP: type: string - dockerBridgeCidr: - type: string ipFamilies: items: type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: @@ -12883,9 +15321,13 @@ spec: type: object allocatedOutboundPorts: type: integer + backendPoolType: + type: string effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -12894,8 +15336,26 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array enableMultipleStandardLoadBalancers: @@ -12903,7 +15363,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -12918,7 +15378,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -12929,7 +15389,9 @@ spec: type: object publicIPPrefixes: items: - description: Storage version of v1api20230201.ResourceReference_STATUS + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -12938,13 +15400,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -12955,7 +15435,9 @@ spec: type: object publicIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -12964,8 +15446,26 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -12973,7 +15473,9 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: @@ -12984,7 +15486,9 @@ spec: type: object effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS + description: |- + Storage version of v1api20231001.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -12993,14 +15497,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: @@ -13041,7 +15565,9 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: @@ -13052,11 +15578,192 @@ spec: type: object enabled: type: boolean - issuerURL: + type: object + operatorSpec: + description: |- + Storage version of v1api20231001.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMapExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + principalId: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Storage version of v1api20231001.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: $propertyBag: additionalProperties: @@ -13071,7 +15778,9 @@ spec: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: @@ -13083,7 +15792,9 @@ spec: bindingSelector: type: string identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS + description: |- + Storage version of v1api20231001.UserAssignedIdentity + Details about a user assigned identity. properties: $propertyBag: additionalProperties: @@ -13094,80 +15805,75 @@ spec: type: object clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + objectIdFromConfig: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. properties: - $propertyBag: - additionalProperties: - type: string + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object type: object - provisioningState: + name: + type: string + namespace: type: string type: object type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: @@ -13187,24 +15893,11 @@ spec: type: object type: array type: object - powerState: - description: Storage version of v1api20230201.PowerState_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string privateLinkResources: items: - description: Storage version of v1api20230201.PrivateLinkResource_STATUS + description: |- + Storage version of v1api20231001.PrivateLinkResource + A private link resource properties: $propertyBag: additionalProperties: @@ -13215,12 +15908,28 @@ spec: type: object groupId: type: string - id: - type: string name: type: string - privateLinkServiceID: - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: items: type: string @@ -13229,12 +15938,12 @@ spec: type: string type: object type: array - provisioningState: - type: string publicNetworkAccess: type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile + Security profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -13244,7 +15953,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS + description: |- + Storage version of v1api20231001.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: @@ -13259,11 +15970,33 @@ spec: type: string keyVaultNetworkAccess: type: string - keyVaultResourceId: - type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: @@ -13272,10 +16005,33 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logAnalyticsWorkspaceResourceId: - type: string + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: @@ -13289,7 +16045,10 @@ spec: type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: $propertyBag: additionalProperties: @@ -13304,7 +16063,9 @@ spec: type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: @@ -13317,8 +16078,151 @@ spec: type: boolean type: object type: object + serviceMeshProfile: + description: |- + Storage version of v1api20231001.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20231001.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20231001.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20231001.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20231001.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20231001.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: @@ -13329,9 +16233,28 @@ spec: type: object clientId: type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterSKU + The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: @@ -13346,7 +16269,9 @@ spec: type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile + Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -13356,7 +16281,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -13369,7 +16296,9 @@ spec: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -13382,7 +16311,9 @@ spec: type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -13395,7 +16326,9 @@ spec: type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -13408,8 +16341,16 @@ spec: type: boolean type: object type: object - systemData: - description: Storage version of v1api20230201.SystemData_STATUS + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings + Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -13418,27 +16359,28 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object - tags: - additionalProperties: - type: string + overrideSettings: + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object type: object - type: - type: string windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: @@ -13447,12 +16389,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS + description: |- + Storage version of v1api20231001.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: @@ -13472,7 +16433,9 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: @@ -13482,7 +16445,24 @@ spec: resources, allowing for full fidelity round trip conversions type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: @@ -13495,2103 +16475,1722 @@ spec: type: boolean type: object type: object + required: + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20231001 - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + status: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: + Storage version of v1api20231001.ManagedCluster_STATUS + Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' + description: |- + Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. + description: |- + Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled + identity: + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. + description: |- + Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. properties: - availabilityZones: + $propertyBag: + additionalProperties: + type: string description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: items: type: string type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. + Storage version of v1api20231001.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + sourceResourceId: + type: string type: object + currentOrchestratorVersion: + type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string - hostGroupReference: + hostGroupID: + type: string + kubeletConfig: description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + Storage version of v1api20231001.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + description: |- + Storage version of v1api20231001.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' + description: |- + Storage version of v1api20231001.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' + description: |- + Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. + description: |- + Storage version of v1api20231001.PortRange_STATUS + The port range. properties: - portEnd: + $propertyBag: + additionalProperties: + type: string description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array - applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. + applicationSecurityGroups: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. + description: |- + Storage version of v1api20231001.IPTag_STATUS + Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object + nodeImageVersion: + type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string type: object + nodePublicIPPrefixID: + type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. - enum: - - AzureLinux - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + podSubnetID: + type: string powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' + description: |- + Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool properties: - drainTimeoutInMinutes: + $propertyBag: + additionalProperties: + type: string description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + vnetSubnetID: + type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' + description: |- + Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. properties: - authorizedIPRanges: + $propertyBag: + additionalProperties: + type: string description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' + description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. - enum: - - least-waste - - most-pods - - priority - - random type: string max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' + description: |- + Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' - enum: - - NodeImage - - None - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metrics: description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: type: boolean kubeStateMetrics: description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. properties: - metricAnnotationsAllowList: + $propertyBag: + additionalProperties: + type: string description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object - required: - - enabled type: object type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' + description: |- + Storage version of v1api20231001.ExtendedLocation_STATUS + The complex type of the extended location. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object + fqdn: + type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' + description: |- + Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object + id: + type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' + description: |- + Storage version of v1api20231001.ManagedClusterIdentity_STATUS + Identity for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. + description: |- + Storage version of v1api20231001.DelegatedResource_STATUS + Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + type: string + tenantId: + type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - items: - description: Information about the user assigned identity for the resource + additionalProperties: + description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. + description: |- + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' + description: |- + Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' + description: |- + Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. + description: |- + Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. properties: - keyData: + $propertyBag: + additionalProperties: + type: string description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + type: integer + name: type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' + description: |- + Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. properties: - dnsServiceIP: + $propertyBag: + additionalProperties: + type: string description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServiceIP: type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' + description: |- + Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. properties: - allocatedOutboundPorts: + $propertyBag: + additionalProperties: + type: string description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' + description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + description: |- + Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20231001.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' + description: |- + Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean + issuerURL: + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. properties: - key: + $propertyBag: + additionalProperties: + type: string description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: type: string - name: + identity: description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + Storage version of v1api20231001.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: type: string - required: - - name - - value type: object type: array - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + userAssignedIdentityExceptions: items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: + $propertyBag: + additionalProperties: + type: string description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' - type: string - required: - - identity - - name - - namespace - type: object - type: array - userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' - items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object + powerState: + description: |- + Storage version of v1api20231001.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource + description: |- + Storage version of v1api20231001.PrivateLinkResource_STATUS + A private link resource properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object groupId: - description: 'GroupId: The group ID of the resource.' + type: string + id: type: string name: - description: 'Name: The name of the private link resource.' type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled + type: string + resourceUID: type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object azureKeyVaultKms: description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + Storage version of v1api20231001.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultResourceId: + type: string type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. properties: - logAnalyticsWorkspaceResourceReference: + $propertyBag: + additionalProperties: + type: string description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + logAnalyticsWorkspaceResourceId: + type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' + description: |- + Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' + description: |- + Storage version of v1api20231001.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object istio: - description: 'Istio: Istio service mesh configuration.' + description: |- + Storage version of v1api20231001.IstioServiceMesh_STATUS + Istio service mesh configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object certificateAuthority: description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca + Storage version of v1api20231001.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' + description: |- + Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultId: + type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' + description: |- + Storage version of v1api20231001.IstioComponents_STATUS + Istio components configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. + description: |- + Storage version of v1api20231001.IstioEgressGateway_STATUS + Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean nodeSelector: additionalProperties: type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' type: object - required: - - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: description: |- + Storage version of v1api20231001.IstioIngressGateway_STATUS Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string - maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. + Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string - secret: - description: 'Secret: The secret password associated with the service principal in plain text.' - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - required: - - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' + description: |- + Storage version of v1api20231001.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' + description: |- + Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string + systemData: + description: |- + Storage version of v1api20231001.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object + type: + type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' + description: |- + Storage version of v1api20231001.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' + description: |- + Storage version of v1api20231001.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. properties: - forceUpgrade: + $propertyBag: + additionalProperties: + type: string description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. properties: - adminPassword: + $propertyBag: + additionalProperties: + type: string description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' + description: |- + Storage version of v1api20231001.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. properties: - dnsServer: + $propertyBag: + additionalProperties: + type: string description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean - required: - - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' + description: |- + Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean - required: - - enabled type: object type: object - required: - - location - - owner type: object - status: - description: Managed cluster. + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402preview + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: properties: aadProfile: description: 'AadProfile: The Azure Active Directory configuration.' @@ -15634,19 +18233,8 @@ spec: enabled: description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - identity: - description: 'Identity: Information of user assigned identity used by this add-on.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object + required: + - enabled type: object description: 'AddonProfiles: The profile of managed cluster add-on.' type: object @@ -15655,6 +18243,15 @@ spec: items: description: Profile for the container service agent pool. properties: + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean + type: object availabilityZones: description: |- AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType @@ -15662,9 +18259,26 @@ spec: items: type: string type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: description: |- Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) @@ -15675,19 +18289,36 @@ spec: CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. - type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. + type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -15710,15 +18341,65 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string - hostGroupID: + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' + properties: + installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean + type: object + hostGroupReference: description: |- - HostGroupID: This is of the form: + HostGroupReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: @@ -15731,6 +18412,7 @@ spec: description: |- ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be ≥ 2. + minimum: 2 type: integer containerLogMaxSizeMB: description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' @@ -15772,6 +18454,9 @@ spec: description: |- KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. + enum: + - OS + - Temporary type: string linuxOSConfig: description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' @@ -15850,12 +18535,18 @@ spec: type: boolean netIpv4TcpkeepaliveIntvl: description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' @@ -15886,6 +18577,12 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -15893,9 +18590,14 @@ spec: description: |- Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User type: string name: description: 'Name: Windows agent pool names must be 6 characters or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: description: 'NetworkProfile: Network-related settings of an agent pool.' @@ -15909,21 +18611,48 @@ spec: description: |- PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. + maximum: 65535 + minimum: 1 type: integer portStart: description: |- PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. + maximum: 65535 + minimum: 1 type: integer protocol: description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP type: string type: object type: array - applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: description: 'NodePublicIPTags: IPTags of instance-level public IPs.' @@ -15939,19 +18668,43 @@ spec: type: object type: array type: object - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array nodeLabels: additionalProperties: type: string description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixID: + nodePublicIPPrefixReference: description: |- - NodePublicIPPrefixID: This is of the form: + NodePublicIPPrefixReference: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: @@ -15959,37 +18712,78 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: description: |- OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. + enum: + - AzureLinux + - CBLMariner + - Mariner + - Ubuntu + - Windows2019 + - Windows2022 + - WindowsAnnual type: string osType: description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows type: string - podSubnetID: + podIPAllocationMode: description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: description: |- PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this @@ -15998,25 +18792,71 @@ spec: properties: code: description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string scaleDownMode: description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: description: |- ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. + enum: + - Deallocate + - Delete type: string scaleSetPriority: description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string + type: object spotMaxPrice: description: |- SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any @@ -16030,6 +18870,10 @@ spec: type: object type: description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' @@ -16039,6 +18883,8 @@ spec: DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 type: integer maxSurge: description: |- @@ -16047,6 +18893,83 @@ spec: up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object type: object vmSize: description: |- @@ -16054,17 +18977,56 @@ spec: might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetID: + vnetSubnetReference: description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' + properties: + disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean + type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' + enum: + - KataMshvVmIsolation + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled or not.' + type: boolean + type: object apiServerAccessProfile: description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: @@ -16087,12 +19049,20 @@ spec: enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' + type: boolean privateDNSZone: description: |- PrivateDNSZone: The default is System. For more details see [configure private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and 'none'. type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. + type: string type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' @@ -16100,12 +19070,31 @@ spec: balance-similar-node-groups: description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string - expander: + daemonset-eviction-for-empty-nodes: description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + expander: + description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' + enum: + - least-waste + - most-pods + - priority + - random type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean max-empty-bulk-delete: description: 'MaxEmptyBulkDelete: The default is 10.' type: string @@ -16171,141 +19160,265 @@ spec: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: description: |- UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' + description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - metrics: + appMonitoring: description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' + type: integer + type: object + type: object + containerInsights: + description: |- + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. properties: + disableCustomMetrics: + description: |- + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' + type: boolean + logAnalyticsWorkspaceResourceReference: description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: metricAnnotationsAllowList: description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. type: string metricLabelsAllowlist: description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. type: string type: object + required: + - enabled type: object type: object - azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. - type: string - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. - type: string - disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). - type: boolean - diskEncryptionSetID: + azureName: description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - type: string - dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean - enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' - type: boolean - extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: - name: - description: 'Name: The name of the extended location.' + artifactSource: + description: 'ArtifactSource: The source where the artifacts are downloaded from.' + enum: + - Cache + - Direct type: string - type: - description: 'Type: The type of the extended location.' + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - fqdn: - description: 'Fqdn: The FQDN of the master pool.' + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean + enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' + type: boolean + extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual Machine.' + properties: + name: + description: 'Name: The name of the extended location.' + type: string + type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone + type: string + type: object fqdnSubdomain: description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string @@ -16327,11 +19440,6 @@ spec: description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" - type: string identity: description: 'Identity: The identity of the managed cluster, if configured.' properties: @@ -16345,42 +19453,73 @@ spec: referralResource: description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' - type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object tenantId: description: 'TenantId: The tenant id of the delegated resource - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object description: |- DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object - principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' - type: string - tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' - type: string type: description: |- Type: For more information see [use managed identities in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: - additionalProperties: - properties: - clientId: - description: 'ClientId: The client id of user assigned identity.' - type: string - principalId: - description: 'PrincipalId: The principal id of user assigned identity.' - type: string - type: object description: |- UserAssignedIdentities: The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - type: object + items: + description: Information about the user assigned identity for the resource + properties: + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array type: object identityProfile: additionalProperties: @@ -16389,23 +19528,107 @@ spec: clientId: description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object description: 'IdentityProfile: Identities associated with the cluster.' type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + properties: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only + when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS + zones must be in the same resource group and all private DNS zones must be in the same resource group. + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + type: object + type: object + kind: + description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' + type: string kubernetesVersion: description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: @@ -16413,6 +19636,7 @@ spec: properties: adminUsername: description: 'AdminUsername: The administrator username to use for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' @@ -16427,34 +19651,106 @@ spec: KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: description: 'Location: The geo-location where the resource lives' type: string - maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' - type: integer - name: - description: 'Name: The name of the resource' - type: string + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object networkProfile: description: 'NetworkProfile: The network configuration profile.' properties: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + type: object dnsServiceIP: description: |- DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: description: |- IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: + description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 type: string type: array + kubeProxyConfig: + description: |- + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + properties: + enabled: + description: |- + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + enum: + - LeastConnection + - RoundRobin + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' + type: integer + type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' + enum: + - IPTABLES + - IPVS + type: string + type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -16462,18 +19758,46 @@ spec: description: |- AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 type: integer backendPoolType: description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' + enum: + - ServiceNodePort + - Shared type: string effectiveOutboundIPs: description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array enableMultipleStandardLoadBalancers: @@ -16483,6 +19807,8 @@ spec: description: |- IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' @@ -16491,11 +19817,15 @@ spec: description: |- Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 type: integer countIPv6: description: |- CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: @@ -16506,9 +19836,26 @@ spec: items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -16520,9 +19867,26 @@ spec: items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -16532,6 +19896,9 @@ spec: LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load balancer SKUs. + enum: + - basic + - standard type: string natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' @@ -16541,15 +19908,34 @@ spec: items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array idleTimeoutInMinutes: description: |- IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' @@ -16558,31 +19944,57 @@ spec: description: |- Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' + enum: + - azure + - cilium type: string networkMode: description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' + enum: + - bridge + - transparent type: string networkPlugin: description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' + enum: + - azure + - kubenet + - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' + description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' + enum: + - overlay type: string networkPolicy: description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none type: string outboundType: description: |- OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: description: |- @@ -16591,10 +20003,19 @@ spec: items: type: string type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + enum: + - IMDS + - None + type: string serviceCidr: description: |- ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: description: |- @@ -16603,18 +20024,182 @@ spec: items: type: string type: array - type: object - nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' - type: string - oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' + staticEgressGatewayProfile: + description: |- + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' + properties: + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' + enum: + - Auto + - Manual + type: string + type: object + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' + type: string + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration profile.' + properties: + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' + enum: + - ReadOnly + - Unrestricted + type: string + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean - issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: 'ConfigMaps: configures where to place operator written ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: 'Secrets: configures where to place Azure generated secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: @@ -16646,12 +20231,59 @@ spec: clientId: description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object name: description: 'Name: The name of the pod identity.' @@ -16659,44 +20291,10 @@ spec: namespace: description: 'Namespace: The namespace of the pod identity.' type: string - provisioningInfo: - properties: - error: - description: 'Error: Pod identity assignment error (if any).' - properties: - error: - description: 'Error: Details about the error.' - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - details: - description: 'Details: A list of additional details about the error.' - items: - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: array - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: object - type: object - provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' - type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: @@ -16717,19 +20315,13 @@ spec: type: string description: 'PodLabels: The pod labels to match.' type: object + required: + - name + - namespace + - podLabels type: object type: array type: object - powerState: - description: 'PowerState: The Power State of the cluster.' - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' - type: string privateLinkResources: description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: @@ -16738,15 +20330,29 @@ spec: groupId: description: 'GroupId: The group ID of the resource.' type: string - id: - description: 'Id: The ID of the private link resource.' - type: string name: description: 'Name: The name of the private link resource.' type: string - privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: description: 'RequiredMembers: The RequiredMembers of the resource' items: @@ -16757,17 +20363,36 @@ spec: type: string type: object type: array - provisioningState: - description: 'ProvisioningState: The current provisioning state.' - type: string publicNetworkAccess: description: 'PublicNetworkAccess: Allow or deny public network access for AKS' + enum: + - Disabled + - Enabled + - SecuredByPerimeter type: string - resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) - type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' + properties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' + items: + type: string + type: array + level: + description: |- + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + enum: + - Enforcement + - "Off" + - Warning + type: string + version: + description: 'Version: The version of constraints to use' + type: string + required: + - level + type: object securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' properties: @@ -16791,22 +20416,69 @@ spec: KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault disables public access and enables private link. The default value is `Public`. + enum: + - Private + - Public type: string - keyVaultResourceId: + keyVaultResourceReference: description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - type: string + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object + customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + maxItems: 10 + minItems: 0 + type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: - logAnalyticsWorkspaceResourceId: + logAnalyticsWorkspaceResourceReference: description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. - type: string + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: @@ -16825,6 +20497,26 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -16858,9 +20550,26 @@ spec: keyObjectName: description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string - keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' - type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object rootCertObjectName: description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string @@ -16877,11 +20586,8 @@ spec: enabled: description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' - type: object + required: + - enabled type: object type: array ingressGateways: @@ -16896,7 +20602,13 @@ spec: type: boolean mode: description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal type: string + required: + - enabled + - mode type: object type: array type: object @@ -16907,11 +20619,17 @@ spec: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string + maxItems: 2 type: array type: object mode: description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: description: |- @@ -16921,17 +20639,41 @@ spec: clientId: description: 'ClientId: The ID for the service principal.' type: string + secret: + description: 'Secret: The secret password associated with the service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId type: object sku: description: 'Sku: The managed cluster SKU.' properties: name: description: 'Name: The name of a managed cluster SKU.' + enum: + - Automatic + - Base type: string tier: description: |- Tier: If not specified, the default is 'Free'. See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: @@ -16950,6 +20692,9 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' + type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -16968,37 +20713,15 @@ spec: type: object supportPlan: description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string - systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' - properties: - createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' - type: string - createdBy: - description: 'CreatedBy: The identity that created the resource.' - type: string - createdByType: - description: 'CreatedByType: The type of identity that created the resource.' - type: string - lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' - type: string - lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' - type: string - lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' - type: string - type: object tags: additionalProperties: type: string description: 'Tags: Resource tags.' type: object - type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' - type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: @@ -17021,7 +20744,32 @@ spec: windowsProfile: description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: - adminUsername: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: description: |- AdminUsername: Specifies the name of the administrator account. Restriction: Cannot end in "." @@ -17057,7 +20805,12 @@ spec: description: |- LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' @@ -17068,2148 +20821,2033 @@ spec: enabled: description: 'Enabled: Whether to enable KEDA.' type: boolean + required: + - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' + enum: + - Disabled + - Enabled + type: string enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' + description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean + required: + - enabled type: object type: object + required: + - location + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20231001storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20231001.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20231001.ManagedCluster_Spec + status: + description: Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + description: 'AadProfile: The Azure Active Directory configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. + description: A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean + identity: + description: 'Identity: Information of user assigned identity used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: - description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. + description: Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + artifactStreamingProfile: + description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' + properties: + enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. + type: boolean type: object availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' + type: string count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: description: |- - Storage version of v1api20231001.CreationData - Data used when creating a target resource from a source resource. + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be + exactly equal to it. If orchestratorVersion was , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableAutoScaling: + description: 'EnableAutoScaling: Whether to enable auto-scaler' + type: boolean + enableCustomCATrust: + description: |- + EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a + daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded + certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + gpuProfile: + description: 'GpuProfile: The GPU settings of an agent pool.' properties: - armId: + installGPUDriver: description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. + type: boolean type: object - kubeletConfig: + hostGroupID: description: |- - Storage version of v1api20231001.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + type: string + kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig - Sysctl settings for Linux agent nodes. + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of + the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., + will be printed raw and not be executed as a script). + type: string minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: + description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile - Network settings of an agent pool. + description: 'NetworkProfile: Network-related settings of an agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: |- - Storage version of v1api20231001.PortRange - The port range. + description: The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. type: integer protocol: + description: 'Protocol: The network protocol of the port.' type: string type: object type: array - applicationSecurityGroupsReferences: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: |- - Storage version of v1api20231001.IPTag - Contains the IPTag associated with the object. + description: Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string + nodeInitializationTaints: + description: |- + NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field + can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that + requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the + node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint + nodes node1 key1=value1:NoSchedule-` + items: + type: string + type: array nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixReference: + nodePublicIPPrefixID: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixID: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version and are supported. When is + specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same + once it has been created will not trigger an upgrade, even if a newer patch version is available. As a + best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version + must have the same major version as the control plane. The node pool minor version must be within two minor versions of + the control plane version. The node pool version cannot be greater than the control plane version. For more information + see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or + Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is + deprecated. type: string osType: + description: 'OsType: The operating system type. The default is Linux.' type: string - podSubnetReference: + podIPAllocationMode: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string powerState: description: |- - Storage version of v1api20231001.PowerState - Describes the Power State of the cluster + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' + type: string scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string + securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' + properties: + enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string + type: object spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings - Settings for upgrading an agentpool + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. + items: + type: string + type: array + type: object + type: array + type: object + type: object vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetReference: + vnetSubnetID: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + type: string + windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: - armId: + disableOutboundNat: description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. + type: boolean type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array + aiToolchainOperatorProfile: + description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' + properties: + enabled: + description: 'Enabled: Indicates if AI toolchain operator enabled or not.' + type: boolean + type: object apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: + description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. + type: string + subnetId: + description: |- + SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable + apiserver vnet integration. type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string + daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean + daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. + type: boolean expander: + description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' type: string + ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. + type: boolean max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: + description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' type: string upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. + description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: - $propertyBag: - additionalProperties: - type: string + appMonitoring: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics + and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + autoInstrumentation: + description: |- + AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook + to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the + application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' + type: boolean + type: object + openTelemetryLogs: + description: |- + OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and + Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' + type: integer + type: object + openTelemetryMetrics: + description: |- + OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container + Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + enabled: + description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' + type: boolean + port: + description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' + type: integer + type: object type: object - metrics: + containerInsights: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. + ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & + stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. properties: - $propertyBag: - additionalProperties: - type: string + disableCustomMetrics: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the + default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is + false + type: boolean + disablePrometheusMetricsScraping: + description: |- + DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the + default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field + is false + type: boolean enabled: + description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' type: boolean - kubeStateMetrics: + logAnalyticsWorkspaceResourceId: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure + Monitor Container Insights Logs. + type: string + syslogPort: + description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' + type: integer + type: object + metrics: + description: 'Metrics: Metrics profile for the prometheus service addon' + properties: + enabled: + description: 'Enabled: Whether to enable the Prometheus collector' + type: boolean + kubeStateMetrics: + description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric. type: string metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels + metric. type: string type: object type: object type: object - azureName: + azurePortalFQDN: description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + artifactSource: + description: 'ArtifactSource: The source where the artifacts are downloaded from.' type: string - name: - description: Name is the Kubernetes name of the resource. + containerRegistryId: + description: |- + ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium + SKU and zone redundancy. type: string type: object - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a + snapshot. + properties: + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string + type: object + currentKubernetesVersion: + description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' + type: string + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string + dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string + enableNamespaceResources: + description: |- + EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed + cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as + a ARM Resource. + type: boolean + enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. + type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: |- - Storage version of v1api20231001.ExtendedLocation - The complex type of the extended location. + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' type: string type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - $propertyBag: - additionalProperties: - type: string + effectiveNoProxy: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a + superset of noProxy and values injected by AKS. + items: + type: string + type: array httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - identity: + id: description: |- - Storage version of v1api20231001.ManagedClusterIdentity - Identity for the managed cluster. + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource - Delegated resource properties - internal use only. + description: Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: + description: 'Location: The source resource location - internal use only.' type: string referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' + type: string type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: - items: - description: |- - Storage version of v1api20231001.UserAssignedIdentityDetails - Information about the user assigned identity for the resource + additionalProperties: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned identity.' + type: string type: object - type: array + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. + description: Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object + description: 'IdentityProfile: Identities associated with the cluster.' + type: object + ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' + properties: + webAppRouting: + description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + properties: + dnsZoneResourceIds: + description: |- + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web + App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must + be in the same resource group and all private DNS zones must be in the same resource group. + items: + type: string + type: array + enabled: + description: 'Enabled: Whether to enable Web App Routing.' + type: boolean + identity: + description: |- + Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted + permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See + [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more + instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object + type: object type: object + kind: + description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' + type: string kubernetesVersion: + description: |- + KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades + must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> + 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. + description: Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. type: string type: object type: array type: object type: object location: + description: 'Location: The geo-location where the resource lives' + type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' + type: integer + metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' + properties: + costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for the cluster' + properties: + enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. + type: boolean + type: object + type: object + name: + description: 'Name: The name of the resource' type: string networkProfile: - description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile - Profile of network configuration. + description: 'NetworkProfile: The network configuration profile.' properties: - $propertyBag: - additionalProperties: - type: string + advancedNetworking: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced + networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + properties: + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object type: object dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. type: string ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: + description: To determine if address belongs IPv4 or IPv6 family. type: string type: array - loadBalancerProfile: + kubeProxyConfig: description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. + KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy + defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ + where is represented by a - string. Kubernetes version 1.23 would be '1-23'. properties: - $propertyBag: - additionalProperties: - type: string + enabled: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by + default without these customizations). + type: boolean + ipvsConfig: + description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' + properties: + scheduler: + description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' + type: string + tcpFinTimeoutSeconds: + description: |- + TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive + integer value. + type: integer + tcpTimeoutSeconds: + description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' + type: integer + udpTimeoutSeconds: + description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' + type: integer type: object + mode: + description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' + type: string + type: object + loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' + properties: allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + type: string + clusterServiceLoadBalancerHealthProbeMode: + description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. type: string natGatewayProfile: - description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: + description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. items: type: string type: array + podLinkLocalAccess: + description: |- + PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods + with hostNetwork=false. if not specified, the default is 'IMDS'. + type: string serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. type: string serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array - type: object - nodeResourceGroup: - type: string - oidcIssuerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string + staticEgressGatewayProfile: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. + properties: + enabled: + description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' + type: boolean type: object - enabled: - type: boolean type: object - operatorSpec: - description: |- - Storage version of v1api20231001.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + nodeProvisioningProfile: + description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - configMaps: - description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: Storage version of v1api20231001.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object + mode: + description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' + type: string type: object - originalVersion: + nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource + nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: The node resource group configuration profile.' properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + restrictionLevel: + description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' type: string - name: - description: This is the name of the Kubernetes resource to reference. + type: object + oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' + properties: + enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' + type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. type: boolean enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. + description: Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. + description: 'Identity: The user assigned identity details.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object name: + description: 'Name: The name of the pod identity.' type: string namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + details: + description: 'Details: A list of additional details about the error.' + items: + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the pod identity exception.' type: string namespace: + description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string + description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: |- - Storage version of v1api20231001.PrivateLinkResource - A private link resource + description: A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' type: string name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string - securityProfile: + resourceUID: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile - Security profile for the container service cluster. + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string + safeguardsProfile: + description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' properties: - $propertyBag: - additionalProperties: + excludedNamespaces: + description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' + items: type: string + type: array + level: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS + excludes via systemExcludedNamespaces + type: string + systemExcludedNamespaces: + description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' + items: + type: string + type: array + version: + description: 'Version: The version of constraints to use' + type: string + type: object + securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' + properties: azureKeyVaultKms: description: |- - Storage version of v1api20231001.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. type: string - keyVaultResourceReference: + keyVaultResourceId: description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string type: object - defender: + customCATrustCertificates: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the + Custom CA Trust feature enabled. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + items: + type: string + type: array + defender: + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: + logAnalyticsWorkspaceResourceId: description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object + imageIntegrity: + description: |- + ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This + will not have any effect unless Azure Policy is applied to enforce image signatures. See + https://aka.ms/aks/image-integrity for how to use this feature via policy. + properties: + enabled: + description: 'Enabled: Whether to enable image integrity. The default value is false.' + type: boolean + type: object + nodeRestriction: + description: |- + NodeRestriction: [Node + Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings + for the security profile. + properties: + enabled: + description: 'Enabled: Whether to enable Node Restriction' + type: boolean + type: object workloadIdentity: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20231001.ServiceMeshProfile - Service mesh profile for a managed cluster. + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20231001.IstioServiceMesh - Istio service mesh configuration. + description: 'Istio: Istio service mesh configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: description: |- - Storage version of v1api20231001.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. + description: 'Plugin: Plugin certificates information for Service Mesh.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key Vault.' type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: |- - Storage version of v1api20231001.IstioComponents - Istio components configuration. + description: 'Components: Istio components configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: + description: 'EgressGateways: Istio egress gateways.' items: - description: |- - Storage version of v1api20231001.IstioEgressGateway - Istio egress gateway configuration. + description: Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' items: description: |- - Storage version of v1api20231001.IstioIngressGateway Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: + description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: + description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The ID for the service principal.' type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object type: object sku: - description: |- - Storage version of v1api20231001.ManagedClusterSKU - The SKU of a Managed Cluster. + description: 'Sku: The managed cluster SKU.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of a managed cluster SKU.' type: string tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile - Storage profile for the container service cluster. + description: 'StorageProfile: Storage profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean + version: + description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' + type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object tags: additionalProperties: type: string + description: 'Tags: Resource tags.' type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' + type: string upgradeSettings: - description: |- - Storage version of v1api20231001.ClusterUpgradeSettings - Settings for upgrading a cluster. + description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20231001.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. + description: 'OverrideSettings: Settings for overrides.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters type: string enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: |- - Storage version of v1api20231001.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: + description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + addonAutoscaling: + description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' + type: string enabled: + description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean type: object type: object - required: - - owner type: object - status: + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240402previewstorage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240402preview.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: description: |- - Storage version of v1api20231001.ManagedCluster_STATUS - Managed cluster. + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240402preview.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -19220,7 +22858,7 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20231001.ManagedClusterAADProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAADProfile For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: @@ -19250,7 +22888,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAddonProfile A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -19266,31 +22904,12 @@ spec: type: object enabled: type: boolean - identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object agentPoolProfiles: items: description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile Profile for the container service agent pool. properties: $propertyBag: @@ -19300,17 +22919,48 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object availabilityZones: items: type: string type: array - capacityReservationGroupID: - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: type: integer creationData: description: |- - Storage version of v1api20231001.CreationData_STATUS + Storage version of v1api20240402preview.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -19320,13 +22970,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string enableAutoScaling: type: boolean + enableCustomCATrust: + type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -19335,13 +23003,62 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string - hostGroupID: - type: string + gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + installGPUDriver: + type: boolean + type: object + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: description: |- - Storage version of v1api20231001.KubeletConfig_STATUS + Storage version of v1api20240402preview.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -19380,7 +23097,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS + Storage version of v1api20240402preview.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -19394,7 +23111,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20231001.SysctlConfig_STATUS + Storage version of v1api20240402preview.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -19470,6 +23187,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -19478,7 +23197,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS + Storage version of v1api20240402preview.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -19491,7 +23210,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20231001.PortRange_STATUS + Storage version of v1api20240402preview.PortRange The port range. properties: $propertyBag: @@ -19509,14 +23228,32 @@ spec: type: string type: object type: array - applicationSecurityGroups: + applicationSecurityGroupsReferences: items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: items: description: |- - Storage version of v1api20231001.IPTag_STATUS + Storage version of v1api20240402preview.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -19533,14 +23270,36 @@ spec: type: object type: array type: object - nodeImageVersion: - type: string + nodeInitializationTaints: + items: + type: string + type: array nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: items: type: string @@ -19555,11 +23314,34 @@ spec: type: string osType: type: string - podSubnetID: + podIPAllocationMode: type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: description: |- - Storage version of v1api20231001.PowerState_STATUS + Storage version of v1api20240402preview.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -19572,16 +23354,51 @@ spec: code: type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object scaleDownMode: type: string scaleSetEvictionPolicy: type: string scaleSetPriority: type: string + securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: + type: boolean + enableVTPM: + type: boolean + sshAccess: + type: string + type: object spotMaxPrice: type: number tags: @@ -19592,7 +23409,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20240402preview.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -19606,136 +23423,16 @@ spec: type: integer maxSurge: type: string + nodeSoakDurationInMinutes: + type: integer + undrainableNodeBehavior: + type: string type: object - vmSize: - type: string - vnetSubnetID: - type: string - workloadRuntime: - type: string - type: object - type: array - apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - expander: - type: string - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: + virtualMachineNodesStatus: + items: description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: @@ -19744,74 +23441,132 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: + count: + type: integer + size: type: string type: object - type: object - type: object - azurePortalFQDN: - type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: + type: array + virtualMachinesProfile: description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + manual: + items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + vmSize: type: string - severity: + vnetSubnetReference: description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: + type: boolean + type: object + workloadRuntime: type: string - required: - - lastTransitionTime - - reason - - status - - type type: object type: array - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: + aiToolchainOperatorProfile: description: |- - Storage version of v1api20231001.ExtendedLocation_STATUS - The complex type of the extended location. + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. properties: $propertyBag: additionalProperties: @@ -19820,19 +23575,13 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - name: - type: string - type: - type: string + enabled: + type: boolean type: object - fqdn: - type: string - fqdnSubdomain: - type: string - httpProxyConfig: + apiServerAccessProfile: description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: @@ -19841,23 +23590,25 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: + authorizedIPRanges: items: type: string type: array - trustedCa: + disableRunCommand: + type: boolean + enablePrivateCluster: + type: boolean + enablePrivateClusterPublicFQDN: + type: boolean + enableVnetIntegration: + type: boolean + privateDNSZone: + type: string + subnetId: type: string type: object - id: - type: string - identity: - description: |- - Storage version of v1api20231001.ManagedClusterIdentity_STATUS - Identity for the managed cluster. + autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -19866,80 +23617,51 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource_STATUS - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceId: - type: string - tenantId: - type: string - type: object - type: object - principalId: + balance-similar-node-groups: type: string - tenantId: + daemonset-eviction-for-empty-nodes: + type: boolean + daemonset-eviction-for-occupied-nodes: + type: boolean + expander: type: string - type: + ignore-daemonsets-utilization: + type: boolean + max-empty-bulk-delete: + type: string + max-graceful-termination-sec: + type: string + max-node-provision-time: + type: string + max-total-unready-percentage: + type: string + new-pod-scale-up-delay: + type: string + ok-total-unready-count: + type: string + scale-down-delay-after-add: + type: string + scale-down-delay-after-delete: + type: string + scale-down-delay-after-failure: + type: string + scale-down-unneeded-time: + type: string + scale-down-unready-time: + type: string + scale-down-utilization-threshold: + type: string + scan-interval: + type: string + skip-nodes-with-local-storage: + type: string + skip-nodes-with-system-pods: type: string - userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - principalId: - type: string - type: object - type: object - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object - kubernetesVersion: - type: string - linuxProfile: + autoUpgradeProfile: description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -19948,49 +23670,15 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - adminUsername: + nodeOSUpgradeChannel: + type: string + upgradeChannel: type: string - ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object type: object - location: - type: string - maxAgentPools: - type: integer - name: - type: string - networkProfile: + azureMonitorProfile: description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile + Prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -19999,16 +23687,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - loadBalancerProfile: + appMonitoring: description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -20017,33 +23701,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -20052,13 +23715,15 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - count: - type: integer - countIPv6: - type: integer + enabled: + type: boolean type: object - outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -20067,26 +23732,17 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array + enabled: + type: boolean + port: + type: integer type: object - outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: @@ -20095,31 +23751,17 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - publicIPs: - items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array + enabled: + type: boolean + port: + type: integer type: object type: object - loadBalancerSku: - type: string - natGatewayProfile: + containerInsights: description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. properties: $propertyBag: additionalProperties: @@ -20128,29 +23770,55 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - idleTimeoutInMinutes: + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing + Azure Monitor Container Insights Logs. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + syslogPort: type: integer - managedOutboundIPProfile: + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: @@ -20159,41 +23827,143 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - count: - type: integer + metricAnnotationsAllowList: + type: string + metricLabelsAllowlist: + type: string type: object type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile + The bootstrap profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: type: string - networkPluginMode: + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + creationData: + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string - networkPolicy: + group: + description: Group is the Kubernetes group of the resource. type: string - outboundType: + kind: + description: Kind is the Kubernetes kind of the resource. type: string - podCidr: + name: + description: Name is the Kubernetes name of the resource. type: string - podCidrs: - items: + type: object + dnsPrefix: + type: string + enableNamespaceResources: + type: boolean + enablePodSecurityPolicy: + type: boolean + enableRBAC: + type: boolean + extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation + The complex type of the extended location. + properties: + $propertyBag: + additionalProperties: type: string - type: array - serviceCidr: + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + type: type: string - serviceCidrs: - items: - type: string - type: array type: object - nodeResourceGroup: + fqdnSubdomain: type: string - oidcIssuerProfile: + httpProxyConfig: description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: @@ -20202,16 +23972,21 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean - issuerURL: + httpProxy: + type: string + httpsProxy: + type: string + noProxy: + items: + type: string + type: array + trustedCa: type: string type: object - podIdentityProfile: + identity: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. + Storage version of v1api20240402preview.ManagedClusterIdentity + Identity for the managed cluster. properties: $propertyBag: additionalProperties: @@ -20220,15 +23995,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: + delegatedResources: + additionalProperties: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. + Storage version of v1api20240402preview.DelegatedResource + Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: @@ -20237,103 +24008,41 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - bindingSelector: + location: type: string - identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. + referralResource: + type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string - objectId: + group: + description: Group is the Kubernetes group of the resource. type: string - resourceId: + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: + tenantId: type: string type: object - type: array - userAssignedIdentityExceptions: + type: object + type: + type: string + userAssignedIdentities: items: description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + Storage version of v1api20240402preview.UserAssignedIdentityDetails + Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: @@ -20342,39 +24051,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object type: object type: array type: object - powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string - privateLinkResources: - items: + identityProfile: + additionalProperties: description: |- - Storage version of v1api20231001.PrivateLinkResource_STATUS - A private link resource + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. properties: $propertyBag: additionalProperties: @@ -20383,32 +24087,70 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - groupId: - type: string - id: - type: string - name: - type: string - privateLinkServiceID: + clientId: type: string - requiredMembers: - items: - type: string - type: array - type: + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: array - provisioningState: - type: string - publicNetworkAccess: - type: string - resourceUID: - type: string - securityProfile: + type: object + ingressProfile: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. + Storage version of v1api20240402preview.ManagedClusterIngressProfile + Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -20417,10 +24159,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - azureKeyVaultKms: + webAppRouting: description: |- - Storage version of v1api20231001.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting + Web App Routing settings for the ingress profile. properties: $propertyBag: additionalProperties: @@ -20429,19 +24171,54 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceId: - type: string + dnsZoneResourceReferences: + items: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean type: object - defender: + type: object + kind: + type: string + kubernetesVersion: + type: string + linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminUsername: + type: string + ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: @@ -20450,46 +24227,43 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logAnalyticsWorkspaceResourceId: - type: string - securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: + publicKeys: + items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object + type: object + type: array type: object - imageCleaner: + type: object + location: + type: string + metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - workloadIdentity: + costAnalysis: description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. + Storage version of v1api20240402preview.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: @@ -20502,10 +24276,10 @@ spec: type: boolean type: object type: object - serviceMeshProfile: + networkProfile: description: |- - Storage version of v1api20231001.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. + Storage version of v1api20240402preview.ContainerServiceNetworkProfile + Profile of network configuration. properties: $propertyBag: additionalProperties: @@ -20514,10 +24288,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - istio: + advancedNetworking: description: |- - Storage version of v1api20231001.IstioServiceMesh_STATUS - Istio service mesh configuration. + Storage version of v1api20240402preview.AdvancedNetworking + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: @@ -20526,11 +24301,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - certificateAuthority: + observability: description: |- - Storage version of v1api20231001.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca + Storage version of v1api20240402preview.AdvancedNetworkingObservability + Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: @@ -20539,34 +24313,109 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - plugin: + enabled: + type: boolean + type: object + type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array + kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultId: - type: string - rootCertObjectName: - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + scheduler: + type: string + tcpFinTimeoutSeconds: + type: integer + tcpTimeoutSeconds: + type: integer + udpTimeoutSeconds: + type: integer type: object - components: + mode: + type: string + type: object + loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.IstioComponents_STATUS - Istio components configuration. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: + type: integer + backendPoolType: + type: string + clusterServiceLoadBalancerHealthProbeMode: + type: string + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + enableMultipleStandardLoadBalancers: + type: boolean + idleTimeoutInMinutes: + type: integer + managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -20575,11 +24424,26 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - egressGateways: + count: + type: integer + countIPv6: + type: integer + type: object + outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixes: items: description: |- - Storage version of v1api20231001.IstioEgressGateway_STATUS - Istio egress gateway configuration. + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -20588,20 +24452,44 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean - nodeSelector: - additionalProperties: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object type: object type: array - ingressGateways: + type: object + outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPs: items: description: |- - Storage version of v1api20231001.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -20610,25 +24498,141 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean - mode: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object - revisions: - items: + type: object + loadBalancerSku: + type: string + natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. + properties: + $propertyBag: + additionalProperties: type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveOutboundIPs: + items: + description: |- + Storage version of v1api20240402preview.ResourceReference + A reference to an Azure resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object type: array + idleTimeoutInMinutes: + type: integer + managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + type: object type: object - mode: + networkDataplane: + type: string + networkMode: + type: string + networkPlugin: + type: string + networkPluginMode: + type: string + networkPolicy: + type: string + outboundType: + type: string + podCidr: type: string + podCidrs: + items: + type: string + type: array + podLinkLocalAccess: + type: string + serviceCidr: + type: string + serviceCidrs: + items: + type: string + type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. + nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile properties: $propertyBag: additionalProperties: @@ -20637,13 +24641,15 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - clientId: + mode: type: string type: object - sku: + nodeResourceGroup: + type: string + nodeResourceGroupProfile: description: |- - Storage version of v1api20231001.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -20652,15 +24658,13 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - name: - type: string - tier: + restrictionLevel: type: string type: object - storageProfile: + oidcIssuerProfile: description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: @@ -20669,25 +24673,52 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - blobCSIDriver: + enabled: + type: boolean + type: object + operatorSpec: + description: |- + Storage version of v1api20240402preview.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. + configMapExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: @@ -20696,28 +24727,56 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean - type: object - fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string + oidcIssuerProfile: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name type: object - enabled: - type: boolean type: object - snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: @@ -20726,16 +24785,64 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - enabled: - type: boolean + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object type: object type: object - supportPlan: + originalVersion: type: string - systemData: + owner: description: |- - Storage version of v1api20231001.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: $propertyBag: additionalProperties: @@ -20744,29 +24851,199 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: + type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array + type: object + privateLinkResources: + items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource + A private link resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + groupId: + type: string + name: + type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + requiredMembers: + items: + type: string + type: array + type: + type: string + type: object + type: array + publicNetworkAccess: + type: string + safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile + The Safeguards profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + excludedNamespaces: + items: + type: string + type: array + level: type: string - lastModifiedByType: + version: type: string type: object - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: + securityProfile: description: |- - Storage version of v1api20231001.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. + Storage version of v1api20240402preview.ManagedClusterSecurityProfile + Security profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -20775,10 +25052,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - overrideSettings: + azureKeyVaultKms: description: |- - Storage version of v1api20231001.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. + Storage version of v1api20240402preview.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: @@ -20787,32 +25064,95 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - forceUpgrade: + enabled: type: boolean - until: + keyId: type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: + customCATrustCertificates: + items: type: string + type: array + defender: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: + imageCleaner: description: |- - Storage version of v1api20231001.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: $propertyBag: additionalProperties: @@ -20821,32 +25161,30 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - dnsServer: - type: string enabled: type: boolean - rootDomainName: - type: string + intervalHours: + type: integer type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string + imageIntegrity: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity + Image integrity related settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean type: object - keda: + nodeRestriction: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction + Node Restriction settings for the security profile. properties: $propertyBag: additionalProperties: @@ -20858,10 +25196,10 @@ spec: enabled: type: boolean type: object - verticalPodAutoscaler: + workloadIdentity: description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: @@ -20874,50 +25212,428 @@ spec: type: boolean type: object type: object + serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile + Service mesh profile for a managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh + Istio service mesh configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20240402preview.IstioComponents + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array + type: object + mode: + type: string + type: object + servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + type: object + sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + tier: + type: string + type: object + storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + version: + type: string + type: object + fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + supportPlan: + type: string + tags: + additionalProperties: + type: string + type: object + upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings + Settings for upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object + type: object + windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + type: string + enableCSIProxy: + type: boolean + gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: + type: string + enabled: + type: boolean + rootDomainName: + type: string + type: object + licenseType: + type: string + type: object + workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + addonAutoscaling: + type: string + enabled: + type: boolean + type: object + type: object + required: + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20231102preview - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: + status: + description: |- + Storage version of v1api20240402preview.ManagedCluster_STATUS + Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object aadProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminGroupObjectIDs: items: type: string @@ -20937,22 +25653,67 @@ spec: type: object addonProfiles: additionalProperties: + description: |- + Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object config: additionalProperties: type: string type: object enabled: type: boolean - required: - - enabled + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object type: object agentPoolProfiles: items: + description: |- + Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object artifactStreamingProfile: + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object @@ -20960,51 +25721,29 @@ spec: items: type: string type: array - capacityReservationGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + capacityReservationGroupID: + type: string + count: + type: integer + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - count: - type: integer - creationData: - properties: - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + sourceResourceId: + type: string type: object + currentOrchestratorVersion: + type: string + eTag: + type: string enableAutoScaling: type: boolean enableCustomCATrust: @@ -21017,47 +25756,55 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string gpuProfile: + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object installGPUDriver: type: boolean type: object - hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + hostGroupID: + type: string kubeletConfig: + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedUnsafeSysctls: items: type: string type: array containerLogMaxFiles: - minimum: 2 type: integer containerLogMaxSizeMB: type: integer @@ -21079,16 +25826,33 @@ spec: type: string type: object kubeletDiskType: - enum: - - OS - - Temporary type: string linuxOSConfig: + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object swapFileSizeMB: type: integer sysctls: + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object fsAioMaxNr: type: integer fsFileMax: @@ -21134,16 +25898,10 @@ spec: netIpv4TcpTwReuse: type: boolean netIpv4TcpkeepaliveIntvl: - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: type: integer @@ -21166,58 +25924,59 @@ spec: minCount: type: integer mode: - enum: - - System - - User type: string name: - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedHostPorts: items: + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object portEnd: - maximum: 65535 - minimum: 1 type: integer portStart: - maximum: 65535 - minimum: 1 type: integer protocol: - enum: - - TCP - - UDP type: string type: object type: array - applicationSecurityGroupsReferences: + applicationSecurityGroups: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: items: + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object ipTagType: type: string tag: @@ -21225,6 +25984,8 @@ spec: type: object type: array type: object + nodeImageVersion: + type: string nodeInitializationTaints: items: type: string @@ -21233,26 +25994,8 @@ spec: additionalProperties: type: string type: object - nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + nodePublicIPPrefixID: + type: string nodeTaints: items: type: string @@ -21260,102 +26003,59 @@ spec: orchestratorVersion: type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - enum: - - Ephemeral - - Managed type: string osSKU: - enum: - - AzureLinux - - CBLMariner - - Mariner - - Ubuntu - - Windows2019 - - Windows2022 - - WindowsAnnual type: string osType: - enum: - - Linux - - Windows type: string - podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + podIPAllocationMode: + type: string + podSubnetID: + type: string powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster properties: - code: - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string scaleDownMode: - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - enum: - - Deallocate - - Delete type: string scaleSetPriority: - enum: - - Regular - - Spot type: string securityProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enableSecureBoot: type: boolean enableVTPM: type: boolean sshAccess: - enum: - - Disabled - - LocalUser type: string type: object spotMaxPrice: @@ -21365,27 +26065,41 @@ spec: type: string type: object type: - enum: - - AvailabilitySet - - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object drainTimeoutInMinutes: - maximum: 1440 - minimum: 1 type: integer maxSurge: type: string nodeSoakDurationInMinutes: - maximum: 30 - minimum: 0 type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: type: integer size: @@ -21393,15 +26107,66 @@ spec: type: object type: array virtualMachinesProfile: + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object scale: + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: - maximum: 1000 - minimum: 0 type: integer sizes: items: @@ -21413,48 +26178,56 @@ spec: type: object vmSize: type: string - vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + vnetSubnetID: + type: string windowsProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object disableOutboundNat: type: boolean type: object workloadRuntime: - enum: - - KataMshvVmIsolation - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array aiToolchainOperatorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object apiServerAccessProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object authorizedIPRanges: items: type: string @@ -21473,7 +26246,15 @@ spec: type: string type: object autoScalerProfile: + description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object balance-similar-node-groups: type: string daemonset-eviction-for-empty-nodes: @@ -21481,11 +26262,6 @@ spec: daemonset-eviction-for-occupied-nodes: type: boolean expander: - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: type: boolean @@ -21521,138 +26297,248 @@ spec: type: string type: object autoUpgradeProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object nodeOSUpgradeChannel: - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS + Prometheus addon profile for the container service cluster properties: - logs: - properties: - appMonitoring: - properties: - enabled: - type: boolean - type: object - containerInsights: - properties: - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + appMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS + Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces + through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + autoInstrumentation: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS + Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument + Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - windowsHostLogs: - properties: - enabled: - type: boolean + enabled: + type: boolean + type: object + openTelemetryLogs: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects + OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + enabled: + type: boolean + port: + type: integer type: object - type: object - metrics: - properties: - appMonitoringOpenTelemetryMetrics: + openTelemetryMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS + Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects + OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See + aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean + port: + type: integer + type: object + type: object + containerInsights: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS + Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See + aka.ms/AzureMonitorContainerInsights for an overview. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableCustomMetrics: + type: boolean + disablePrometheusMetricsScraping: + type: boolean + enabled: + type: boolean + logAnalyticsWorkspaceResourceId: + type: string + syslogPort: + type: integer + type: object + metrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the prometheus service addon + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: + description: |- + Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics for prometheus addon profile for the container service cluster properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metricAnnotationsAllowList: type: string metricLabelsAllowlist: type: string type: object - required: - - enabled type: object type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + azurePortalFQDN: type: string - creationData: + bootstrapProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS + The bootstrap profile. properties: - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + artifactSource: + type: string + containerRegistryId: + type: string type: object - disableLocalAccounts: - type: boolean - diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + creationData: + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + sourceResourceId: type: string type: object + currentKubernetesVersion: + type: string + disableLocalAccounts: + type: boolean + diskEncryptionSetID: + type: string dnsPrefix: type: string + eTag: + type: string enableNamespaceResources: type: boolean enablePodSecurityPolicy: @@ -21660,18 +26546,42 @@ spec: enableRBAC: type: boolean extendedLocation: + description: |- + Storage version of v1api20240402preview.ExtendedLocation_STATUS + The complex type of the extended location. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: type: string type: - enum: - - EdgeZone type: string type: object + fqdn: + type: string fqdnSubdomain: type: string httpProxyConfig: + description: |- + Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + effectiveNoProxy: + items: + type: string + type: array httpProxy: type: string httpsProxy: @@ -21683,188 +26593,292 @@ spec: trustedCa: type: string type: object + id: + type: string identity: + description: |- + Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS + Identity for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object delegatedResources: additionalProperties: + description: |- + Storage version of v1api20240402preview.DelegatedResource_STATUS + Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object location: type: string referralResource: type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string tenantId: - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object type: object + principalId: + type: string + tenantId: + type: string type: - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - items: + additionalProperties: + description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: type: string objectId: type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object type: object ingressProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object webAppRouting: + description: |- + Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS + Web App Routing settings for the ingress profile. properties: - dnsZoneResourceReferences: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array enabled: type: boolean + identity: + description: |- + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object type: object + kind: + type: string kubernetesVersion: type: string linuxProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminUsername: - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicKeys: items: + description: |- + Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: type: string + maxAgentPools: + type: integer metricsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. properties: - costAnalysis: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + costAnalysis: + description: |- + Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object + name: + type: string networkProfile: + description: |- + Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworking: + description: |- + Storage version of v1api20240402preview.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may + incur additional costs. For more information see aka.ms/aksadvancednetworking. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + observability: + description: |- + Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object dnsServiceIP: - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: items: - enum: - - IPv4 - - IPv6 type: string type: array kubeProxyConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean ipvsConfig: + description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object scheduler: - enum: - - LeastConnection - - RoundRobin type: string tcpFinTimeoutSeconds: type: integer @@ -21874,473 +26888,441 @@ spec: type: integer type: object mode: - enum: - - IPTABLES - - IPVS type: string type: object loadBalancerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allocatedOutboundPorts: - maximum: 64000 - minimum: 0 type: integer backendPoolType: - enum: - - NodeIP - - NodeIPConfiguration + type: string + clusterServiceLoadBalancerHealthProbeMode: type: string effectiveOutboundIPs: items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: - maximum: 100 - minimum: 1 type: integer countIPv6: - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPPrefixes: items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object outboundIPs: + description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPs: items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: - enum: - - basic - - standard type: string - monitoring: - properties: - enabled: - type: boolean - type: object natGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object effectiveOutboundIPs: items: + description: |- + Storage version of v1api20240402preview.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array idleTimeoutInMinutes: - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object count: - maximum: 16 - minimum: 1 type: integer type: object type: object networkDataplane: - enum: - - azure - - cilium type: string networkMode: - enum: - - bridge - - transparent type: string networkPlugin: - enum: - - azure - - kubenet - - none type: string networkPluginMode: - enum: - - overlay type: string networkPolicy: - enum: - - azure - - calico - - cilium - - none type: string outboundType: - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: items: type: string type: array + podLinkLocalAccess: + type: string serviceCidr: - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: items: type: string type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object nodeProvisioningProfile: + description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object mode: - enum: - - Auto - - Manual type: string type: object nodeResourceGroup: type: string nodeResourceGroupProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object restrictionLevel: - enum: - - ReadOnly - - Unrestricted type: string type: object oidcIssuerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean + issuerURL: + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. properties: - key: + $propertyBag: + additionalProperties: + type: string description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: type: string - name: + identity: description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + type: string + provisioningInfo: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + type: object + provisioningState: type: string - required: - - name - - value type: object type: array - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - properties: - bindingSelector: - type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object name: type: string namespace: type: string - required: - - identity - - name - - namespace - type: object - type: array - userAssignedIdentityExceptions: - items: - properties: - name: - type: string - namespace: - type: string podLabels: additionalProperties: type: string type: object - required: - - name - - namespace - - podLabels type: object type: array type: object + powerState: + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string privateLinkResources: items: + description: |- + Storage version of v1api20240402preview.PrivateLinkResource_STATUS + A private link resource properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object groupId: type: string + id: + type: string name: type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: items: type: string @@ -22349,278 +27331,451 @@ spec: type: string type: object type: array + provisioningState: + type: string publicNetworkAccess: - enum: - - Disabled - - Enabled - - SecuredByPerimeter + type: string + resourceUID: type: string safeguardsProfile: + description: |- + Storage version of v1api20240402preview.SafeguardsProfile_STATUS + The Safeguards profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object excludedNamespaces: items: type: string type: array level: - enum: - - Enforcement - - "Off" - - Warning type: string + systemExcludedNamespaces: + items: + type: string + type: array version: type: string - required: - - level type: object securityProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object azureKeyVaultKms: + description: |- + Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean keyId: type: string keyVaultNetworkAccess: - enum: - - Private - - Public type: string - keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultResourceId: + type: string type: object customCATrustCertificates: items: type: string - maxItems: 10 - minItems: 0 type: array defender: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. properties: - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + logAnalyticsWorkspaceResourceId: + type: string securityMonitoring: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object imageCleaner: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean intervalHours: type: integer type: object imageIntegrity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS + Image integrity related settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object nodeRestriction: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS + Node Restriction settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object workloadIdentity: + description: |- + Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object serviceMeshProfile: + description: |- + Storage version of v1api20240402preview.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object istio: + description: |- + Storage version of v1api20240402preview.IstioServiceMesh_STATUS + Istio service mesh configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object certificateAuthority: + description: |- + Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object plugin: + description: |- + Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object certChainObjectName: type: string certObjectName: type: string keyObjectName: type: string - keyVaultReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultId: + type: string rootCertObjectName: type: string type: object type: object components: + description: |- + Storage version of v1api20240402preview.IstioComponents_STATUS + Istio components configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object egressGateways: items: + description: |- + Storage version of v1api20240402preview.IstioEgressGateway_STATUS + Istio egress gateway configuration. properties: - enabled: - type: boolean - nodeSelector: + $propertyBag: additionalProperties: type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - required: - - enabled + enabled: + type: boolean type: object type: array ingressGateways: items: + description: |- + Storage version of v1api20240402preview.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean mode: - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: items: type: string - maxItems: 2 type: array type: object mode: - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - clientId: - type: string - secret: + $propertyBag: + additionalProperties: + type: string description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - required: - - clientId + clientId: + type: string type: object sku: + description: |- + Storage version of v1api20240402preview.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - enum: - - Base type: string tier: - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. properties: - blobCSIDriver: - properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object diskCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean version: type: string type: object fileCSIDriver: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object snapshotController: + description: |- + Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean type: object type: object supportPlan: - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string + systemData: + description: |- + Storage version of v1api20240402preview.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string type: object + type: + type: string upgradeSettings: + description: |- + Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object overrideSettings: + description: |- + Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object forceUpgrade: type: boolean until: @@ -22628,30 +27783,33 @@ spec: type: object type: object windowsProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. properties: - adminPassword: + $propertyBag: + additionalProperties: + type: string description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: + description: |- + Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object dnsServer: type: string enabled: @@ -22660,3536 +27818,4008 @@ spec: type: string type: object licenseType: - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keda: + description: |- + Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: type: boolean - required: - - enabled type: object verticalPodAutoscaler: + description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object addonAutoscaling: - enum: - - Disabled - - Enabled type: string enabled: type: boolean - required: - - enabled type: object type: object - required: - - location - - owner type: object - status: + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: properties: aadProfile: + description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: + description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object + required: + - enabled type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: + description: Profile for the container service agent pool. properties: - artifactStreamingProfile: - properties: - enabled: - type: boolean - type: object availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array - capacityReservationGroupID: - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string enableAutoScaling: - type: boolean - enableCustomCATrust: + description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string - gpuProfile: + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: - installGPUDriver: - type: boolean + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - hostGroupID: - type: string kubeletConfig: + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. + minimum: 2 type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. + enum: + - OS + - Temporary type: string linuxOSConfig: + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - type: string minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - System + - User type: string name: + description: 'Name: Windows agent pool names must be 6 characters or less.' + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: + description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: + description: The port range. properties: portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. + maximum: 65535 + minimum: 1 type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. + maximum: 65535 + minimum: 1 type: integer protocol: + description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP type: string type: object type: array - applicationSecurityGroups: + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: + description: Contains the IPTag associated with the object. properties: ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeImageVersion: - type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' + items: + type: string + type: array + orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string - podSubnetID: + osDiskSizeGB: + maximum: 2048 + minimum: 0 + type: integer + osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed + type: string + osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - CBLMariner + - Ubuntu + - Windows2019 + - Windows2022 + type: string + osType: + description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded properties: code: + description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. + enum: + - Deallocate + - Delete type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot type: string securityProfile: + description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - type: string type: object spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets type: string upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 type: integer type: object - virtualMachineNodesStatus: - items: - properties: - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - properties: - scale: - properties: - manual: - items: - properties: - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object - type: object vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetID: - type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object windowsProfile: + description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array - aiToolchainOperatorProfile: - properties: - enabled: - type: boolean - type: object apiServerAccessProfile: + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - type: boolean - enableVnetIntegration: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - type: string - subnetId: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. type: string type: object autoScalerProfile: + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random type: string ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. type: boolean max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: + description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: - logs: - properties: - appMonitoring: - properties: - enabled: - type: boolean - type: object - containerInsights: - properties: - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - windowsHostLogs: - properties: - enabled: - type: boolean - type: object - type: object - type: object metrics: + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - appMonitoringOpenTelemetryMetrics: - properties: - enabled: - type: boolean - type: object enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object + required: + - enabled type: object type: object - azurePortalFQDN: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: + disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: - sourceResourceId: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enableNamespaceResources: - type: boolean enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' + enum: + - EdgeZone type: string type: object - fqdn: - type: string fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - effectiveNoProxy: - items: - type: string - type: array httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - id: - type: string identity: + description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: + description: Delegated resource properties - internal use only. properties: location: + description: 'Location: The source resource location - internal use only.' type: string referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceId: - type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object - principalId: - type: string - tenantId: - type: string type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: - additionalProperties: + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + items: + description: Information about the user assigned identity for the resource properties: - clientId: - type: string - principalId: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: object + type: array type: object identityProfile: additionalProperties: + description: Details about a user assigned identity. properties: clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: + description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object + description: |- + IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only + one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: + description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: + description: |- + WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this + feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: - dnsZoneResourceIds: + dnsZoneResourceReferences: + description: |- + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only + when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all + public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array enabled: + description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: + description: Contains information about SSH certificate public key data. properties: keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: + description: 'Location: The geo-location where the resource lives' type: string - maxAgentPools: - type: integer metricsProfile: + description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: + description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object - name: - type: string networkProfile: + description: 'NetworkProfile: The network configuration profile.' properties: - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: + advancedNetworking: + description: |- + AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For + more information see aka.ms/aksadvancednetworking. properties: enabled: + description: |- + Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. + When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If + not specified, the default is false. type: boolean - ipvsConfig: + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + security: + description: 'Security: Security profile to enable security features on cilium based cluster.' + properties: + enabled: + description: |- + Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on + cilium based clusters. If not specified, the default is false. + type: boolean type: object - mode: - type: string type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + enum: + - IPv4 + - IPv6 + type: string + type: array loadBalancerProfile: + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 type: integer backendPoolType: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. + enum: + - basic + - standard type: string - monitoring: - properties: - enabled: - type: boolean - type: object natGatewayProfile: + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: + description: A reference to an Azure resource. properties: - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' + enum: + - azure + - cilium type: string networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' + enum: + - bridge + - transparent type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' + enum: + - azure + - kubenet + - none type: string networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should use.' + enum: + - overlay type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none type: string outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. items: type: string type: array serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object - nodeProvisioningProfile: - properties: - mode: - type: string - type: object nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: + description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: + description: |- + RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is + 'Unrestricted' + enum: + - ReadOnly + - Unrestricted type: string type: object oidcIssuerProfile: + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean - issuerURL: - type: string type: object - podIdentityProfile: + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure properties: - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: - bindingSelector: - type: string - identity: - properties: - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - properties: - error: - properties: - error: - properties: - code: - type: string - details: - items: - properties: - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - properties: name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - namespace: + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string - podLabels: - additionalProperties: - type: string - type: object + required: + - name + - value type: object type: array - type: object - powerState: + configMaps: + description: 'ConfigMaps: configures where to place operator written ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: 'Secrets: configures where to place Azure generated secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource properties: - code: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. type: string type: object - privateFQDN: - type: string + podIdentityProfile: + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. + properties: + allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' + items: + description: Details about the pod identity assigned to the Managed Cluster. + properties: + bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' + type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + name: + description: 'Name: The name of the pod identity.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + required: + - identity + - name + - namespace + type: object + type: array + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' + items: + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + name: + description: 'Name: The name of the pod identity exception.' + type: string + namespace: + description: 'Namespace: The namespace of the pod identity exception.' + type: string + podLabels: + additionalProperties: + type: string + description: 'PodLabels: The pod labels to match.' + type: object + required: + - name + - namespace + - podLabels + type: object + type: array + type: object privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: + description: A private link resource properties: groupId: - type: string - id: + description: 'GroupId: The group ID of the resource.' type: string name: + description: 'Name: The name of the private link resource.' type: string - privateLinkServiceID: - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array - provisioningState: - type: string publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access for AKS' + enum: + - Disabled + - Enabled type: string - resourceUID: - type: string - safeguardsProfile: - properties: - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object securityProfile: + description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + enum: + - Private + - Public type: string - keyVaultResourceId: - type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - customCATrustCertificates: - items: - type: string - type: array defender: + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - logAnalyticsWorkspaceResourceId: - type: string + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - properties: - enabled: - type: boolean - type: object - nodeRestriction: - properties: - enabled: - type: boolean - type: object workloadIdentity: + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: + description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: + description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string - keyVaultId: - type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: + description: 'Components: Istio components configuration.' properties: egressGateways: + description: 'EgressGateways: Istio egress gateways.' items: + description: Istio egress gateway configuration. properties: enabled: + description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - type: object + required: + - enabled type: object type: array ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' items: + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: + description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: + description: 'Mode: Mode of an ingress gateway.' + enum: + - External + - Internal type: string + required: + - enabled + - mode type: object type: array type: object revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string + maxItems: 2 type: array type: object mode: + description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. properties: clientId: + description: 'ClientId: The ID for the service principal.' type: string + secret: + description: 'Secret: The secret password associated with the service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId type: object sku: + description: 'Sku: The managed cluster SKU.' properties: name: + description: 'Name: The name of a managed cluster SKU.' + enum: + - Base type: string tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - type: string type: object fileCSIDriver: + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string - systemData: - properties: - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object tags: additionalProperties: type: string + description: 'Tags: Resource tags.' type: object - type: - type: string upgradeSettings: + description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: + description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" properties: - dnsServer: + key: + description: Key is the key in the Kubernetes secret being referenced type: string - enabled: - type: boolean + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters + type: string + enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). + type: boolean + gmsaProfile: + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' + properties: + dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + type: string + enabled: + description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' + type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: + description: 'Enabled: Whether to enable KEDA.' type: boolean + required: + - enabled type: object verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - addonAutoscaling: - type: string enabled: + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean + required: + - enabled type: object type: object + required: + - location + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20231102previewstorage - schema: - openAPIV3Schema: - description: Storage version of v1api20231102preview.ManagedCluster - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20231102preview.ManagedCluster_Spec + status: + description: Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: Storage version of v1api20231102preview.ManagedClusterAADProfile + description: 'AadProfile: The Azure Active Directory configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterAddonProfile + description: A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean + identity: + description: 'Identity: Information of user assigned identity used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile + description: Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array - capacityReservationGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' + type: string count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: Storage version of v1api20231102preview.CreationData + description: |- + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full + version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableAutoScaling: - type: boolean - enableCustomCATrust: + description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, + see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. + A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine + to minimize hops. For more information see [assigning a public IP per + node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The + default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + type: string + hostGroupID: + description: |- + HostGroupID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string - gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object - hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - type: string minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool + restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: + description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile + description: 'NetworkProfile: Network-related settings of an agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: Storage version of v1api20231102preview.PortRange + description: The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. type: integer protocol: + description: 'Protocol: The network protocol of the port.' type: string type: object type: array - applicationSecurityGroupsReferences: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Storage version of v1api20231102preview.IPTag + description: Contains the IPTag associated with the object. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + nodePublicIPPrefixID: + description: |- + NodePublicIPPrefixID: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + type: string nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: + description: |- + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: + description: |- + OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested + OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: + description: 'OsType: The operating system type. The default is Linux.' + type: string + podSubnetID: + description: |- + PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is + of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object powerState: - description: Storage version of v1api20231102preview.PowerState + description: |- + PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this + field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only + be stopped if it is Running and provisioning state is Succeeded properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object - proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' + type: string scaleDownMode: + description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is + 'Delete'. type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile + description: 'SecurityProfile: The security settings of an agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - type: string type: object spotMaxPrice: + description: |- + SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any + on-demand price. For more details on spot pricing, see [spot VMs + pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - type: integer - type: object - virtualMachineNodesStatus: - items: - description: Storage version of v1api20231102preview.VirtualMachineNodes - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile - properties: - $propertyBag: - additionalProperties: - type: string description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: Storage version of v1api20231102preview.ScaleProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - manual: - items: - description: Storage version of v1api20231102preview.ManualScaleProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. + type: integer type: object vmSize: + description: |- + VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods + might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions + type: string + vnetSubnetID: + description: |- + VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, + this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string - vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile + description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array - aiToolchainOperatorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object apiServerAccessProfile: - description: Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: + description: |- + AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with + clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API + server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: For more details, see [Creating a private AKS + cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - type: boolean - enableVnetIntegration: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - type: string - subnetId: + description: |- + PrivateDNSZone: The default is System. For more details see [configure private DNS + zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and + 'none'. type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: + description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the + node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be + deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion + of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node + will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: + description: |- + Expander: If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. type: string ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making + scaling down decisions. type: boolean max-empty-bulk-delete: + description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: + description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string max-total-unready-percentage: + description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler + could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is + '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of + time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other + than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than + minutes (m) is supported. type: string scale-down-utilization-threshold: + description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: + description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: + description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: + description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: + description: |- + UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade + channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - containerInsights: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsHostLogs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object metrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics + description: |- + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoringOpenTelemetryMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object enabled: + description: |- + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics + description: |- + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. type: string metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. type: string type: object type: object type: object - azureName: + azurePortalFQDN: description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. + AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some + responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure + Portal to function properly. type: string - creationData: - description: Storage version of v1api20231102preview.CreationData - properties: - $propertyBag: - additionalProperties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be + exactly equal to it. If kubernetesVersion was , this field will contain the full + version being used. + type: string disableLocalAccounts: + description: |- + DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be + used on Managed Clusters that are AAD enabled. For more details see [disable local + accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + description: |- + DiskEncryptionSetID: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + type: string dnsPrefix: + description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. type: string - enableNamespaceResources: - type: boolean enablePodSecurityPolicy: + description: |- + EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was + deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and + https://aka.ms/aks/psp. type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: Storage version of v1api20231102preview.ExtendedLocation + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' type: string type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string fqdnSubdomain: + description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object + id: + description: |- + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string identity: - description: Storage version of v1api20231102preview.ManagedClusterIdentity + description: 'Identity: The identity of the managed cluster, if configured.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: Storage version of v1api20231102preview.DelegatedResource + description: Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: + description: 'Location: The source resource location - internal use only.' type: string referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' + type: string type: + description: |- + Type: For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: - items: - description: Storage version of v1api20231102preview.UserAssignedIdentityDetails + additionalProperties: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned identity.' + type: string type: object - type: array + description: |- + UserAssignedIdentities: The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object type: object identityProfile: additionalProperties: - description: Storage version of v1api20231102preview.UserAssignedIdentity + description: Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object + description: |- + IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only + one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfile + description: 'IngressProfile: Ingress profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting + description: |- + WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this + feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: - $propertyBag: - additionalProperties: - type: string + dnsZoneResourceIds: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceReferences: + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when + Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public + DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array enabled: + description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean + identity: + description: |- + Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, + for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview + of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object type: object type: object kubernetesVersion: + description: |- + KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All + upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or + 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS + cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: Storage version of v1api20231102preview.ContainerServiceLinuxProfile + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: Storage version of v1api20231102preview.ContainerServiceSshConfiguration + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Storage version of v1api20231102preview.ContainerServiceSshPublicKey + description: Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. type: string type: object type: array type: object type: object location: + description: 'Location: The geo-location where the resource lives' type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' + type: integer metricsProfile: - description: Storage version of v1api20231102preview.ManagedClusterMetricsProfile + description: 'MetricsProfile: Optional cluster metrics configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: Storage version of v1api20231102preview.ManagedClusterCostAnalysis + description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: |- + Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will + add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the + default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object + name: + description: 'Name: The name of the resource' + type: string networkProfile: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile + description: 'NetworkProfile: The network configuration profile.' properties: - $propertyBag: - additionalProperties: - type: string + advancedNetworking: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig + AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For + more information see aka.ms/aksadvancednetworking. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: |- + Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. + When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If + not specified, the default is false. type: boolean - ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig + observability: + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: - $propertyBag: - additionalProperties: - type: string + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + security: + description: 'Security: Security profile to enable security features on cilium based cluster.' + properties: + enabled: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer + Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on + cilium based clusters. If not specified, the default is false. + type: boolean type: object - mode: - type: string type: object + dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. + type: string + ipFamilies: + description: |- + IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value + is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + items: + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: Storage version of v1api20231102preview.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: Storage version of v1api20231102preview.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: - description: Storage version of v1api20231102preview.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. type: string - monitoring: - description: Storage version of v1api20231102preview.NetworkMonitoring - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: - description: Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: Storage version of v1api20231102preview.ResourceReference + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: + description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: + description: |- + OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see + [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: + description: |- + PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. items: type: string type: array serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. type: string serviceCidrs: + description: |- + ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is + expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object - nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile + description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: + description: |- + RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is + 'Unrestricted' type: string type: object oidcIssuerProfile: - description: Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean - type: object - operatorSpec: - description: |- - Storage version of v1api20231102preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - configMaps: - description: Storage version of v1api20231102preview.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: Storage version of v1api20231102preview.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile + description: |- + PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more + details on AAD pod identity integration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowNetworkPluginKubenet: + description: |- + AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod + Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. type: boolean enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity + description: Details about the pod identity assigned to the Managed Cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity + description: 'Identity: The user assigned identity details.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object name: + description: 'Name: The name of the pod identity.' type: string namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + details: + description: 'Details: A list of additional details about the error.' + items: + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityException + description: |- + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the pod identity exception.' type: string namespace: + description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string + description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: Storage version of v1api20231102preview.PrivateLinkResource + description: A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' type: string name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string publicNetworkAccess: + description: 'PublicNetworkAccess: Allow or deny public network access for AKS' + type: string + resourceUID: + description: |- + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) type: string - safeguardsProfile: - description: Storage version of v1api20231102preview.SafeguardsProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - version: - type: string - type: object securityProfile: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfile + description: 'SecurityProfile: Security profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: - description: Storage version of v1api20231102preview.AzureKeyVaultKms + description: |- + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the + key vault allows public access from all networks. `Private` means the key vault disables public access and enables + private link. The default value is `Public`. + type: string + keyVaultResourceId: + description: |- + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string - keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object - customCATrustCertificates: - items: - type: string - type: array defender: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string + logAnalyticsWorkspaceResourceId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string securityMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity + description: |- + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: Storage version of v1api20231102preview.ServiceMeshProfile + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: Storage version of v1api20231102preview.IstioServiceMesh + description: 'Istio: Istio service mesh configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: - description: Storage version of v1api20231102preview.IstioCertificateAuthority + description: |- + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: Storage version of v1api20231102preview.IstioPluginCertificateAuthority + description: 'Plugin: Plugin certificates information for Service Mesh.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key Vault.' type: string - keyVaultReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: Storage version of v1api20231102preview.IstioComponents + description: 'Components: Istio components configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: + description: 'EgressGateways: Istio egress gateways.' items: - description: Storage version of v1api20231102preview.IstioEgressGateway + description: Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the egress gateway.' type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' items: - description: Storage version of v1api20231102preview.IstioIngressGateway + description: |- + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: + description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: + description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile + description: |- + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The ID for the service principal.' type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object type: object sku: - description: Storage version of v1api20231102preview.ManagedClusterSKU + description: 'Sku: The managed cluster SKU.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of a managed cluster SKU.' type: string tier: + description: |- + Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfile + description: 'StorageProfile: Storage profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object blobCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - type: string type: object fileCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object tags: additionalProperties: type: string + description: 'Tags: Resource tags.' type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' + type: string upgradeSettings: - description: Storage version of v1api20231102preview.ClusterUpgradeSettings + description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: Storage version of v1api20231102preview.UpgradeOverrideSettings + description: 'OverrideSettings: Settings for overrides.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: Storage version of v1api20231102preview.ManagedClusterWindowsProfile + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters type: string enableCSIProxy: + description: |- + EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: Storage version of v1api20231102preview.WindowsGmsaProfile + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: + description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object - required: - - owner type: object - status: - description: Storage version of v1api20231102preview.ManagedCluster_STATUS + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240901.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240901.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -26199,7 +31829,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: Storage version of v1api20231102preview.ManagedClusterAADProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAADProfile + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: @@ -26227,7 +31859,9 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterAddonProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAddonProfile + A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -26242,28 +31876,13 @@ spec: type: object enabled: type: boolean - identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object agentPoolProfiles: items: - description: Storage version of v1api20231102preview.ManagedClusterAgentPoolProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAgentPoolProfile + Profile for the container service agent pool. properties: $propertyBag: additionalProperties: @@ -26272,29 +31891,36 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + availabilityZones: + items: + type: string + type: array + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupID: - type: string count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS + description: |- + Storage version of v1api20240901.CreationData + Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: @@ -26303,15 +31929,29 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -26322,23 +31962,33 @@ spec: type: boolean gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + hostGroupReference: + description: |- + HostGroupReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - hostGroupID: - type: string kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig_STATUS + description: |- + Storage version of v1api20240901.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -26375,7 +32025,9 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig_STATUS + description: |- + Storage version of v1api20240901.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -26387,7 +32039,9 @@ spec: swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig_STATUS + description: |- + Storage version of v1api20240901.SysctlConfig + Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: @@ -26462,8 +32116,6 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: @@ -26471,7 +32123,9 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + description: |- + Storage version of v1api20240901.AgentPoolNetworkProfile + Network settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -26482,7 +32136,9 @@ spec: type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange_STATUS + description: |- + Storage version of v1api20240901.PortRange + The port range. properties: $propertyBag: additionalProperties: @@ -26499,13 +32155,33 @@ spec: type: string type: object type: array - applicationSecurityGroups: + applicationSecurityGroupsReferences: items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag_STATUS + description: |- + Storage version of v1api20240901.IPTag + Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: @@ -26521,18 +32197,32 @@ spec: type: object type: array type: object - nodeImageVersion: - type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: items: type: string @@ -26547,10 +32237,33 @@ spec: type: string osType: type: string - podSubnetID: - type: string + podSubnetReference: + description: |- + PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). + This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS + description: |- + Storage version of v1api20240901.PowerState + Describes the Power State of the cluster properties: $propertyBag: additionalProperties: @@ -26562,10 +32275,26 @@ spec: code: type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object scaleDownMode: type: string scaleSetEvictionPolicy: @@ -26573,7 +32302,9 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + description: |- + Storage version of v1api20240901.AgentPoolSecurityProfile + The security settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -26586,8 +32317,6 @@ spec: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -26598,7 +32327,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + description: |- + Storage version of v1api20240901.AgentPoolUpgradeSettings + Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: @@ -26614,70 +32345,35 @@ spec: nodeSoakDurationInMinutes: type: integer type: object - virtualMachineNodesStatus: - items: - description: Storage version of v1api20231102preview.VirtualMachineNodes_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + vmSize: + type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is + specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: Storage version of v1api20231102preview.ScaleProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - manual: - items: - description: Storage version of v1api20231102preview.ManualScaleProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - vmSize: - type: string - vnetSubnetID: - type: string windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + description: |- + Storage version of v1api20240901.AgentPoolWindowsProfile + The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: @@ -26693,21 +32389,10 @@ spec: type: string type: object type: array - aiToolchainOperatorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAIToolchainOperatorProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object apiServerAccessProfile: - description: Storage version of v1api20231102preview.ManagedClusterAPIServerAccessProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile + Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: @@ -26726,15 +32411,11 @@ spec: type: boolean enablePrivateClusterPublicFQDN: type: boolean - enableVnetIntegration: - type: boolean privateDNSZone: type: string - subnetId: - type: string type: object autoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -26785,7 +32466,9 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20231102preview.ManagedClusterAutoUpgradeProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile + Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -26800,7 +32483,9 @@ spec: type: string type: object azureMonitorProfile: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: @@ -26809,60 +32494,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileLogs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - containerInsights: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - windowsHostLogs: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileWindowsHostLogs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object metrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileMetrics_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: @@ -26871,23 +32508,14 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - appMonitoringOpenTelemetryMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20231102preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: $propertyBag: additionalProperties: @@ -26903,80 +32531,45 @@ spec: type: object type: object type: object - azurePortalFQDN: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: + description: |- + DiskEncryptionSetReference: This is of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string dnsPrefix: type: string - enableNamespaceResources: - type: boolean enablePodSecurityPolicy: type: boolean enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20231102preview.ExtendedLocation_STATUS + description: |- + Storage version of v1api20240901.ExtendedLocation + The complex type of the extended location. properties: $propertyBag: additionalProperties: @@ -26990,12 +32583,12 @@ spec: type: type: string type: object - fqdn: - type: string fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20231102preview.ManagedClusterHTTPProxyConfig_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterHTTPProxyConfig + Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: @@ -27004,10 +32597,6 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - effectiveNoProxy: - items: - type: string - type: array httpProxy: type: string httpsProxy: @@ -27019,10 +32608,10 @@ spec: trustedCa: type: string type: object - id: - type: string identity: - description: Storage version of v1api20231102preview.ManagedClusterIdentity_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterIdentity + Identity for the managed cluster. properties: $propertyBag: additionalProperties: @@ -27033,7 +32622,9 @@ spec: type: object delegatedResources: additionalProperties: - description: Storage version of v1api20231102preview.DelegatedResource_STATUS + description: |- + Storage version of v1api20240901.DelegatedResource + Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: @@ -27046,39 +32637,73 @@ spec: type: string referralResource: type: string - resourceId: - type: string - tenantId: - type: string - type: object - type: object - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20231102preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - clientId: - type: string - principalId: + tenantId: type: string type: object type: object + type: + type: string + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240901.UserAssignedIdentityDetails + Information about the user assigned identity for the resource + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array type: object identityProfile: additionalProperties: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS + description: |- + Storage version of v1api20240901.UserAssignedIdentity + Details about a user assigned identity. properties: $propertyBag: additionalProperties: @@ -27089,14 +32714,68 @@ spec: type: object clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: object ingressProfile: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterIngressProfile + Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -27106,7 +32785,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: Storage version of v1api20231102preview.ManagedClusterIngressProfileWebAppRouting_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting + Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: @@ -27115,35 +32796,38 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - dnsZoneResourceIds: + dnsZoneResourceReferences: items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array enabled: type: boolean - identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20231102preview.ContainerServiceLinuxProfile_STATUS + description: |- + Storage version of v1api20240901.ContainerServiceLinuxProfile + Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: @@ -27155,7 +32839,9 @@ spec: adminUsername: type: string ssh: - description: Storage version of v1api20231102preview.ContainerServiceSshConfiguration_STATUS + description: |- + Storage version of v1api20240901.ContainerServiceSshConfiguration + SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: @@ -27166,7 +32852,9 @@ spec: type: object publicKeys: items: - description: Storage version of v1api20231102preview.ContainerServiceSshPublicKey_STATUS + description: |- + Storage version of v1api20240901.ContainerServiceSshPublicKey + Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: @@ -27183,10 +32871,10 @@ spec: type: object location: type: string - maxAgentPools: - type: integer metricsProfile: - description: Storage version of v1api20231102preview.ManagedClusterMetricsProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterMetricsProfile + The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: @@ -27196,7 +32884,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: Storage version of v1api20231102preview.ManagedClusterCostAnalysis_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterCostAnalysis + The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: @@ -27209,10 +32899,10 @@ spec: type: boolean type: object type: object - name: - type: string networkProfile: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_STATUS + description: |- + Storage version of v1api20240901.ContainerServiceNetworkProfile + Profile of network configuration. properties: $propertyBag: additionalProperties: @@ -27221,14 +32911,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS + advancedNetworking: + description: |- + Storage version of v1api20240901.AdvancedNetworking + Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see + aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: @@ -27239,8 +32926,10 @@ spec: type: object enabled: type: boolean - ipvsConfig: - description: Storage version of v1api20231102preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + observability: + description: |- + Storage version of v1api20240901.AdvancedNetworkingObservability + Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: @@ -27249,20 +32938,35 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer + enabled: + type: boolean + type: object + security: + description: |- + Storage version of v1api20240901.AdvancedNetworkingSecurity + Security profile to enable security features on cilium based cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean type: object - mode: - type: string type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array loadBalancerProfile: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterLoadBalancerProfile + Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: @@ -27277,7 +32981,9 @@ spec: type: string effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS + description: |- + Storage version of v1api20240901.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -27286,8 +32992,26 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array enableMultipleStandardLoadBalancers: @@ -27295,7 +33019,7 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -27310,7 +33034,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -27321,7 +33045,9 @@ spec: type: object publicIPPrefixes: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS + description: |- + Storage version of v1api20240901.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -27330,13 +33056,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20231102preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -27347,7 +33091,9 @@ spec: type: object publicIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS + description: |- + Storage version of v1api20240901.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -27356,29 +33102,36 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object type: object loadBalancerSku: type: string - monitoring: - description: Storage version of v1api20231102preview.NetworkMonitoring_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object natGatewayProfile: - description: Storage version of v1api20231102preview.ManagedClusterNATGatewayProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterNATGatewayProfile + Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: @@ -27389,7 +33142,9 @@ spec: type: object effectiveOutboundIPs: items: - description: Storage version of v1api20231102preview.ResourceReference_STATUS + description: |- + Storage version of v1api20240901.ResourceReference + A reference to an Azure resource. properties: $propertyBag: additionalProperties: @@ -27398,14 +33153,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20231102preview.ManagedClusterManagedOutboundIPProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile + Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: @@ -27443,23 +33218,12 @@ spec: type: string type: array type: object - nodeProvisioningProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeProvisioningProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - mode: - type: string - type: object nodeResourceGroup: type: string nodeResourceGroupProfile: - description: Storage version of v1api20231102preview.ManagedClusterNodeResourceGroupProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile + Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -27472,7 +33236,9 @@ spec: type: string type: object oidcIssuerProfile: - description: Storage version of v1api20231102preview.ManagedClusterOIDCIssuerProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile + The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: @@ -27483,11 +33249,11 @@ spec: type: object enabled: type: boolean - issuerURL: - type: string type: object - podIdentityProfile: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProfile_STATUS + operatorSpec: + description: |- + Storage version of v1api20240901.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: @@ -27496,130 +33262,161 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: + configMapExpressions: items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_STATUS + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. properties: - $propertyBag: - additionalProperties: - type: string + key: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. type: string - identity: - description: Storage version of v1api20231102preview.UserAssignedIdentity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningError_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string + required: + - name + - value type: object type: array - userAssignedIdentityExceptions: - items: - description: Storage version of v1api20231102preview.ManagedClusterPodIdentityException_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: + configMaps: + description: Storage version of v1api20240901.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: type: string - podLabels: - additionalProperties: + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced type: string - type: object - type: object - type: array - type: object - powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Storage version of v1api20240901.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + podIdentityProfile: + description: |- + Storage version of v1api20240901.ManagedClusterPodIdentityProfile + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: $propertyBag: additionalProperties: @@ -27628,14 +33425,132 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - code: - type: string + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: + items: + description: |- + Storage version of v1api20240901.ManagedClusterPodIdentity + Details about the pod identity assigned to the Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: + type: string + identity: + description: |- + Storage version of v1api20240901.UserAssignedIdentity + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + objectId: + type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + name: + type: string + namespace: + type: string + type: object + type: array + userAssignedIdentityExceptions: + items: + description: |- + Storage version of v1api20240901.ManagedClusterPodIdentityException + See [disable AAD Pod Identity for a specific + Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + name: + type: string + namespace: + type: string + podLabels: + additionalProperties: + type: string + type: object + type: object + type: array type: object - privateFQDN: - type: string privateLinkResources: items: - description: Storage version of v1api20231102preview.PrivateLinkResource_STATUS + description: |- + Storage version of v1api20240901.PrivateLinkResource + A private link resource properties: $propertyBag: additionalProperties: @@ -27646,12 +33561,28 @@ spec: type: object groupId: type: string - id: - type: string name: type: string - privateLinkServiceID: - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: items: type: string @@ -27660,37 +33591,12 @@ spec: type: string type: object type: array - provisioningState: - type: string publicNetworkAccess: type: string - resourceUID: - type: string - safeguardsProfile: - description: Storage version of v1api20231102preview.SafeguardsProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object securityProfile: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfile + Security profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -27700,7 +33606,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: Storage version of v1api20231102preview.AzureKeyVaultKms_STATUS + description: |- + Storage version of v1api20240901.AzureKeyVaultKms + Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: @@ -27715,15 +33623,33 @@ spec: type: string keyVaultNetworkAccess: type: string - keyVaultResourceId: - type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - customCATrustCertificates: - items: - type: string - type: array defender: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefender_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileDefender + Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: @@ -27732,10 +33658,33 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logAnalyticsWorkspaceResourceId: - type: string + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring + Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: @@ -27749,7 +33698,10 @@ spec: type: object type: object imageCleaner: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageCleaner_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: $propertyBag: additionalProperties: @@ -27763,34 +33715,10 @@ spec: intervalHours: type: integer type: object - imageIntegrity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: - description: Storage version of v1api20231102preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity + Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: @@ -27804,7 +33732,9 @@ spec: type: object type: object serviceMeshProfile: - description: Storage version of v1api20231102preview.ServiceMeshProfile_STATUS + description: |- + Storage version of v1api20240901.ServiceMeshProfile + Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -27814,7 +33744,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object istio: - description: Storage version of v1api20231102preview.IstioServiceMesh_STATUS + description: |- + Storage version of v1api20240901.IstioServiceMesh + Istio service mesh configuration. properties: $propertyBag: additionalProperties: @@ -27824,7 +33756,10 @@ spec: resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: Storage version of v1api20231102preview.IstioCertificateAuthority_STATUS + description: |- + Storage version of v1api20240901.IstioCertificateAuthority + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: @@ -27834,7 +33769,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object plugin: - description: Storage version of v1api20231102preview.IstioPluginCertificateAuthority_STATUS + description: |- + Storage version of v1api20240901.IstioPluginCertificateAuthority + Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: @@ -27849,14 +33786,34 @@ spec: type: string keyObjectName: type: string - keyVaultId: - type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object rootCertObjectName: type: string type: object type: object components: - description: Storage version of v1api20231102preview.IstioComponents_STATUS + description: |- + Storage version of v1api20240901.IstioComponents + Istio components configuration. properties: $propertyBag: additionalProperties: @@ -27867,7 +33824,9 @@ spec: type: object egressGateways: items: - description: Storage version of v1api20231102preview.IstioEgressGateway_STATUS + description: |- + Storage version of v1api20240901.IstioEgressGateway + Istio egress gateway configuration. properties: $propertyBag: additionalProperties: @@ -27878,15 +33837,14 @@ spec: type: object enabled: type: boolean - nodeSelector: - additionalProperties: - type: string - type: object type: object type: array ingressGateways: items: - description: Storage version of v1api20231102preview.IstioIngressGateway_STATUS + description: |- + Storage version of v1api20240901.IstioIngressGateway + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: @@ -27911,7 +33869,9 @@ spec: type: string type: object servicePrincipalProfile: - description: Storage version of v1api20231102preview.ManagedClusterServicePrincipalProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterServicePrincipalProfile + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: @@ -27922,9 +33882,28 @@ spec: type: object clientId: type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object type: object sku: - description: Storage version of v1api20231102preview.ManagedClusterSKU_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterSKU + The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: @@ -27939,7 +33918,9 @@ spec: type: string type: object storageProfile: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfile + Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -27949,7 +33930,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver + AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -27962,7 +33945,9 @@ spec: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver + AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -27973,11 +33958,11 @@ spec: type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver + AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -27990,7 +33975,9 @@ spec: type: boolean type: object snapshotController: - description: Storage version of v1api20231102preview.ManagedClusterStorageProfileSnapshotController_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController + Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: @@ -28005,37 +33992,14 @@ spec: type: object supportPlan: type: string - systemData: - description: Storage version of v1api20231102preview.SystemData_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object tags: additionalProperties: type: string type: object - type: - type: string upgradeSettings: - description: Storage version of v1api20231102preview.ClusterUpgradeSettings_STATUS + description: |- + Storage version of v1api20240901.ClusterUpgradeSettings + Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -28045,7 +34009,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: Storage version of v1api20231102preview.UpgradeOverrideSettings_STATUS + description: |- + Storage version of v1api20240901.UpgradeOverrideSettings + Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -28061,7 +34027,9 @@ spec: type: object type: object windowsProfile: - description: Storage version of v1api20231102preview.ManagedClusterWindowsProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterWindowsProfile + Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: @@ -28070,12 +34038,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20231102preview.WindowsGmsaProfile_STATUS + description: |- + Storage version of v1api20240901.WindowsGmsaProfile + Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: @@ -28095,7 +34082,9 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile + Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: @@ -28105,7 +34094,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object keda: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: @@ -28118,8 +34109,10 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20231102preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - properties: + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: $propertyBag: additionalProperties: type: string @@ -28127,2651 +34120,1906 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - addonAutoscaling: - type: string enabled: type: boolean type: object type: object + required: + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240402preview - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + status: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: + Storage version of v1api20240901.ManagedCluster_STATUS + Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' + description: |- + Storage version of v1api20240901.ManagedClusterAADProfile_STATUS + For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. + description: |- + Storage version of v1api20240901.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled + identity: + description: |- + Storage version of v1api20240901.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. + description: |- + Storage version of v1api20240901.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. + Storage version of v1api20240901.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + sourceResourceId: + type: string type: object + currentOrchestratorVersion: + type: string + eTag: + type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - maximum: 31 - minimum: 28 - type: integer - type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object - hostGroupReference: + hostGroupID: + type: string + kubeletConfig: description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + Storage version of v1api20240901.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + description: |- + Storage version of v1api20240901.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' + description: |- + Storage version of v1api20240901.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - Gateway - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' + description: |- + Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. + description: |- + Storage version of v1api20240901.PortRange_STATUS + The port range. properties: - portEnd: + $propertyBag: + additionalProperties: + type: string description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array - applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. + applicationSecurityGroups: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. + description: |- + Storage version of v1api20240901.IPTag_STATUS + Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array + nodeImageVersion: + type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string type: object + nodePublicIPPrefixID: + type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. - enum: - - AzureLinux - - CBLMariner - - Mariner - - Ubuntu - - Windows2019 - - Windows2022 - - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - enum: - - DynamicIndividual - - StaticBlock + podSubnetID: type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + Storage version of v1api20240901.PowerState_STATUS + Describes the Power State of the cluster properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' + description: |- + Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. properties: - enableSecureBoot: + $propertyBag: + additionalProperties: + type: string description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - enum: - - Disabled - - LocalUser - type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' + description: |- + Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool properties: - drainTimeoutInMinutes: + $propertyBag: + additionalProperties: + type: string description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - maximum: 30 - minimum: 0 type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - enum: - - Cordon - - Schedule - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetReference: + vnetSubnetID: + type: string + windowsProfile: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - KataMshvVmIsolation - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array - aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' - properties: - enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' - type: boolean - type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' + description: |- + Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. properties: - authorizedIPRanges: + $propertyBag: + additionalProperties: + type: string description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' + description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' + description: |- + Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' + description: |- + Storage version of v1api20240901.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. properties: - appMonitoring: + $propertyBag: + additionalProperties: + type: string description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - containerInsights: + metrics: description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. + Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: + $propertyBag: + additionalProperties: + type: string description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' type: boolean - logAnalyticsWorkspaceResourceReference: + kubeStateMetrics: description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. + Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - enabled: - description: 'Enabled: Whether to enable the Prometheus collector' - type: boolean - kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' - properties: + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. type: string type: object - required: - - enabled type: object type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + azurePortalFQDN: + type: string + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: type: string - bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' - properties: - artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' - enum: - - Cache - - Direct - type: string - containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + diskEncryptionSetID: + type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean + eTag: + type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' + description: |- + Storage version of v1api20240901.ExtendedLocation_STATUS + The complex type of the extended location. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object + fqdn: + type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' + description: |- + Storage version of v1api20240901.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object + id: + type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' + description: |- + Storage version of v1api20240901.ManagedClusterIdentity_STATUS + Identity for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. + description: |- + Storage version of v1api20240901.DelegatedResource_STATUS + Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + type: string + tenantId: + type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - items: - description: Information about the user assigned identity for the resource + additionalProperties: + description: Storage version of v1api20240901.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. + description: |- + Storage version of v1api20240901.UserAssignedIdentity_STATUS + Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' + description: |- + Storage version of v1api20240901.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + description: |- + Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting_STATUS + Application Routing add-on settings for the ingress profile. properties: - dnsZoneResourceReferences: + $propertyBag: + additionalProperties: + type: string description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only - when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS - zones must be in the same resource group and all private DNS zones must be in the same resource group. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' type: boolean + identity: + description: |- + Storage version of v1api20240901.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object type: object - kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' - type: string kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' + description: |- + Storage version of v1api20240901.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' + description: |- + Storage version of v1api20240901.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. + description: |- + Storage version of v1api20240901.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. properties: - keyData: + $propertyBag: + additionalProperties: + type: string description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string + maxAgentPools: + type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' + description: |- + Storage version of v1api20240901.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' + description: |- + Storage version of v1api20240901.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: type: boolean type: object type: object + name: + type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' + description: |- + Storage version of v1api20240901.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object advancedNetworking: description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + Storage version of v1api20240901.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see + aka.ms/aksadvancednetworking. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + description: |- + Storage version of v1api20240901.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + security: + description: |- + Storage version of v1api20240901.AdvancedNetworkingSecurity_STATUS + Security profile to enable security features on cilium based cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. - enum: - - IPv4 - - IPv6 type: string type: array - kubeProxyConfig: + loadBalancerProfile: description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. + Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - enum: - - LeastConnection - - RoundRobin - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - enum: - - IPTABLES - - IPVS - type: string - type: object - loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' - properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration - type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' - enum: - - ServiceNodePort - - Shared type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20240901.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20240901.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' + description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20240901.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + description: |- + Storage version of v1api20240901.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20240901.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' + description: |- + Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium - - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - none - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - enum: - - IMDS - - None - type: string serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array - staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. - properties: - enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' - type: boolean - type: object - type: object - nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' - properties: - mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' - enum: - - Auto - - Manual - type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' + description: |- + Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' - enum: - - ReadOnly - - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' + description: |- + Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean + issuerURL: + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + Storage version of v1api20240901.ManagedClusterPodIdentityProfile_STATUS + See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod + identity integration. properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + Storage version of v1api20240901.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. properties: - key: + $propertyBag: + additionalProperties: + type: string description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: type: string - name: + identity: description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + Storage version of v1api20240901.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: type: string - required: - - name - - value - type: object - type: array - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' + provisioningInfo: + description: Storage version of v1api20240901.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object type: object type: object - name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' + provisioningState: type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- + Storage version of v1api20240901.ManagedClusterPodIdentityException_STATUS See [disable AAD Pod Identity for a specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object + powerState: + description: |- + Storage version of v1api20240901.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource + description: |- + Storage version of v1api20240901.PrivateLinkResource_STATUS + A private link resource properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object groupId: - description: 'GroupId: The group ID of the resource.' + type: string + id: type: string name: - description: 'Name: The name of the private link resource.' type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled - - SecuredByPerimeter type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' + resourceUID: + type: string + securityProfile: + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: + $propertyBag: + additionalProperties: type: string - type: array - level: description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - enum: - - Enforcement - - "Off" - - Warning - type: string - version: - description: 'Version: The version of constraints to use' - type: string - required: - - level - type: object - securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' - properties: + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object azureKeyVaultKms: description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. + Storage version of v1api20240901.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultResourceId: + type: string type: object - customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) - items: - type: string - maxItems: 10 - minItems: 0 - type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. properties: - logAnalyticsWorkspaceResourceReference: + $propertyBag: + additionalProperties: + type: string description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + logAnalyticsWorkspaceResourceId: + type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' + description: |- + Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. + Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' + description: |- + Storage version of v1api20240901.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object istio: - description: 'Istio: Istio service mesh configuration.' + description: |- + Storage version of v1api20240901.IstioServiceMesh_STATUS + Istio service mesh configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object certificateAuthority: description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca + Storage version of v1api20240901.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' + description: |- + Storage version of v1api20240901.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. properties: - certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' - type: string - certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + keyVaultId: + type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' + description: |- + Storage version of v1api20240901.IstioComponents_STATUS + Istio components configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. + description: |- + Storage version of v1api20240901.IstioEgressGateway_STATUS + Istio egress gateway configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean - required: - - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: description: |- + Storage version of v1api20240901.IstioIngressGateway_STATUS Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal type: string - required: - - enabled - - mode type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string - maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio type: string - required: - - mode type: object servicePrincipalProfile: description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. + Storage version of v1api20240901.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: - description: 'ClientId: The ID for the service principal.' type: string - secret: - description: 'Secret: The secret password associated with the service principal in plain text.' - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - required: - - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' + description: |- + Storage version of v1api20240901.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Automatic - - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' + description: |- + Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial type: string + systemData: + description: |- + Storage version of v1api20240901.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object + type: + type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' + description: |- + Storage version of v1api20240901.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object overrideSettings: - description: 'OverrideSettings: Settings for overrides.' + description: |- + Storage version of v1api20240901.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. properties: - forceUpgrade: + $propertyBag: + additionalProperties: + type: string description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' + description: |- + Storage version of v1api20240901.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. properties: - adminPassword: + $propertyBag: + additionalProperties: + type: string description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' + description: |- + Storage version of v1api20240901.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. properties: - dnsServer: + $propertyBag: + additionalProperties: + type: string description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsServer: type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server type: string - required: - - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean - required: - - enabled type: object verticalPodAutoscaler: + description: |- + Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - enum: - - Disabled - - Enabled - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean - required: - - enabled type: object type: object - required: - - location - - owner type: object - status: - description: Managed cluster. + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250801 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: properties: aadProfile: description: 'AadProfile: The Azure Active Directory configuration.' @@ -30814,19 +36062,8 @@ spec: enabled: description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - identity: - description: 'Identity: Information of user assigned identity used by this add-on.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object + required: + - enabled type: object description: 'AddonProfiles: The profile of managed cluster add-on.' type: object @@ -30835,15 +36072,6 @@ spec: items: description: Profile for the container service agent pool. properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object availabilityZones: description: |- AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType @@ -30851,9 +36079,26 @@ spec: items: type: string type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: description: |- Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) @@ -30864,49 +36109,49 @@ spec: CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. - type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: + enableEncryptionAtHost: description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. + EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM + sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean - enableEncryptionAtHost: + enableFIPS: description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node + EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. type: boolean enableNodePublicIP: description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. + EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to + receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to + make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP + per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false. type: boolean enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' @@ -30923,28 +36168,53 @@ spec: one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 type: integer type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' + enum: + - MIG1g + - MIG2g + - MIG3g + - MIG4g + - MIG7g type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' + description: 'GpuProfile: GPU settings for the Agent Pool.' properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean + driver: + description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' + enum: + - Install + - None + type: string type: object - hostGroupID: + hostGroupReference: description: |- - HostGroupID: This is of the form: + HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used + only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object kubeletConfig: description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: @@ -30957,21 +36227,23 @@ spec: description: |- ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be ≥ 2. + minimum: 2 type: integer containerLogMaxSizeMB: description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' + description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal + numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', + 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more information. Allowed values are 'none' and 'static'. type: string @@ -30979,17 +36251,21 @@ spec: description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' + description: |- + ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image + garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' + description: |- + ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set + higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology + TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string @@ -30998,6 +36274,9 @@ spec: description: |- KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. + enum: + - OS + - Temporary type: string linuxOSConfig: description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' @@ -31076,12 +36355,18 @@ spec: type: boolean netIpv4TcpkeepaliveIntvl: description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' + maximum: 90 + minimum: 10 type: integer netNetfilterNfConntrackBuckets: description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' + maximum: 524288 + minimum: 65536 type: integer netNetfilterNfConntrackMax: description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' + maximum: 2097152 + minimum: 131072 type: integer vmMaxMapCount: description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' @@ -31095,14 +36380,15 @@ spec: type: object transparentHugePageDefrag: description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent + TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages + available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For + more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent + TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and + 'never'. The default is 'always'. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object @@ -31114,20 +36400,27 @@ spec: type: integer messageOfTheDay: description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). + MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to + /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional + information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + enum: + - Gateway + - System + - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' + description: |- + Name: Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool + names must be 6 characters or less. + pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: description: 'NetworkProfile: Network-related settings of an agent pool.' @@ -31141,21 +36434,48 @@ spec: description: |- PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. + maximum: 65535 + minimum: 1 type: integer portStart: description: |- PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. + maximum: 65535 + minimum: 1 type: integer protocol: description: 'Protocol: The network protocol of the port.' + enum: + - TCP + - UDP type: string type: object type: array - applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' + applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: description: 'NodePublicIPTags: IPTags of instance-level public IPs.' @@ -31171,29 +36491,33 @@ spec: type: object type: array type: object - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixID: + nodePublicIPPrefixReference: description: |- - NodePublicIPPrefixID: This is of the form: + NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object nodeTaints: description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: @@ -31201,68 +36525,133 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: + maximum: 2048 + minimum: 0 type: integer osDiskType: description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it + and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after + creation. For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). + enum: + - Ephemeral + - Managed type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + enum: + - AzureLinux + - AzureLinux3 + - CBLMariner + - Ubuntu + - Ubuntu2204 + - Windows2019 + - Windows2022 type: string osType: description: 'OsType: The operating system type. The default is Linux.' + enum: + - Linux + - Windows type: string podIPAllocationMode: description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. + PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with + podSubnetId. The default is 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock type: string - podSubnetID: + podSubnetReference: description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: + PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded + PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. + The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not + accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: description: 'Code: Tells whether the cluster is Running or Stopped' + enum: + - Running + - Stopped + type: string + type: object + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + description: |- + ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete. + enum: + - Deallocate + - Delete type: string scaleSetEvictionPolicy: description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. + ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the + scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. + enum: + - Deallocate + - Delete type: string scaleSetPriority: description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' + enum: + - Regular + - Spot type: string securityProfile: description: 'SecurityProfile: The security settings of an agent pool.' @@ -31279,13 +36668,17 @@ spec: type: boolean sshAccess: description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser type: string type: object spotMaxPrice: description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal + value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: @@ -31294,33 +36687,52 @@ spec: type: object type: description: 'Type: The type of Agent Pool.' + enum: + - AvailabilitySet + - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. + DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and + graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is + exceeded, the upgrade fails. If not specified, the default is 30 minutes. + maximum: 1440 + minimum: 1 type: integer maxSurge: description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer + (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size + at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For + more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster + type: string + maxUnavailable: + description: |- + MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This + can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the + percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If + not specified, the default is 0. For more information, including best practices, see: + https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. + NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node + and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. + maximum: 30 + minimum: 0 type: integer undrainableNodeBehavior: description: |- UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule type: string type: object virtualMachineNodesStatus: @@ -31341,29 +36753,6 @@ spec: scale: description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array manual: description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: @@ -31372,49 +36761,69 @@ spec: count: description: 'Count: Number of nodes.' type: integer - sizes: + size: description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array + Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or + 'Standard_D16s_v5'. + type: string type: object type: array type: object type: object vmSize: description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: + VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute + resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetID: + vnetSubnetReference: description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is + not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and + pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object windowsProfile: description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. + DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only + be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' + enum: + - OCIContainer + - WasmWasi type: string + required: + - name type: object type: array aiToolchainOperatorProfile: description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' + description: 'Enabled: Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: @@ -31422,9 +36831,10 @@ spec: properties: authorizedIPRanges: description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + AuthorizedIPRanges: The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters + that are using a Basic Load Balancer. For more information see [API server authorized IP + ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array @@ -31433,329 +36843,294 @@ spec: type: boolean enablePrivateCluster: description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). + EnablePrivateCluster: Whether to create the cluster as a private cluster or not. For more details, see [Creating a + private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' + description: |- + EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not. See + aka.ms/AksVnetIntegration for more details. type: boolean privateDNSZone: description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. + PrivateDNSZone: The private DNS zone mode for the cluster. The default is System. For more details see [configure + private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are + 'system' and 'none'. type: string - subnetId: + subnetReference: description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. - type: string + SubnetReference: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new + cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object autoScalerProfile: description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' + description: |- + BalanceSimilarNodeGroups: Detects similar node pools and balances the number of nodes between them. Valid values are + 'true' and 'false' type: string daemonset-eviction-for-empty-nodes: description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. + DaemonsetEvictionForEmptyNodes: DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all + daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted + another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods + are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. + DaemonsetEvictionForOccupiedNodes: DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, + all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted + another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods + are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' + description: |- + Expander: The expander to use when scaling up. If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. + enum: + - least-waste + - most-pods + - priority + - random type: string ignore-daemonsets-utilization: description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. + IgnoreDaemonsetsUtilization: Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If + set to true, the resources used by daemonset will be taken into account when making scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' + description: |- + MaxEmptyBulkDelete: The maximum number of empty nodes that can be deleted at the same time. This must be a positive + integer. The default is 10. type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' + description: |- + MaxGracefulTerminationSec: The maximum number of seconds the cluster autoscaler waits for pod termination when trying to + scale down a node. The default is 600. type: string max-node-provision-time: description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. + MaxNodeProvisionTime: The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' + description: |- + MaxTotalUnreadyPercentage: The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, + cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. type: string new-pod-scale-up-delay: description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). + NewPodScaleUpDelay: Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you + don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, + 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' + description: |- + OkTotalUnreadyCount: The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an + integer. The default is 3. type: string scale-down-delay-after-add: description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. + ScaleDownDelayAfterAdd: How long after scale up that scale down evaluation resumes. The default is '10m'. Values must be + an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-delete: description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. + ScaleDownDelayAfterDelete: How long after node deletion that scale down evaluation resumes. The default is the + scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-failure: description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. + ScaleDownDelayAfterFailure: How long after scale down failure that scale down evaluation resumes. The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unneeded-time: description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. + ScaleDownUnneededTime: How long a node should be unneeded before it is eligible for scale down. The default is '10m'. + Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unready-time: description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. + ScaleDownUnreadyTime: How long an unready node should be unneeded before it is eligible for scale down. The default is + '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' + description: |- + ScaleDownUtilizationThreshold: Node utilization level, defined as sum of requested resources divided by capacity, below + which a node can be considered for scale down. The default is '0.5'. type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' + description: |- + ScanInterval: How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer + number of seconds. type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' + description: |- + SkipNodesWithLocalStorage: If cluster autoscaler will skip deleting nodes with pods with local storage, for example, + EmptyDir or HostPath. The default is true. type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' + description: |- + SkipNodesWithSystemPods: If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet + or mirror pods). The default is true. type: string type: object autoUpgradeProfile: description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' + description: 'NodeOSUpgradeChannel: Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.' + enum: + - NodeImage + - None + - SecurityPatch + - Unmanaged type: string upgradeChannel: description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + UpgradeChannel: The upgrade channel for auto upgrade. The default is 'none'. For more information see [setting the AKS + cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). + enum: + - node-image + - none + - patch + - rapid + - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: - appMonitoring: + metrics: description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' - type: boolean - type: object - openTelemetryLogs: + enabled: description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' - type: integer - type: object - openTelemetryMetrics: + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: - enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' - type: boolean - port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' - type: integer - type: object - type: object - containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. - properties: - disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false - type: boolean - disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false - type: boolean - enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' - type: boolean - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure - Monitor Container Insights Logs. - type: string - syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' - type: integer - type: object - metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' - properties: - enabled: - description: 'Enabled: Whether to enable the Prometheus collector' - type: boolean - kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' - properties: - metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. - type: string - metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. - type: string + metricAnnotationsAllowList: + description: |- + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: + description: |- + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string type: object + required: + - enabled type: object type: object - azurePortalFQDN: + azureName: description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string bootstrapProfile: description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' + description: 'ArtifactSource: The artifact source. The source where the artifacts are downloaded from.' + enum: + - Cache + - Direct type: string - containerRegistryId: + containerRegistryReference: description: |- - ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium - SKU and zone redundancy. - type: string - type: object - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentKubernetesVersion: - description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' - type: string disableLocalAccounts: description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). + DisableLocalAccounts: If local accounts should be disabled on the Managed Cluster. If set to true, getting static + credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more + details see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetID: + diskEncryptionSetReference: description: |- - DiskEncryptionSetID: This is of the form: + DiskEncryptionSetReference: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is + of the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - type: string + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' + description: 'DnsPrefix: The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.' type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string - enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. - type: boolean - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean enableRBAC: description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean @@ -31767,24 +37142,18 @@ spec: type: string type: description: 'Type: The type of the extended location.' + enum: + - EdgeZone type: string type: object - fqdn: - description: 'Fqdn: The FQDN of the master pool.' - type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' + description: |- + FqdnSubdomain: The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the + Managed Cluster has been created. type: string httpProxyConfig: description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - effectiveNoProxy: - description: |- - EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a - superset of noProxy and values injected by AKS. - items: - type: string - type: array httpProxy: description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string @@ -31800,11 +37169,6 @@ spec: description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" - type: string identity: description: 'Identity: The identity of the managed cluster, if configured.' properties: @@ -31818,42 +37182,74 @@ spec: referralResource: description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' - type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object tenantId: description: 'TenantId: The tenant id of the delegated resource - internal use only.' + pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object description: |- DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object - principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' - type: string - tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' - type: string type: description: |- - Type: For more information see [use managed identities in + Type: The type of identity used for the managed cluster. For more information see [use managed identities in AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). + enum: + - None + - SystemAssigned + - UserAssigned type: string userAssignedIdentities: - additionalProperties: - properties: - clientId: - description: 'ClientId: The client id of user assigned identity.' - type: string - principalId: - description: 'PrincipalId: The principal id of user assigned identity.' - type: string - type: object description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: + UserAssignedIdentities: The user identity associated with the managed cluster. This identity will be used in control + plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - type: object + items: + description: Information about the user assigned identity for the resource + properties: + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array type: object identityProfile: additionalProperties: @@ -31862,47 +37258,114 @@ spec: clientId: description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - description: 'IdentityProfile: Identities associated with the cluster.' + description: |- + IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only + one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' + description: |- + WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this + feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: - dnsZoneResourceIds: + dnsZoneResourceReferences: description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web - App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must - be in the same resource group and all private DNS zones must be in the same resource group. + DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only + when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all + public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' + description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean - identity: + nginx: description: |- - Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted - permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See - [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more - instructions. + Nginx: Configuration for the default NginxIngressController. See more at + https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' + defaultIngressControllerType: + description: 'DefaultIngressControllerType: Ingress type for the default NginxIngressController custom resource' + enum: + - AnnotationControlled + - External + - Internal + - None type: string type: object type: object @@ -31912,16 +37375,20 @@ spec: type: string kubernetesVersion: description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. + KubernetesVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version + number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not + allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: description: 'AdminUsername: The administrator username to use for Linux VMs.' + pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' @@ -31936,41 +37403,48 @@ spec: KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. type: string + required: + - keyData type: object type: array + required: + - publicKeys type: object + required: + - adminUsername + - ssh type: object location: description: 'Location: The geo-location where the resource lives' type: string - maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' - type: integer metricsProfile: description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' + description: 'CostAnalysis: The configuration for detailed per-Kubernetes resource cost analysis.' properties: enabled: description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. + Enabled: Whether to enable cost analysis. The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable + this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure + portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object - name: - description: 'Name: The name of the resource' - type: string networkProfile: description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. + AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For + more information see aka.ms/aksadvancednetworking. properties: + enabled: + description: |- + Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. + When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If + not specified, the default is false. + type: boolean observability: description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: @@ -31978,53 +37452,44 @@ spec: description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object + security: + description: 'Security: Security profile to enable security features on cilium based cluster.' + properties: + advancedNetworkPolicies: + description: |- + AdvancedNetworkPolicies: Enable advanced network policies. This allows users to configure Layer 7 network policies + (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see + https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not + specified, the default value is FQDN if security.enabled is set to true. + enum: + - FQDN + - L7 + - None + type: string + enabled: + description: |- + Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on + cilium based clusters. If not specified, the default is false. + type: boolean + type: object type: object dnsServiceIP: description: |- DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. + pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. + IpFamilies: The IP families used to specify IP versions available to the cluster. IP families are used to determine + single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values + are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. + enum: + - IPv4 + - IPv6 type: string type: array - kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. - properties: - enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). - type: boolean - ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' - properties: - scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' - type: string - tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. - type: integer - tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' - type: integer - udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' - type: integer - type: object - mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' - type: string - type: object loadBalancerProfile: description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: @@ -32032,23 +37497,15 @@ spec: description: |- AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. + maximum: 64000 + minimum: 0 type: integer backendPoolType: description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' + enum: + - NodeIP + - NodeIPConfiguration type: string - clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' - type: string - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array enableMultipleStandardLoadBalancers: description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean @@ -32056,6 +37513,8 @@ spec: description: |- IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPs: description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' @@ -32064,11 +37523,15 @@ spec: description: |- Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. + maximum: 100 + minimum: 1 type: integer countIPv6: description: |- CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. + maximum: 100 + minimum: 0 type: integer type: object outboundIPPrefixes: @@ -32079,9 +37542,26 @@ spec: items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -32093,36 +37573,48 @@ spec: items: description: A reference to an Azure resource. properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: object + type: array + type: object + type: object + loadBalancerSku: + description: |- + LoadBalancerSku: The load balancer sku for the managed cluster. The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load balancer SKUs. + enum: + - basic + - standard type: string natGatewayProfile: description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array idleTimeoutInMinutes: description: |- IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. + maximum: 120 + minimum: 4 type: integer managedOutboundIPProfile: description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' @@ -32131,53 +37623,78 @@ spec: description: |- Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. + maximum: 16 + minimum: 1 type: integer type: object type: object networkDataplane: description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' + enum: + - azure + - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' + description: |- + NetworkMode: The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other + than 'azure'. + enum: + - bridge + - transparent type: string networkPlugin: description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' + enum: + - azure + - kubenet + - none type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' + description: 'NetworkPluginMode: The mode the network plugin should use.' + enum: + - overlay type: string networkPolicy: description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' + enum: + - azure + - calico + - cilium + - none type: string outboundType: description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + OutboundType: The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed + later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). + enum: + - loadBalancer + - managedNATGateway + - none + - userAssignedNATGateway + - userDefinedRouting type: string podCidr: description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. + PodCidrs: The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. items: type: string type: array - podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. - type: string serviceCidr: description: |- ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. + pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. + ServiceCidrs: The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for + single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must + not overlap with any Subnet IP ranges. items: type: string type: array @@ -32187,25 +37704,44 @@ spec: see https://aka.ms/aks/static-egress-gateway. properties: enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' + description: 'Enabled: Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: + defaultNodePools: + description: |- + DefaultNodePools: The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no + effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default + Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly + recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, + the default is Auto. For more information see aka.ms/aks/nap#node-pools. + enum: + - Auto + - None + type: string mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' + description: 'Mode: The node provisioning mode. If not specified, the default is Manual.' + enum: + - Auto + - Manual type: string type: object nodeResourceGroup: description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' + description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' + description: |- + RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is + 'Unrestricted' + enum: + - ReadOnly + - Unrestricted type: string type: object oidcIssuerProfile: @@ -32214,19 +37750,156 @@ spec: enabled: description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean - issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: object + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: 'ConfigMaps: configures where to place operator written ConfigMaps.' + properties: + oidcIssuerProfile: + description: |- + OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be + created. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: 'Secrets: configures where to place Azure generated secrets.' + properties: + adminCredentials: + description: |- + AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be + retrieved from Azure. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. + PodIdentityProfile: The pod identity profile of the Managed Cluster. See [use AAD pod + identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on AAD pod identity + integration. properties: allowNetworkPluginKubenet: description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod + AllowNetworkPluginKubenet: Whether pod identity is allowed to run on clusters with Kubenet networking. Running in + Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See + [using Kubenet network plugin with AAD Pod Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) for more information. type: boolean @@ -32247,12 +37920,59 @@ spec: clientId: description: 'ClientId: The client ID of the user assigned identity.' type: string + clientIdFromConfig: + description: 'ClientIdFromConfig: The client ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string + objectIdFromConfig: + description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object name: description: 'Name: The name of the pod identity.' @@ -32260,52 +37980,20 @@ spec: namespace: description: 'Namespace: The namespace of the pod identity.' type: string - provisioningInfo: - properties: - error: - description: 'Error: Pod identity assignment error (if any).' - properties: - error: - description: 'Error: Details about the error.' - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - details: - description: 'Details: A list of additional details about the error.' - items: - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: array - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: object - type: object - provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' - type: string + required: + - identity + - name + - namespace type: object type: array userAssignedIdentityExceptions: description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) + endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a + specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more + details. properties: name: description: 'Name: The name of the pod identity exception.' @@ -32318,19 +38006,13 @@ spec: type: string description: 'PodLabels: The pod labels to match.' type: object + required: + - name + - namespace + - podLabels type: object type: array type: object - powerState: - description: 'PowerState: The Power State of the cluster.' - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' - type: string privateLinkResources: description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: @@ -32339,15 +38021,29 @@ spec: groupId: description: 'GroupId: The group ID of the resource.' type: string - id: - description: 'Id: The ID of the private link resource.' - type: string name: description: 'Name: The name of the private link resource.' type: string - privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: description: 'RequiredMembers: The RequiredMembers of the resource' items: @@ -32358,39 +38054,12 @@ spec: type: string type: object type: array - provisioningState: - description: 'ProvisioningState: The current provisioning state.' - type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - type: string - resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) + description: 'PublicNetworkAccess: PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS' + enum: + - Disabled + - Enabled type: string - safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' - properties: - excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' - items: - type: string - type: array - level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces - type: string - systemExcludedNamespaces: - description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' - items: - type: string - type: array - version: - description: 'Version: The version of constraints to use' - type: string - type: object securityProfile: description: 'SecurityProfile: Security profile for the managed cluster.' properties: @@ -32411,33 +38080,72 @@ spec: type: string keyVaultNetworkAccess: description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. + KeyVaultNetworkAccess: Network access of the key vault. Network access of key vault. The possible values are `Public` + and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault + disables public access and enables private link. The default value is `Public`. + enum: + - Private + - Public type: string - keyVaultResourceId: + keyVaultResourceReference: description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - type: string + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object customCATrustCertificates: description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in + the cluster. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority). items: type: string + maxItems: 10 + minItems: 0 type: array defender: description: 'Defender: Microsoft Defender settings for the security profile.' properties: - logAnalyticsWorkspaceResourceId: + logAnalyticsWorkspaceResourceReference: description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. - type: string + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: @@ -32456,26 +38164,6 @@ spec: description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. - properties: - enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' - type: boolean - type: object - nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Node Restriction' - type: boolean - type: object workloadIdentity: description: |- WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications @@ -32509,9 +38197,26 @@ spec: keyObjectName: description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string - keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' - type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object rootCertObjectName: description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string @@ -32528,6 +38233,8 @@ spec: enabled: description: 'Enabled: Whether to enable the egress gateway.' type: boolean + required: + - enabled type: object type: array ingressGateways: @@ -32542,8 +38249,14 @@ spec: type: boolean mode: description: 'Mode: Mode of an ingress gateway.' - type: string - type: object + enum: + - External + - Internal + type: string + required: + - enabled + - mode + type: object type: array type: object revisions: @@ -32553,11 +38266,17 @@ spec: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string + maxItems: 2 type: array type: object mode: description: 'Mode: Mode of the service mesh.' + enum: + - Disabled + - Istio type: string + required: + - mode type: object servicePrincipalProfile: description: |- @@ -32567,17 +38286,41 @@ spec: clientId: description: 'ClientId: The ID for the service principal.' type: string + secret: + description: 'Secret: The secret password associated with the service principal in plain text.' + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + required: + - clientId type: object sku: description: 'Sku: The managed cluster SKU.' properties: name: description: 'Name: The name of a managed cluster SKU.' + enum: + - Automatic + - Base type: string tier: description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing + Tier: The tier of a managed cluster SKU. If not specified, the default is 'Free'. See [AKS Pricing Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. + enum: + - Free + - Premium + - Standard type: string type: object storageProfile: @@ -32596,9 +38339,6 @@ spec: enabled: description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' - type: string type: object fileCSIDriver: description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' @@ -32617,37 +38357,15 @@ spec: type: object supportPlan: description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' + enum: + - AKSLongTermSupport + - KubernetesOfficial type: string - systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' - properties: - createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' - type: string - createdBy: - description: 'CreatedBy: The identity that created the resource.' - type: string - createdByType: - description: 'CreatedByType: The type of identity that created the resource.' - type: string - lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' - type: string - lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' - type: string - lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' - type: string - type: object tags: additionalProperties: type: string description: 'Tags: Resource tags.' type: object - type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' - type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: @@ -32670,6 +38388,31 @@ spec: windowsProfile: description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: + adminPassword: + description: |- + AdminPassword: Specifies the password of the administrator account. + Minimum-length: 8 characters + Max-length: 123 characters + Complexity requirements: 3 out of 4 conditions below need to be fulfilled + Has lower characters + Has upper characters + Has a digit + Has a special character (Regex match [\W_]) + Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", + "Password22", "iloveyou!" + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: description: |- AdminUsername: Specifies the name of the administrator account. @@ -32682,7 +38425,7 @@ spec: type: string enableCSIProxy: description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub + EnableCSIProxy: Whether to enable CSI proxy. For more details on CSI proxy, see the [CSI proxy GitHub repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: @@ -32694,7 +38437,7 @@ spec: Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' + description: 'Enabled: Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: description: |- @@ -32706,7 +38449,12 @@ spec: description: |- LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. + enum: + - None + - Windows_Server type: string + required: + - adminUsername type: object workloadAutoScalerProfile: description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' @@ -32717,2762 +38465,2036 @@ spec: enabled: description: 'Enabled: Whether to enable KEDA.' type: boolean + required: + - enabled type: object verticalPodAutoscaler: + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' - type: string enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean + required: + - enabled type: object type: object + required: + - location + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240402previewstorage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20240402preview.ManagedCluster_Spec + status: + description: Managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + description: 'AadProfile: The Azure Active Directory configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminGroupObjectIDs: + description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: + description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: + description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: + description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: + description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: + description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: + description: |- + TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment + subscription. type: string type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. + description: A Kubernetes add-on profile for a managed cluster. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object config: additionalProperties: type: string + description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: + description: 'Enabled: Whether the add-on is enabled or not.' type: boolean + identity: + description: 'Identity: Information of user assigned identity used by this add-on.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object type: object + description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: + description: 'AgentPoolProfiles: The agent pool properties.' items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. + description: Profile for the container service agent pool. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: + description: |- + AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType + property is 'VirtualMachineScaleSets'. items: type: string type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' + type: string count: + description: |- + Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) + for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. + CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using + a snapshot. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' + type: string type: object + currentOrchestratorVersion: + description: |- + CurrentOrchestratorVersion: The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully + specified version , this field will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version being used. + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableAutoScaling: - type: boolean - enableCustomCATrust: + description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: + description: |- + EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM + sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: + description: |- + EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more + details. type: boolean enableNodePublicIP: + description: |- + EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to + receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to + make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP + per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false. type: boolean enableUltraSSD: + description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. type: integer type: object gpuInstanceProfile: + description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile + description: 'GpuProfile: GPU settings for the Agent Pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean + driver: + description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' + type: string type: object - hostGroupReference: + hostGroupID: description: |- - HostGroupReference: This is of the form: + HostGroupID: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only + in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal + numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', + 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: |- + ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image + garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: + description: |- + ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set + higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: + description: |- + KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral + storage. type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages + available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For + more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and + 'never'. The default is 'always'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: + description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: + description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: + description: |- + MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to + /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: + description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: + description: |- + Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional + information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: + description: |- + Name: Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool + names must be 6 characters or less. type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. + description: 'NetworkProfile: Network-related settings of an agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. + description: The port range. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. type: integer protocol: + description: 'Protocol: The network protocol of the port.' type: string type: object type: array - applicationSecurityGroupsReferences: + applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + type: string + type: array + nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' + items: + description: Contains the IPTag associated with the object. properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array + nodeImageVersion: + description: 'NodeImageVersion: The version of node image' + type: string nodeLabels: additionalProperties: type: string + description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object - nodePublicIPPrefixReference: + nodePublicIPPrefixID: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixID: The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string nodeTaints: + description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: + description: |- + OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: + description: |- + OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it + and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after + creation. For more information see [Ephemeral + OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: + description: |- + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: + description: 'OsType: The operating system type. The default is Linux.' type: string podIPAllocationMode: + description: |- + PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with + podSubnetId. The default is 'DynamicIndividual'. type: string - podSubnetReference: + podSubnetID: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodSubnetID: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the + node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string powerState: description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster + PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. + The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not + accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + provisioningState: + description: 'ProvisioningState: The current deployment or provisioning state.' + type: string + proximityPlacementGroupID: + description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' + type: string scaleDownMode: + description: |- + ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete. type: string scaleSetEvictionPolicy: + description: |- + ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the + scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. type: string scaleSetPriority: + description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. + description: 'SecurityProfile: The security settings of an agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: + description: |- + SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal + value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number + status: + description: 'Status: Contains read-only information about the Agent Pool.' + properties: + provisioningError: + description: |- + ProvisioningError: The error detail information of the agent pool. Preserves the detailed info of failure. If there was + no error, this field is omitted. + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: object tags: additionalProperties: type: string + description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: + description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool + description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and + graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is + exceeded, the upgrade fails. If not specified, the default is 30 minutes. type: integer maxSurge: + description: |- + MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer + (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size + at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For + more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster + type: string + maxUnavailable: + description: |- + MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This + can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the + percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If + not specified, the default is 0. For more information, including best practices, see: + https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node + and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. + description: Current status on a group of nodes of the same vm size. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: 'Count: Number of nodes.' type: integer size: + description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. + description: Specifications on number of machines. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: 'Count: Number of nodes.' type: integer - sizes: - items: - type: string - type: array + size: + description: |- + Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or + 'Standard_D16s_v5'. + type: string type: object type: array type: object type: object vmSize: + description: |- + VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute + resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: + https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string - vnetSubnetReference: + vnetSubnetID: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetID: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not + specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, + otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. + description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object disableOutboundNat: + description: |- + DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only + be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: + description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. + description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. + description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object authorizedIPRanges: + description: |- + AuthorizedIPRanges: The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR + format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters + that are using a Basic Load Balancer. For more information see [API server authorized IP + ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: + description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: + description: |- + EnablePrivateCluster: Whether to create the cluster as a private cluster or not. For more details, see [Creating a + private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: + description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: + description: |- + EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not. See + aka.ms/AksVnetIntegration for more details. type: boolean privateDNSZone: + description: |- + PrivateDNSZone: The private DNS zone mode for the cluster. The default is System. For more details see [configure + private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are + 'system' and 'none'. type: string subnetId: + description: |- + SubnetId: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new cluster + with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. type: string type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile + description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object balance-similar-node-groups: + description: |- + BalanceSimilarNodeGroups: Detects similar node pools and balances the number of nodes between them. Valid values are + 'true' and 'false' type: string daemonset-eviction-for-empty-nodes: + description: |- + DaemonsetEvictionForEmptyNodes: DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all + daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted + another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods + are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: + description: |- + DaemonsetEvictionForOccupiedNodes: DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, + all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted + another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods + are deleted or evicted. type: boolean expander: + description: |- + Expander: The expander to use when scaling up. If not specified, the default is 'random'. See + [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more + information. type: string ignore-daemonsets-utilization: + description: |- + IgnoreDaemonsetsUtilization: Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If + set to true, the resources used by daemonset will be taken into account when making scaling down decisions. type: boolean max-empty-bulk-delete: + description: |- + MaxEmptyBulkDelete: The maximum number of empty nodes that can be deleted at the same time. This must be a positive + integer. The default is 10. type: string max-graceful-termination-sec: + description: |- + MaxGracefulTerminationSec: The maximum number of seconds the cluster autoscaler waits for pod termination when trying to + scale down a node. The default is 600. type: string max-node-provision-time: + description: |- + MaxNodeProvisionTime: The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values + must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string max-total-unready-percentage: + description: |- + MaxTotalUnreadyPercentage: The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, + cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. type: string new-pod-scale-up-delay: + description: |- + NewPodScaleUpDelay: Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you + don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled + pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, + 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: + description: |- + OkTotalUnreadyCount: The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an + integer. The default is 3. type: string scale-down-delay-after-add: + description: |- + ScaleDownDelayAfterAdd: How long after scale up that scale down evaluation resumes. The default is '10m'. Values must be + an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-delete: + description: |- + ScaleDownDelayAfterDelete: How long after node deletion that scale down evaluation resumes. The default is the + scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-failure: + description: |- + ScaleDownDelayAfterFailure: How long after scale down failure that scale down evaluation resumes. The default is '3m'. + Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unneeded-time: + description: |- + ScaleDownUnneededTime: How long a node should be unneeded before it is eligible for scale down. The default is '10m'. + Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unready-time: + description: |- + ScaleDownUnreadyTime: How long an unready node should be unneeded before it is eligible for scale down. The default is + '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-utilization-threshold: + description: |- + ScaleDownUtilizationThreshold: Node utilization level, defined as sum of requested resources divided by capacity, below + which a node can be considered for scale down. The default is '0.5'. type: string scan-interval: + description: |- + ScanInterval: How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer + number of seconds. type: string skip-nodes-with-local-storage: + description: |- + SkipNodesWithLocalStorage: If cluster autoscaler will skip deleting nodes with pods with local storage, for example, + EmptyDir or HostPath. The default is true. type: string skip-nodes-with-system-pods: + description: |- + SkipNodesWithSystemPods: If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet + or mirror pods). The default is true. type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. + description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object nodeOSUpgradeChannel: + description: 'NodeOSUpgradeChannel: Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: + description: |- + UpgradeChannel: The upgrade channel for auto upgrade. The default is 'none'. For more information see [setting the AKS + cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile - Prometheus addon profile for the container service cluster + description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - appMonitoring: + metrics: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: + enabled: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: + Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See + aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + type: boolean + kubeStateMetrics: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. + KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: - $propertyBag: - additionalProperties: - type: string + metricAnnotationsAllowList: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string + MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's + labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric + contains only resource name and namespace labels. + type: string + metricLabelsAllowlist: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer + MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's + labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only + resource name and namespace labels. + type: string type: object type: object - containerInsights: + type: object + azurePortalFQDN: + description: |- + AzurePortalFQDN: The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by + the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource + Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn't handle by default. This special + FQDN supports CORS, allowing the Azure Portal to function properly. + type: string + bootstrapProfile: + description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' + properties: + artifactSource: + description: 'ArtifactSource: The artifact source. The source where the artifacts are downloaded from.' + type: string + containerRegistryId: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - syslogPort: - type: integer - type: object - metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the prometheus service addon - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics for prometheus addon profile for the container service cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile - The bootstrap profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - artifactSource: + ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium + SKU and zone redundancy. type: string - containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object - creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: + description: |- + CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully + specified version , this field will be exactly equal to it. If kubernetesVersion was , + this field will contain the full version being used. + type: string disableLocalAccounts: + description: |- + DisableLocalAccounts: If local accounts should be disabled on the Managed Cluster. If set to true, getting static + credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more + details see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean - diskEncryptionSetReference: + diskEncryptionSetID: description: |- - DiskEncryptionSetReference: This is of the form: + DiskEncryptionSetID: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the + form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string dnsPrefix: + description: 'DnsPrefix: The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.' + type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean enableRBAC: + description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation - The complex type of the extended location. + description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the extended location.' type: string type: + description: 'Type: The type of the extended location.' type: string type: object + fqdn: + description: 'Fqdn: The FQDN of the master pool.' + type: string fqdnSubdomain: + description: |- + FqdnSubdomain: The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the + Managed Cluster has been created. type: string httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. + description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object httpProxy: + description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: + description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: + description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: + description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object - identity: + id: description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity - Identity for the managed cluster. + Id: Fully qualified resource ID for the resource. E.g. + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" + type: string + identity: + description: 'Identity: The identity of the managed cluster, if configured.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource - Delegated resource properties - internal use only. + description: Delegated resource properties - internal use only. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object location: + description: 'Location: The source resource location - internal use only.' type: string referralResource: + description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' + type: string + resourceId: + description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object tenantId: + description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object + description: |- + DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another + Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' + type: string + tenantId: + description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' + type: string type: + description: |- + Type: The type of identity used for the managed cluster. For more information see [use managed identities in + AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: - items: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentityDetails - Information about the user assigned identity for the resource + additionalProperties: properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + clientId: + description: 'ClientId: The client id of user assigned identity.' + type: string + principalId: + description: 'PrincipalId: The principal id of user assigned identity.' + type: string type: object - type: array + description: |- + UserAssignedIdentities: The user identity associated with the managed cluster. This identity will be used in control + plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + type: object type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. + description: Details about a user assigned identity. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object type: object + description: |- + IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only + one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile - Ingress profile for the container service cluster. + description: 'IngressProfile: Ingress profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object webAppRouting: description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting - Web App Routing settings for the ingress profile. + WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this + feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: - $propertyBag: - additionalProperties: - type: string + dnsZoneResourceIds: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceReferences: + DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when + Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public + DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array enabled: + description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean + identity: + description: |- + Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, + for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview + of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object + nginx: + description: |- + Nginx: Configuration for the default NginxIngressController. See more at + https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. + properties: + defaultIngressControllerType: + description: 'DefaultIngressControllerType: Ingress type for the default NginxIngressController custom resource' + type: string + type: object type: object type: object kind: + description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' type: string kubernetesVersion: + description: |- + KubernetesVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS + cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version + number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not + allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. + description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object adminUsername: + description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. + description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicKeys: + description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. + description: Contains information about SSH certificate public key data. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keyData: + description: |- + KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or + without headers. type: string type: object type: array type: object type: object location: + description: 'Location: The geo-location where the resource lives' type: string + maxAgentPools: + description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' + type: integer metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. + description: 'MetricsProfile: Optional cluster metrics configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster + description: 'CostAnalysis: The configuration for detailed per-Kubernetes resource cost analysis.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: |- + Enabled: Whether to enable cost analysis. The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable + this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure + portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object + name: + description: 'Name: The name of the resource' + type: string networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile - Profile of network configuration. + description: 'NetworkProfile: The network configuration profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object advancedNetworking: description: |- - Storage version of v1api20240402preview.AdvancedNetworking - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. + AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For + more information see aka.ms/aksadvancednetworking. properties: - $propertyBag: - additionalProperties: - type: string + enabled: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. + When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If + not specified, the default is false. + type: boolean observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. + description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: - $propertyBag: - additionalProperties: - type: string + enabled: + description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' + type: boolean + type: object + security: + description: 'Security: Security profile to enable security features on cilium based cluster.' + properties: + advancedNetworkPolicies: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + AdvancedNetworkPolicies: Enable advanced network policies. This allows users to configure Layer 7 network policies + (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see + https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not + specified, the default value is FQDN if security.enabled is set to true. + type: string enabled: + description: |- + Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on + cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: + description: |- + DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address + range specified in serviceCidr. type: string ipFamilies: + description: |- + IpFamilies: The IP families used to specify IP versions available to the cluster. IP families are used to determine + single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values + are IPv4 and IPv6. items: type: string type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scheduler: - type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer - type: object - mode: - type: string - type: object loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. + description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object allocatedOutboundPorts: + description: |- + AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 + (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - type: string - clusterServiceLoadBalancerHealthProbeMode: + description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array enableMultipleStandardLoadBalancers: + description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs + description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values + must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: + description: |- + CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed + values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes + description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPPrefixes: + description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs + description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object publicIPs: + description: 'PublicIPs: A list of public IP resources.' items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array type: object type: object loadBalancerSku: + description: |- + LoadBalancerSku: The load balancer sku for the managed cluster. The default is 'standard'. See [Azure Load Balancer + SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load + balancer SKUs. type: string natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. + description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object effectiveOutboundIPs: + description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. + description: A reference to an Azure resource. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + id: + description: 'Id: The fully qualified Azure resource id.' + type: string type: object type: array idleTimeoutInMinutes: + description: |- + IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 + (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. + description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object count: + description: |- + Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 + (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: + description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: + description: |- + NetworkMode: The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other + than 'azure'. type: string networkPlugin: + description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: + description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: + description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: + description: |- + OutboundType: The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed + later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: + description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: + description: |- + PodCidrs: The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack + networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. items: type: string type: array - podLinkLocalAccess: - type: string serviceCidr: + description: |- + ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP + ranges. type: string serviceCidrs: + description: |- + ServiceCidrs: The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for + single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must + not overlap with any Subnet IP ranges. items: type: string type: array staticEgressGatewayProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile - The Static Egress Gateway addon configuration for the cluster. + StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, + see https://aka.ms/aks/static-egress-gateway. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile + description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: - $propertyBag: - additionalProperties: - type: string + defaultNodePools: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object + DefaultNodePools: The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no + effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default + Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly + recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, + the default is Auto. For more information see aka.ms/aks/nap#node-pools. + type: string mode: + description: 'Mode: The node provisioning mode. If not specified, the default is Manual.' type: string type: object nodeResourceGroup: + description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. + description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object restrictionLevel: + description: |- + RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is + 'Unrestricted' type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. + description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean + issuerURL: + description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + PodIdentityProfile: The pod identity profile of the Managed Cluster. See [use AAD pod + identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on AAD pod identity + integration. properties: - $propertyBag: - additionalProperties: - type: string + allowNetworkPluginKubenet: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: + AllowNetworkPluginKubenet: Whether pod identity is allowed to run on clusters with Kubenet networking. Running in + Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See + [using Kubenet network plugin with AAD Pod + Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) + for more information. + type: boolean + enabled: + description: 'Enabled: Whether the pod identity addon is enabled.' + type: boolean + userAssignedIdentities: + description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + description: Details about the pod identity assigned to the Managed Cluster. properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + bindingSelector: + description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string + identity: + description: 'Identity: The user assigned identity details.' + properties: + clientId: + description: 'ClientId: The client ID of the user assigned identity.' + type: string + objectId: + description: 'ObjectId: The object ID of the user assigned identity.' + type: string + resourceId: + description: 'ResourceId: The resource ID of the user assigned identity.' + type: string + type: object name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + description: 'Name: The name of the pod identity.' type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: + description: 'Namespace: The namespace of the pod identity.' + type: string + provisioningInfo: + properties: + error: + description: 'Error: Pod identity assignment error (if any).' + properties: + error: + description: 'Error: Details about the error.' + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + details: + description: 'Details: A list of additional details about the error.' + items: + properties: + code: + description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' + type: string + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: array + message: + description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' + type: string + target: + description: 'Target: The target of the particular error. For example, the name of the property in error.' + type: string + type: object + type: object + type: object + provisioningState: + description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string - required: - - name - - value type: object type: array - configMaps: - description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: + userAssignedIdentityExceptions: + description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) + endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a + specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more + details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of the pod identity exception.' type: string namespace: + description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string + description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object + powerState: + description: 'PowerState: The Power State of the cluster.' + properties: + code: + description: 'Code: Tells whether the cluster is Running or Stopped' + type: string + type: object + privateFQDN: + description: 'PrivateFQDN: The FQDN of private cluster.' + type: string privateLinkResources: + description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource - A private link resource + description: A private link resource properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object groupId: + description: 'GroupId: The group ID of the resource.' + type: string + id: + description: 'Id: The ID of the private link resource.' type: string name: + description: 'Name: The name of the private link resource.' + type: string + privateLinkServiceID: + description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object requiredMembers: + description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: + description: 'Type: The resource type.' type: string type: object type: array + provisioningState: + description: 'ProvisioningState: The current provisioning state.' + type: string publicNetworkAccess: + description: 'PublicNetworkAccess: PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS' type: string - safeguardsProfile: + resourceUID: description: |- - Storage version of v1api20240402preview.SafeguardsProfile - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - version: - type: string - type: object + ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create + sequence) + type: string securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile - Security profile for the container service cluster. + description: 'SecurityProfile: Security profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object azureKeyVaultKms: description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. + AzureKeyVaultKms: Azure Key Vault [key management + service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: + description: |- + KeyId: Identifier of Azure Key Vault key. See [key identifier + format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) + for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key + identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: + description: |- + KeyVaultNetworkAccess: Network access of the key vault. Network access of key vault. The possible values are `Public` + and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault + disables public access and enables private link. The default value is `Public`. type: string - keyVaultResourceReference: + keyVaultResourceId: description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must + be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + type: string type: object customCATrustCertificates: + description: |- + CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in + the cluster. For more information see [Custom CA Trust + Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority). items: type: string type: array defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. + description: 'Defender: Microsoft Defender settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: + logAnalyticsWorkspaceResourceId: description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. + When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft + Defender is disabled, leave the field empty. + type: string securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. + description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. + description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: + description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. + WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications + to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile - Service mesh profile for a managed cluster. + description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh - Istio service mesh configuration. + description: 'Istio: Istio service mesh configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certificateAuthority: description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca + CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin + certificates as described here https://aka.ms/asm-plugin-ca properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. + description: 'Plugin: Plugin certificates information for Service Mesh.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object certChainObjectName: + description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: + description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: + description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' + type: string + keyVaultId: + description: 'KeyVaultId: The resource ID of the Key Vault.' type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object rootCertObjectName: + description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: |- - Storage version of v1api20240402preview.IstioComponents - Istio components configuration. + description: 'Components: Istio components configuration.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object egressGateways: + description: 'EgressGateways: Istio egress gateways.' items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway - Istio egress gateway configuration. + description: Istio egress gateway configuration. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: + description: 'IngressGateways: Istio ingress gateways.' items: description: |- - Storage version of v1api20240402preview.IstioIngressGateway Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: + description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: + description: |- + Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. + When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: + https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: + description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. + ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure + APIs. properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object clientId: + description: 'ClientId: The ID for the service principal.' type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object type: object sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU - The SKU of a Managed Cluster. + description: 'Sku: The managed cluster SKU.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object name: + description: 'Name: The name of a managed cluster SKU.' type: string tier: + description: |- + Tier: The tier of a managed cluster SKU. If not specified, the default is 'Free'. See [AKS Pricing + Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object - storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile - Storage profile for the container service cluster. + status: + description: 'Status: Contains read-only information about the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string + provisioningError: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + ProvisioningError: The error details information of the managed cluster. Preserves the detailed info of failure. If + there was no error, this field is omitted. + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string type: object + type: object + storageProfile: + description: 'StorageProfile: Storage profile for the managed cluster.' + properties: blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. + description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. + description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean - version: - type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. + description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. + description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: + description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string + systemData: + description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object tags: additionalProperties: type: string + description: 'Tags: Resource tags.' type: object + type: + description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' + type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings - Settings for upgrading a cluster. + description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. + description: 'OverrideSettings: Settings for overrides.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object forceUpgrade: + description: |- + ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade + protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: + description: |- + Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the + effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set + by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. + description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object adminUsername: + description: |- + AdminUsername: Specifies the name of the administrator account. + Restriction: Cannot end in "." + Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", + "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", + "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". + Minimum-length: 1 character + Max-length: 20 characters type: string enableCSIProxy: + description: |- + EnableCSIProxy: Whether to enable CSI proxy. For more details on CSI proxy, see the [CSI proxy GitHub + repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. + description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object dnsServer: + description: |- + DnsServer: Specifies the DNS server for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: + description: 'Enabled: Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: + description: |- + RootDomainName: Specifies the root domain name for Windows gMSA. + Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: + description: |- + LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User + Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. + description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object enabled: + description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - addonAutoscaling: - type: string enabled: + description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object - required: - - owner type: object - status: + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250801storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20250801.ManagedCluster + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} + properties: + apiVersion: description: |- - Storage version of v1api20240402preview.ManagedCluster_STATUS - Managed cluster. + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20250801.ManagedCluster_Spec properties: $propertyBag: additionalProperties: @@ -35483,8 +40505,9 @@ spec: type: object aadProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). + Storage version of v1api20250801.ManagedClusterAADProfile + AADProfile specifies attributes for Azure Active Directory integration. For more details see [managed AAD on + AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: @@ -35513,7 +40536,7 @@ spec: addonProfiles: additionalProperties: description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS + Storage version of v1api20250801.ManagedClusterAddonProfile A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: @@ -35529,31 +40552,12 @@ spec: type: object enabled: type: boolean - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object type: object type: object agentPoolProfiles: items: description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS + Storage version of v1api20250801.ManagedClusterAgentPoolProfile Profile for the container service agent pool. properties: $propertyBag: @@ -35563,30 +40567,35 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string type: array - capacityReservationGroupID: - type: string + capacityReservationGroupReference: + description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object count: type: integer creationData: description: |- - Storage version of v1api20240402preview.CreationData_STATUS + Storage version of v1api20250801.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -35596,17 +40605,29 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - sourceResourceId: - type: string + sourceResourceReference: + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - currentOrchestratorVersion: - type: string - eTag: - type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -35617,7 +40638,7 @@ spec: type: boolean gatewayProfile: description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Storage version of v1api20250801.AgentPoolGatewayProfile Profile of the managed cluster gateway agent pool. properties: $propertyBag: @@ -35633,7 +40654,9 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS + description: |- + Storage version of v1api20250801.GPUProfile + GPU settings for the Agent Pool. properties: $propertyBag: additionalProperties: @@ -35642,15 +40665,38 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - installGPUDriver: - type: boolean + driver: + type: string + type: object + hostGroupReference: + description: |- + HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used + only in creation scenario and not allowed to changed once set. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. + For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object - hostGroupID: - type: string kubeletConfig: description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.KubeletConfig + Kubelet configurations of agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -35688,8 +40734,9 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.LinuxOSConfig + OS configurations of Linux agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -35702,7 +40749,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS + Storage version of v1api20250801.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -35788,7 +40835,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Storage version of v1api20250801.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -35801,7 +40848,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20240402preview.PortRange_STATUS + Storage version of v1api20250801.PortRange The port range. properties: $propertyBag: @@ -35819,14 +40866,32 @@ spec: type: string type: object type: array - applicationSecurityGroups: + applicationSecurityGroupsReferences: items: - type: string + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: array nodePublicIPTags: items: description: |- - Storage version of v1api20240402preview.IPTag_STATUS + Storage version of v1api20250801.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -35843,39 +40908,74 @@ spec: type: object type: array type: object - nodeImageVersion: - type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string + nodePublicIPPrefixReference: + description: |- + NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + nodeTaints: + items: + type: string + type: array + orchestratorVersion: + type: string + osDiskSizeGB: + type: integer + osDiskType: + type: string osSKU: type: string osType: type: string podIPAllocationMode: type: string - podSubnetID: - type: string + podSubnetReference: + description: |- + PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object powerState: description: |- - Storage version of v1api20240402preview.PowerState_STATUS + Storage version of v1api20250801.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -35888,10 +40988,26 @@ spec: code: type: string type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string + proximityPlacementGroupReference: + description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object scaleDownMode: type: string scaleSetEvictionPolicy: @@ -35900,7 +41016,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + Storage version of v1api20250801.AgentPoolSecurityProfile The security settings of an agent pool. properties: $propertyBag: @@ -35927,7 +41043,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20250801.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -35941,6 +41057,8 @@ spec: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer undrainableNodeBehavior: @@ -35949,7 +41067,7 @@ spec: virtualMachineNodesStatus: items: description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Storage version of v1api20250801.VirtualMachineNodes Current status on a group of nodes of the same vm size. properties: $propertyBag: @@ -35967,7 +41085,7 @@ spec: type: array virtualMachinesProfile: description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Storage version of v1api20250801.VirtualMachinesProfile Specifications on VirtualMachines agent pool. properties: $propertyBag: @@ -35979,7 +41097,7 @@ spec: type: object scale: description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS + Storage version of v1api20250801.ScaleProfile Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: @@ -35989,33 +41107,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array manual: items: description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Storage version of v1api20250801.ManualScaleProfile Specifications on number of machines. properties: $propertyBag: @@ -36027,21 +41122,41 @@ spec: type: object count: type: integer - sizes: - items: - type: string - type: array + size: + type: string type: object type: array type: object type: object vmSize: type: string - vnetSubnetID: - type: string + vnetSubnetReference: + description: |- + VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is + not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and + pods, otherwise it applies to just nodes. This is of the form: + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object windowsProfile: description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + Storage version of v1api20250801.AgentPoolWindowsProfile The Windows agent pool's specific profile. properties: $propertyBag: @@ -36060,7 +41175,7 @@ spec: type: array aiToolchainOperatorProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS + Storage version of v1api20250801.ManagedClusterAIToolchainOperatorProfile When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them. @@ -36077,7 +41192,7 @@ spec: type: object apiServerAccessProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS + Storage version of v1api20250801.ManagedClusterAPIServerAccessProfile Access profile for managed cluster API server. properties: $propertyBag: @@ -36101,11 +41216,31 @@ spec: type: boolean privateDNSZone: type: string - subnetId: - type: string + subnetReference: + description: |- + SubnetReference: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new + cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS + description: Storage version of v1api20250801.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: @@ -36157,7 +41292,7 @@ spec: type: object autoUpgradeProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS + Storage version of v1api20250801.ManagedClusterAutoUpgradeProfile Auto upgrade profile for a managed cluster. properties: $propertyBag: @@ -36174,8 +41309,8 @@ spec: type: object azureMonitorProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS - Prometheus addon profile for the container service cluster + Storage version of v1api20250801.ManagedClusterAzureMonitorProfile + Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: @@ -36184,104 +41319,12 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - port: - type: integer - type: object - type: object - containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableCustomMetrics: - type: boolean - disablePrometheusMetricsScraping: - type: boolean - enabled: - type: boolean - logAnalyticsWorkspaceResourceId: - type: string - syslogPort: - type: integer - type: object metrics: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the prometheus service addon + Storage version of v1api20250801.ManagedClusterAzureMonitorProfileMetrics + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See + aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: @@ -36294,8 +41337,10 @@ spec: type: boolean kubeStateMetrics: description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics for prometheus addon profile for the container service cluster + Storage version of v1api20250801.ManagedClusterAzureMonitorProfileKubeStateMetrics + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + details. properties: $propertyBag: additionalProperties: @@ -36311,11 +41356,14 @@ spec: type: object type: object type: object - azurePortalFQDN: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. type: string bootstrapProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS + Storage version of v1api20250801.ManagedClusterBootstrapProfile The bootstrap profile. properties: $propertyBag: @@ -36327,86 +41375,61 @@ spec: type: object artifactSource: type: string - containerRegistryId: - type: string + containerRegistryReference: + description: |- + ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, + premium SKU and zone redundancy. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - creationData: + disableLocalAccounts: + type: boolean + diskEncryptionSetReference: description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. + DiskEncryptionSetReference: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is + of the form: + '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: - $propertyBag: - additionalProperties: - type: string + armId: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. type: string type: object - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string dnsPrefix: type: string - eTag: - type: string - enableNamespaceResources: - type: boolean - enablePodSecurityPolicy: - type: boolean enableRBAC: type: boolean extendedLocation: description: |- - Storage version of v1api20240402preview.ExtendedLocation_STATUS + Storage version of v1api20250801.ExtendedLocation The complex type of the extended location. properties: $propertyBag: @@ -36421,13 +41444,11 @@ spec: type: type: string type: object - fqdn: - type: string fqdnSubdomain: type: string httpProxyConfig: description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS + Storage version of v1api20250801.ManagedClusterHTTPProxyConfig Cluster HTTP proxy configuration. properties: $propertyBag: @@ -36437,10 +41458,6 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - effectiveNoProxy: - items: - type: string - type: array httpProxy: type: string httpsProxy: @@ -36452,11 +41469,9 @@ spec: trustedCa: type: string type: object - id: - type: string identity: description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS + Storage version of v1api20250801.ManagedClusterIdentity Identity for the managed cluster. properties: $propertyBag: @@ -36469,7 +41484,7 @@ spec: delegatedResources: additionalProperties: description: |- - Storage version of v1api20240402preview.DelegatedResource_STATUS + Storage version of v1api20250801.DelegatedResource Delegated resource properties - internal use only. properties: $propertyBag: @@ -36483,21 +41498,37 @@ spec: type: string referralResource: type: string - resourceId: - type: string + resourceReference: + description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object tenantId: type: string type: object type: object - principalId: - type: string - tenantId: - type: string type: type: string userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS + items: + description: |- + Storage version of v1api20250801.UserAssignedIdentityDetails + Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: @@ -36506,17 +41537,33 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - clientId: - type: string - principalId: - type: string + reference: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object - type: object + type: array type: object identityProfile: additionalProperties: description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Storage version of v1api20250801.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -36528,15 +41575,67 @@ spec: type: object clientId: type: string + clientIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object objectId: type: string - resourceId: - type: string + objectIdFromConfig: + description: |- + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: object ingressProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS + Storage version of v1api20250801.ManagedClusterIngressProfile Ingress profile for the container service cluster. properties: $propertyBag: @@ -36548,8 +41647,8 @@ spec: type: object webAppRouting: description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS - Web App Routing settings for the ingress profile. + Storage version of v1api20250801.ManagedClusterIngressProfileWebAppRouting + Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: @@ -36558,29 +41657,41 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - dnsZoneResourceIds: + dnsZoneResourceReferences: items: - type: string - type: array - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: + description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object + type: array + enabled: + type: boolean + nginx: + description: Storage version of v1api20250801.ManagedClusterIngressProfileNginx + properties: + $propertyBag: additionalProperties: type: string description: |- PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - clientId: - type: string - objectId: - type: string - resourceId: + defaultIngressControllerType: type: string type: object type: object @@ -36591,7 +41702,7 @@ spec: type: string linuxProfile: description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS + Storage version of v1api20250801.ContainerServiceLinuxProfile Profile for Linux VMs in the container service cluster. properties: $propertyBag: @@ -36605,7 +41716,7 @@ spec: type: string ssh: description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS + Storage version of v1api20250801.ContainerServiceSshConfiguration SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: @@ -36618,7 +41729,7 @@ spec: publicKeys: items: description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS + Storage version of v1api20250801.ContainerServiceSshPublicKey Contains information about SSH certificate public key data. properties: $propertyBag: @@ -36636,11 +41747,9 @@ spec: type: object location: type: string - maxAgentPools: - type: integer metricsProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS + Storage version of v1api20250801.ManagedClusterMetricsProfile The metrics profile for the ManagedCluster. properties: $propertyBag: @@ -36652,7 +41761,7 @@ spec: type: object costAnalysis: description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS + Storage version of v1api20250801.ManagedClusterCostAnalysis The cost analysis configuration for the cluster properties: $propertyBag: @@ -36666,11 +41775,9 @@ spec: type: boolean type: object type: object - name: - type: string networkProfile: description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS + Storage version of v1api20250801.ContainerServiceNetworkProfile Profile of network configuration. properties: $propertyBag: @@ -36682,9 +41789,9 @@ spec: type: object advancedNetworking: description: |- - Storage version of v1api20240402preview.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. + Storage version of v1api20250801.AdvancedNetworking + Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see + aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: @@ -36693,9 +41800,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + enabled: + type: boolean observability: description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS + Storage version of v1api20250801.AdvancedNetworkingObservability Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: @@ -36708,27 +41817,10 @@ spec: enabled: type: boolean type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + security: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS + Storage version of v1api20250801.AdvancedNetworkingSecurity + Security profile to enable security features on cilium based cluster. properties: $propertyBag: additionalProperties: @@ -36737,21 +41829,21 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - scheduler: + advancedNetworkPolicies: type: string - tcpFinTimeoutSeconds: - type: integer - tcpTimeoutSeconds: - type: integer - udpTimeoutSeconds: - type: integer + enabled: + type: boolean type: object - mode: - type: string type: object + dnsServiceIP: + type: string + ipFamilies: + items: + type: string + type: array loadBalancerProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS + Storage version of v1api20250801.ManagedClusterLoadBalancerProfile Profile of the managed cluster load balancer. properties: $propertyBag: @@ -36765,31 +41857,12 @@ spec: type: integer backendPoolType: type: string - clusterServiceLoadBalancerHealthProbeMode: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array enableMultipleStandardLoadBalancers: type: boolean idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: @@ -36804,7 +41877,7 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: @@ -36816,7 +41889,7 @@ spec: publicIPPrefixes: items: description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS + Storage version of v1api20250801.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -36826,13 +41899,31 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: @@ -36844,7 +41935,7 @@ spec: publicIPs: items: description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS + Storage version of v1api20250801.ResourceReference A reference to an Azure resource. properties: $propertyBag: @@ -36854,8 +41945,26 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - id: - type: string + reference: + description: 'Reference: The fully qualified Azure resource id.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object type: array type: object @@ -36864,7 +41973,7 @@ spec: type: string natGatewayProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS + Storage version of v1api20250801.ManagedClusterNATGatewayProfile Profile of the managed cluster NAT gateway. properties: $propertyBag: @@ -36874,28 +41983,11 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array idleTimeoutInMinutes: type: integer managedOutboundIPProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS + Storage version of v1api20250801.ManagedClusterManagedOutboundIPProfile Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: @@ -36927,8 +42019,6 @@ spec: items: type: string type: array - podLinkLocalAccess: - type: string serviceCidr: type: string serviceCidrs: @@ -36937,7 +42027,7 @@ spec: type: array staticEgressGatewayProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS + Storage version of v1api20250801.ManagedClusterStaticEgressGatewayProfile The Static Egress Gateway addon configuration for the cluster. properties: $propertyBag: @@ -36952,7 +42042,7 @@ spec: type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS + description: Storage version of v1api20250801.ManagedClusterNodeProvisioningProfile properties: $propertyBag: additionalProperties: @@ -36961,6 +42051,8 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + defaultNodePools: + type: string mode: type: string type: object @@ -36968,7 +42060,7 @@ spec: type: string nodeResourceGroupProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS + Storage version of v1api20250801.ManagedClusterNodeResourceGroupProfile Node resource group lockdown profile for a managed cluster. properties: $propertyBag: @@ -36983,7 +42075,7 @@ spec: type: object oidcIssuerProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS + Storage version of v1api20250801.ManagedClusterOIDCIssuerProfile The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: @@ -36995,14 +42087,174 @@ spec: type: object enabled: type: boolean - issuerURL: + type: object + operatorSpec: + description: |- + Storage version of v1api20250801.ManagedClusterOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMapExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + configMaps: + description: Storage version of v1api20250801.ManagedClusterOperatorConfigMaps + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + oidcIssuerProfile: + description: |- + ConfigMapDestination describes the location to store a single configmap value + Note: This is similar to: SecretDestination in secrets.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the ConfigMap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes ConfigMap to write to. + The ConfigMap will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secrets: + description: Storage version of v1api20250801.ManagedClusterOperatorSecrets + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + adminCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + userCredentials: + description: |- + SecretDestination describes the location to store a single secret value. + Note: This is similar to: ConfigMapDestination in configmaps.go. + Changes to one may need to be made to the others as well. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced. + type: string + name: + description: |- + Name is the name of the Kubernetes secret to write to. + The secret will be created in the same namespace as the resource. + type: string + required: + - key + - name + type: object + type: object + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a resources.azure.com/ResourceGroup resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. + Storage version of v1api20250801.ManagedClusterPodIdentityProfile + The pod identity profile of the Managed Cluster. See [use AAD pod + identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: $propertyBag: additionalProperties: @@ -37018,7 +42270,7 @@ spec: userAssignedIdentities: items: description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS + Storage version of v1api20250801.ManagedClusterPodIdentity Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: @@ -37032,7 +42284,7 @@ spec: type: string identity: description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS + Storage version of v1api20250801.UserAssignedIdentity Details about a user assigned identity. properties: $propertyBag: @@ -37044,87 +42296,77 @@ spec: type: object clientId: type: string - objectId: - type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + clientIdFromConfig: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name type: object - error: + objectId: + type: string + objectIdFromConfig: description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. + ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as + the resource it is on. properties: - $propertyBag: - additionalProperties: - type: string + key: + description: Key is the key in the Kubernetes configmap being referenced + type: string + name: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: + Name is the name of the Kubernetes configmap being referenced. + The configmap must be in the same namespace as the resource + type: string + required: + - key + - name + type: object + resourceReference: + description: 'ResourceReference: The resource ID of the user assigned identity.' + properties: + armId: description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string type: object type: object - provisioningState: + name: + type: string + namespace: type: string type: object type: array userAssignedIdentityExceptions: items: description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + Storage version of v1api20250801.ManagedClusterPodIdentityException + A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) + endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a + specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more + details. properties: $propertyBag: additionalProperties: @@ -37144,27 +42386,10 @@ spec: type: object type: array type: object - powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string privateLinkResources: items: description: |- - Storage version of v1api20240402preview.PrivateLinkResource_STATUS + Storage version of v1api20250801.PrivateLinkResource A private link resource properties: $propertyBag: @@ -37176,12 +42401,28 @@ spec: type: object groupId: type: string - id: - type: string name: type: string - privateLinkServiceID: - type: string + reference: + description: 'Reference: The ID of the private link resource.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object requiredMembers: items: type: string @@ -37190,41 +42431,12 @@ spec: type: string type: object type: array - provisioningState: - type: string publicNetworkAccess: type: string - resourceUID: - type: string - safeguardsProfile: + securityProfile: description: |- - Storage version of v1api20240402preview.SafeguardsProfile_STATUS - The Safeguards profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - excludedNamespaces: - items: - type: string - type: array - level: - type: string - systemExcludedNamespaces: - items: - type: string - type: array - version: - type: string - type: object - securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. + Storage version of v1api20250801.ManagedClusterSecurityProfile + Security profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -37235,7 +42447,7 @@ spec: type: object azureKeyVaultKms: description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS + Storage version of v1api20250801.AzureKeyVaultKms Azure Key Vault key management service settings for the security profile. properties: $propertyBag: @@ -37251,8 +42463,28 @@ spec: type: string keyVaultNetworkAccess: type: string - keyVaultResourceId: - type: string + keyVaultResourceReference: + description: |- + KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and + must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object type: object customCATrustCertificates: items: @@ -37260,7 +42492,7 @@ spec: type: array defender: description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS + Storage version of v1api20250801.ManagedClusterSecurityProfileDefender Microsoft Defender settings for the security profile. properties: $propertyBag: @@ -37270,11 +42502,32 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - logAnalyticsWorkspaceResourceId: - type: string + logAnalyticsWorkspaceResourceReference: + description: |- + LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft + Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When + Microsoft Defender is disabled, leave the field empty. + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object securityMonitoring: description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Storage version of v1api20250801.ManagedClusterSecurityProfileDefenderSecurityMonitoring Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: @@ -37290,7 +42543,7 @@ spec: type: object imageCleaner: description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS + Storage version of v1api20250801.ManagedClusterSecurityProfileImageCleaner Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile. properties: @@ -37306,39 +42559,9 @@ spec: intervalHours: type: integer type: object - imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - Image integrity related settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - Node Restriction settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object workloadIdentity: description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Storage version of v1api20250801.ManagedClusterSecurityProfileWorkloadIdentity Workload identity settings for the security profile. properties: $propertyBag: @@ -37354,7 +42577,7 @@ spec: type: object serviceMeshProfile: description: |- - Storage version of v1api20240402preview.ServiceMeshProfile_STATUS + Storage version of v1api20250801.ServiceMeshProfile Service mesh profile for a managed cluster. properties: $propertyBag: @@ -37366,7 +42589,7 @@ spec: type: object istio: description: |- - Storage version of v1api20240402preview.IstioServiceMesh_STATUS + Storage version of v1api20250801.IstioServiceMesh Istio service mesh configuration. properties: $propertyBag: @@ -37378,7 +42601,7 @@ spec: type: object certificateAuthority: description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS + Storage version of v1api20250801.IstioCertificateAuthority Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca properties: @@ -37391,7 +42614,7 @@ spec: type: object plugin: description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS + Storage version of v1api20250801.IstioPluginCertificateAuthority Plugin certificates information for Service Mesh. properties: $propertyBag: @@ -37407,15 +42630,33 @@ spec: type: string keyObjectName: type: string - keyVaultId: - type: string + keyVaultReference: + description: 'KeyVaultReference: The resource ID of the Key Vault.' + properties: + armId: + description: |- + ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level + ARMID is mutually exclusive with Group, Kind, Namespace and Name. + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + group: + description: Group is the Kubernetes group of the resource. + type: string + kind: + description: Kind is the Kubernetes kind of the resource. + type: string + name: + description: Name is the Kubernetes name of the resource. + type: string + type: object rootCertObjectName: type: string type: object type: object components: description: |- - Storage version of v1api20240402preview.IstioComponents_STATUS + Storage version of v1api20250801.IstioComponents Istio components configuration. properties: $propertyBag: @@ -37428,7 +42669,7 @@ spec: egressGateways: items: description: |- - Storage version of v1api20240402preview.IstioEgressGateway_STATUS + Storage version of v1api20250801.IstioEgressGateway Istio egress gateway configuration. properties: $propertyBag: @@ -37445,7 +42686,7 @@ spec: ingressGateways: items: description: |- - Storage version of v1api20240402preview.IstioIngressGateway_STATUS + Storage version of v1api20250801.IstioIngressGateway Istio ingress gateway configuration. For now, we support up to one external ingress gateway named `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: @@ -37473,7 +42714,7 @@ spec: type: object servicePrincipalProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS + Storage version of v1api20250801.ManagedClusterServicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: @@ -37485,10 +42726,27 @@ spec: type: object clientId: type: string + secret: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object type: object sku: description: |- - Storage version of v1api20240402preview.ManagedClusterSKU_STATUS + Storage version of v1api20250801.ManagedClusterSKU The SKU of a Managed Cluster. properties: $propertyBag: @@ -37505,7 +42763,7 @@ spec: type: object storageProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS + Storage version of v1api20250801.ManagedClusterStorageProfile Storage profile for the container service cluster. properties: $propertyBag: @@ -37517,7 +42775,7 @@ spec: type: object blobCSIDriver: description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS + Storage version of v1api20250801.ManagedClusterStorageProfileBlobCSIDriver AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: @@ -37532,7 +42790,7 @@ spec: type: object diskCSIDriver: description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS + Storage version of v1api20250801.ManagedClusterStorageProfileDiskCSIDriver AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: @@ -37544,12 +42802,10 @@ spec: type: object enabled: type: boolean - version: - type: string type: object fileCSIDriver: description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS + Storage version of v1api20250801.ManagedClusterStorageProfileFileCSIDriver AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: @@ -37564,7 +42820,7 @@ spec: type: object snapshotController: description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS + Storage version of v1api20250801.ManagedClusterStorageProfileSnapshotController Snapshot Controller settings for the storage profile. properties: $propertyBag: @@ -37580,40 +42836,13 @@ spec: type: object supportPlan: type: string - systemData: - description: |- - Storage version of v1api20240402preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object tags: additionalProperties: type: string type: object - type: - type: string upgradeSettings: description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS + Storage version of v1api20250801.ClusterUpgradeSettings Settings for upgrading a cluster. properties: $propertyBag: @@ -37625,7 +42854,7 @@ spec: type: object overrideSettings: description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS + Storage version of v1api20250801.UpgradeOverrideSettings Settings for overrides when upgrading a cluster. properties: $propertyBag: @@ -37643,7 +42872,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS + Storage version of v1api20250801.ManagedClusterWindowsProfile Profile for Windows VMs in the managed cluster. properties: $propertyBag: @@ -37653,13 +42882,30 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + adminPassword: + description: |- + SecretReference is a reference to a Kubernetes secret and key in the same namespace as + the resource it is on. + properties: + key: + description: Key is the key in the Kubernetes secret being referenced + type: string + name: + description: |- + Name is the name of the Kubernetes secret being referenced. + The secret must be in the same namespace as the resource + type: string + required: + - key + - name + type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS + Storage version of v1api20250801.WindowsGmsaProfile Windows gMSA Profile in the managed cluster. properties: $propertyBag: @@ -37681,7 +42927,7 @@ spec: type: object workloadAutoScalerProfile: description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: @@ -37693,7 +42939,7 @@ spec: type: object keda: description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileKeda KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: @@ -37707,7 +42953,9 @@ spec: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + description: |- + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: @@ -37716,8876 +42964,1685 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - addonAutoscaling: - type: string enabled: type: boolean type: object type: object + required: + - owner type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240901 - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: + status: description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: + Storage version of v1api20250801.ManagedCluster_STATUS + Managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' + description: |- + Storage version of v1api20250801.ManagedClusterAADProfile_STATUS + AADProfile specifies attributes for Azure Active Directory integration. For more details see [managed AAD on + AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. + description: |- + Storage version of v1api20250801.ManagedClusterAddonProfile_STATUS + A Kubernetes add-on profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean - required: - - enabled + identity: + description: |- + Storage version of v1api20250801.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. + description: |- + Storage version of v1api20250801.ManagedClusterAgentPoolProfile_STATUS + Profile for the container service agent pool. properties: - availabilityZones: + $propertyBag: + additionalProperties: + type: string description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + availabilityZones: items: type: string type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + capacityReservationGroupID: + type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. + Storage version of v1api20250801.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + sourceResourceId: + type: string type: object + currentOrchestratorVersion: + type: string + eTag: + type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + Storage version of v1api20250801.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g type: string - hostGroupReference: + gpuProfile: description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). + Storage version of v1api20250801.GPUProfile_STATUS + GPU settings for the Agent Pool. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + driver: type: string type: object + hostGroupID: + type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' + description: |- + Storage version of v1api20250801.KubeletConfig_STATUS + Kubelet configurations of agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' + description: |- + Storage version of v1api20250801.LinuxOSConfig_STATUS + OS configurations of Linux agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' + description: |- + Storage version of v1api20250801.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - maximum: 90 - minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - maximum: 524288 - minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - maximum: 2097152 - minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' + description: |- + Storage version of v1api20250801.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. + description: |- + Storage version of v1api20250801.PortRange_STATUS + The port range. properties: - portEnd: + $propertyBag: + additionalProperties: + type: string description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - maximum: 65535 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + portEnd: type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - maximum: 65535 - minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' - enum: - - TCP - - UDP type: string type: object type: array - applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. + applicationSecurityGroups: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. + description: |- + Storage version of v1api20250801.IPTag_STATUS + Contains the IPTag associated with the object. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object + nodeImageVersion: + type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string type: object + nodePublicIPPrefixID: + type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: - maximum: 2048 - minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. - enum: - - AzureLinux - - CBLMariner - - Ubuntu - - Windows2019 - - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + podIPAllocationMode: + type: string + podSubnetID: + type: string powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - enum: - - Running - - Stopped - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' + Storage version of v1api20250801.PowerState_STATUS + Describes the Power State of the cluster properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: type: string type: object + provisioningState: + type: string + proximityPlacementGroupID: + type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - enum: - - Deallocate - - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' + description: |- + Storage version of v1api20250801.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. properties: - enableSecureBoot: + $propertyBag: + additionalProperties: + type: string description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enableSecureBoot: type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number + status: + description: |- + Storage version of v1api20250801.AgentPoolStatus_STATUS + Contains read-only information about the Agent Pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + provisioningError: + description: |- + Storage version of v1api20250801.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' + description: |- + Storage version of v1api20250801.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool properties: - drainTimeoutInMinutes: + $propertyBag: + additionalProperties: + type: string description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - maximum: 1440 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + drainTimeoutInMinutes: type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + type: string + maxUnavailable: type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - maximum: 30 - minimum: 0 type: integer + undrainableNodeBehavior: + type: string type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetReference: + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20250801.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + Storage version of v1api20250801.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20250801.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20250801.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object + vmSize: + type: string + vnetSubnetID: + type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' + description: |- + Storage version of v1api20250801.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. properties: - disableOutboundNat: + $propertyBag: + additionalProperties: + type: string description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + disableOutboundNat: type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - enum: - - OCIContainer - - WasmWasi type: string - required: - - name type: object type: array + aiToolchainOperatorProfile: + description: |- + Storage version of v1api20250801.ManagedClusterAIToolchainOperatorProfile_STATUS + When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator + automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and + enables distributed inference against them. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' + description: |- + Storage version of v1api20250801.ManagedClusterAPIServerAccessProfile_STATUS + Access profile for managed cluster API server. properties: - authorizedIPRanges: + $propertyBag: + additionalProperties: + type: string description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + authorizedIPRanges: items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' + type: boolean + enableVnetIntegration: type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. + type: string + subnetId: type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' + description: Storage version of v1api20250801.ManagedClusterProperties_AutoScalerProfile_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. - enum: - - least-waste - - most-pods - - priority - - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' + description: |- + Storage version of v1api20250801.ManagedClusterAutoUpgradeProfile_STATUS + Auto upgrade profile for a managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' - enum: - - NodeImage - - None - - SecurityPatch - - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - enum: - - node-image - - none - - patch - - rapid - - stable type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' + description: |- + Storage version of v1api20250801.ManagedClusterAzureMonitorProfile_STATUS + Azure Monitor addon profiles for monitoring the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object metrics: description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes + Storage version of v1api20250801.ManagedClusterAzureMonitorProfileMetrics_STATUS + Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: type: boolean kubeStateMetrics: description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for + Storage version of v1api20250801.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS + Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the + kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. properties: - metricAnnotationsAllowList: + $propertyBag: + additionalProperties: + type: string description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + metricAnnotationsAllowList: type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object - required: - - enabled type: object type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ + azurePortalFQDN: type: string - disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). - type: boolean - diskEncryptionSetReference: + bootstrapProfile: description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' + Storage version of v1api20250801.ManagedClusterBootstrapProfile_STATUS + The bootstrap profile. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + artifactSource: type: string - name: - description: Name is the Kubernetes name of the resource. + containerRegistryId: type: string type: object - dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + currentKubernetesVersion: type: string - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. + disableLocalAccounts: type: boolean + diskEncryptionSetID: + type: string + dnsPrefix: + type: string + eTag: + type: string enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' + description: |- + Storage version of v1api20250801.ExtendedLocation_STATUS + The complex type of the extended location. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' - enum: - - EdgeZone type: string type: object + fqdn: + type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' + description: |- + Storage version of v1api20250801.ManagedClusterHTTPProxyConfig_STATUS + Cluster HTTP proxy configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object + id: + type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' + description: |- + Storage version of v1api20250801.ManagedClusterIdentity_STATUS + Identity for the managed cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. + description: |- + Storage version of v1api20250801.DelegatedResource_STATUS + Delegated resource properties - internal use only. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object + principalId: + type: string + tenantId: + type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - enum: - - None - - SystemAssigned - - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - items: - description: Information about the user assigned identity for the resource + additionalProperties: + description: Storage version of v1api20250801.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + clientId: + type: string + principalId: + type: string type: object - type: array + type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. + description: |- + Storage version of v1api20250801.UserAssignedIdentity_STATUS + Details about a user assigned identity. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + resourceId: + type: string type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' + description: |- + Storage version of v1api20250801.ManagedClusterIngressProfile_STATUS + Ingress profile for the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object webAppRouting: description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. + Storage version of v1api20250801.ManagedClusterIngressProfileWebAppRouting_STATUS + Application Routing add-on settings for the ingress profile. properties: - dnsZoneResourceReferences: + $propertyBag: + additionalProperties: + type: string description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only - when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all - public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dnsZoneResourceIds: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + type: string type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean + identity: + description: |- + Storage version of v1api20250801.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + nginx: + description: Storage version of v1api20250801.ManagedClusterIngressProfileNginx_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + defaultIngressControllerType: + type: string + type: object type: object type: object + kind: + type: string kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' + description: |- + Storage version of v1api20250801.ContainerServiceLinuxProfile_STATUS + Profile for Linux VMs in the container service cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' + description: |- + Storage version of v1api20250801.ContainerServiceSshConfiguration_STATUS + SSH configuration for Linux-based VMs running on Azure. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. + description: |- + Storage version of v1api20250801.ContainerServiceSshPublicKey_STATUS + Contains information about SSH certificate public key data. properties: - keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + keyData: type: string - required: - - keyData type: object type: array - required: - - publicKeys type: object - required: - - adminUsername - - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string + maxAgentPools: + type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' + description: |- + Storage version of v1api20250801.ManagedClusterMetricsProfile_STATUS + The metrics profile for the ManagedCluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' + description: |- + Storage version of v1api20250801.ManagedClusterCostAnalysis_STATUS + The cost analysis configuration for the cluster properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: type: boolean type: object type: object + name: + type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' + description: |- + Storage version of v1api20250801.ContainerServiceNetworkProfile_STATUS + Profile of network configuration. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object advancedNetworking: description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. + Storage version of v1api20250801.AdvancedNetworking_STATUS + Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see + aka.ms/aksadvancednetworking. properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' + description: |- + Storage version of v1api20250801.AdvancedNetworkingObservability_STATUS + Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' + description: |- + Storage version of v1api20250801.AdvancedNetworkingSecurity_STATUS + Security profile to enable security features on cilium based cluster. properties: - enabled: + $propertyBag: + additionalProperties: + type: string description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + advancedNetworkPolicies: + type: string + enabled: type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - enum: - - IPv4 - - IPv6 type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' + description: |- + Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_STATUS + Profile of the managed cluster load balancer. properties: - allocatedOutboundPorts: + $propertyBag: + additionalProperties: + type: string description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - maximum: 64000 - minimum: 0 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allocatedOutboundPorts: type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - enum: - - NodeIP - - NodeIPConfiguration type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20250801.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - maximum: 100 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - maximum: 100 - minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20250801.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' + description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20250801.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - enum: - - basic - - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' + description: |- + Storage version of v1api20250801.ManagedClusterNATGatewayProfile_STATUS + Profile of the managed cluster NAT gateway. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. + description: |- + Storage version of v1api20250801.ResourceReference_STATUS + A reference to an Azure resource. properties: - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions type: object + id: + type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - maximum: 120 - minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' + description: |- + Storage version of v1api20250801.ManagedClusterManagedOutboundIPProfile_STATUS + Profile of the managed outbound IP resources of the managed cluster. properties: - count: + $propertyBag: + additionalProperties: + type: string description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - maximum: 16 - minimum: 1 + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - enum: - - azure - - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - enum: - - bridge - - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - enum: - - azure - - kubenet - - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' - enum: - - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - enum: - - azure - - calico - - cilium - - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - enum: - - loadBalancer - - managedNATGateway - - userAssignedNATGateway - - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array + staticEgressGatewayProfile: + description: |- + Storage version of v1api20250801.ManagedClusterStaticEgressGatewayProfile_STATUS + The Static Egress Gateway addon configuration for the cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + nodeProvisioningProfile: + description: Storage version of v1api20250801.ManagedClusterNodeProvisioningProfile_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + defaultNodePools: + type: string + mode: + type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' + description: |- + Storage version of v1api20250801.ManagedClusterNodeResourceGroupProfile_STATUS + Node resource group lockdown profile for a managed cluster. properties: - restrictionLevel: + $propertyBag: + additionalProperties: + type: string description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' - enum: - - ReadOnly - - Unrestricted + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + restrictionLevel: type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' + description: |- + Storage version of v1api20250801.ManagedClusterOIDCIssuerProfile_STATUS + The OIDC issuer profile of the Managed Cluster. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean + issuerURL: + type: string type: object - operatorSpec: + podIdentityProfile: description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure + Storage version of v1api20250801.ManagedClusterPodIdentityProfile_STATUS + The pod identity profile of the Managed Cluster. See [use AAD pod + identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + allowNetworkPluginKubenet: + type: boolean + enabled: + type: boolean + userAssignedIdentities: items: description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. + Storage version of v1api20250801.ManagedClusterPodIdentity_STATUS + Details about the pod identity assigned to the Managed Cluster. properties: - key: + $propertyBag: + additionalProperties: + type: string description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + bindingSelector: type: string - name: + identity: description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + Storage version of v1api20250801.UserAssignedIdentity_STATUS + Details about a user assigned identity. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: + type: string + objectId: + type: string + resourceId: + type: string + type: object + name: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + namespace: type: string - required: - - name - - value - type: object - type: array - configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' - properties: - oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: 'Secrets: configures where to place Azure generated secrets.' - properties: - adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' + provisioningInfo: + description: Storage version of v1api20250801.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningError_STATUS + An error response from the pod identity provisioning. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + error: + description: |- + Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningErrorBody_STATUS + An error response from the pod identity provisioning. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + details: + items: + description: Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object type: object type: object - name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' + provisioningState: type: string - required: - - identity - - name - - namespace type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. + Storage version of v1api20250801.ManagedClusterPodIdentityException_STATUS + A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) + endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a + specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more + details. properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object - required: - - name - - namespace - - podLabels type: object type: array type: object + powerState: + description: |- + Storage version of v1api20250801.PowerState_STATUS + Describes the Power State of the cluster + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + code: + type: string + type: object + privateFQDN: + type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource + description: |- + Storage version of v1api20250801.PrivateLinkResource_STATUS + A private link resource properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object groupId: - description: 'GroupId: The group ID of the resource.' + type: string + id: type: string name: - description: 'Name: The name of the private link resource.' type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object + privateLinkServiceID: + type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array - publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - enum: - - Disabled - - Enabled + provisioningState: type: string - securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' - properties: - azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' - type: boolean - keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. - type: string - keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - enum: - - Private - - Public - type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - defender: - description: 'Defender: Microsoft Defender settings for the security profile.' - properties: - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Defender threat detection' - type: boolean - type: object - type: object - imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' - type: boolean - intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' - type: integer - type: object - workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. - properties: - enabled: - description: 'Enabled: Whether to enable workload identity.' - type: boolean - type: object - type: object - serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' - properties: - istio: - description: 'Istio: Istio service mesh configuration.' - properties: - certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca - properties: - plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' - properties: - certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' - type: string - certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' - type: string - keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' - type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' - type: string - type: object - type: object - components: - description: 'Components: Istio components configuration.' - properties: - egressGateways: - description: 'EgressGateways: Istio egress gateways.' - items: - description: Istio egress gateway configuration. - properties: - enabled: - description: 'Enabled: Whether to enable the egress gateway.' - type: boolean - required: - - enabled - type: object - type: array - ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' - items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - enabled: - description: 'Enabled: Whether to enable the ingress gateway.' - type: boolean - mode: - description: 'Mode: Mode of an ingress gateway.' - enum: - - External - - Internal - type: string - required: - - enabled - - mode - type: object - type: array - type: object - revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade - items: - type: string - maxItems: 2 - type: array - type: object - mode: - description: 'Mode: Mode of the service mesh.' - enum: - - Disabled - - Istio - type: string - required: - - mode - type: object - servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. - properties: - clientId: - description: 'ClientId: The ID for the service principal.' - type: string - secret: - description: 'Secret: The secret password associated with the service principal in plain text.' - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - required: - - clientId - type: object - sku: - description: 'Sku: The managed cluster SKU.' - properties: - name: - description: 'Name: The name of a managed cluster SKU.' - enum: - - Base - type: string - tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - enum: - - Free - - Premium - - Standard - type: string - type: object - storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' - properties: - blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' - type: boolean - type: object - diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' - type: boolean - type: object - fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' - type: boolean - type: object - snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' - type: boolean - type: object - type: object - supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - enum: - - AKSLongTermSupport - - KubernetesOfficial - type: string - tags: - additionalProperties: - type: string - description: 'Tags: Resource tags.' - type: object - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' - properties: - overrideSettings: - description: 'OverrideSettings: Settings for overrides.' - properties: - forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. - type: boolean - until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. - type: string - type: object - type: object - windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' - properties: - adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters - type: string - enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). - type: boolean - gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' - properties: - dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' - type: boolean - rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - type: object - licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - enum: - - None - - Windows_Server - type: string - required: - - adminUsername - type: object - workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' - properties: - keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable KEDA.' - type: boolean - required: - - enabled - type: object - verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' - type: boolean - required: - - enabled - type: object - type: object - required: - - location - - owner - type: object - status: - description: Managed cluster. - properties: - aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' - properties: - adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' - items: - type: string - type: array - clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' - type: boolean - managed: - description: 'Managed: Whether to enable managed AAD.' - type: boolean - serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' - type: string - tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. - type: string - type: object - addonProfiles: - additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. - properties: - config: - additionalProperties: - type: string - description: 'Config: Key-value pairs for configuring an add-on.' - type: object - enabled: - description: 'Enabled: Whether the add-on is enabled or not.' - type: boolean - identity: - description: 'Identity: Information of user assigned identity used by this add-on.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' - type: object - agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' - items: - description: Profile for the container service agent pool. - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' - type: string - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. - properties: - sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' - type: string - type: object - currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. - type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - type: string - hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' - items: - type: string - type: array - containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. - type: integer - containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' - type: integer - cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' - type: boolean - cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. - type: string - cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. - type: string - failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' - type: boolean - imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' - type: integer - imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' - type: integer - podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' - type: integer - topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' - type: integer - sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' - properties: - fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' - type: integer - fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' - type: integer - fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' - type: integer - fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' - type: integer - kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' - type: integer - netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' - type: integer - netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' - type: integer - netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' - type: integer - netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' - type: integer - netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' - type: integer - netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' - type: integer - netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' - type: integer - netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' - type: string - netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' - type: integer - netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' - type: integer - netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' - type: integer - netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' - type: integer - netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' - type: integer - netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' - type: integer - netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' - type: integer - netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' - type: integer - netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' - type: boolean - netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' - type: integer - netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' - type: integer - netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' - type: integer - vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' - type: integer - vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' - type: integer - vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' - type: integer - type: object - transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - type: string - name: - description: 'Name: Windows agent pool names must be 6 characters or less.' - type: string - networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' - properties: - allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' - items: - description: The port range. - properties: - portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. - type: integer - portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. - type: integer - protocol: - description: 'Protocol: The network protocol of the port.' - type: string - type: object - type: array - applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' - items: - type: string - type: array - nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' - items: - description: Contains the IPTag associated with the object. - properties: - ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' - type: string - tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' - type: string - type: object - type: array - type: object - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - type: string - osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - type: string - securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' - properties: - enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. - type: boolean - type: object - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. - type: integer - maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade - type: string - nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. - type: integer - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' - properties: - disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. - type: boolean - type: object - workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' - type: string - type: object - type: array - apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' - properties: - authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). - items: - type: string - type: array - disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' - type: boolean - enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). - type: boolean - enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' - type: boolean - privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. - type: string - type: object - autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' - properties: - balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' - type: string - daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. - type: boolean - expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. - type: string - ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. - type: boolean - max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' - type: string - max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' - type: string - max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' - type: string - new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). - type: string - ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' - type: string - scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. - type: string - scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. - type: string - scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. - type: string - scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' - type: string - scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' - type: string - skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' - type: string - skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' - type: string - type: object - autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' - properties: - nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' - type: string - upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). - type: string - type: object - azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' - properties: - metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. - type: boolean - kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. - properties: - metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. - type: string - metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. - type: string - type: object - type: object - type: object - azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. - type: string - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. - type: string - disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). - type: boolean - diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - type: string - dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' - type: string - eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. - type: string - enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. - type: boolean - enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' - type: boolean - extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' - properties: - name: - description: 'Name: The name of the extended location.' - type: string - type: - description: 'Type: The type of the extended location.' - type: string - type: object - fqdn: - description: 'Fqdn: The FQDN of the master pool.' - type: string - fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' - type: string - httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' - properties: - httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' - type: string - httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' - type: string - noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' - items: - type: string - type: array - trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' - type: string - type: object - id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" - type: string - identity: - description: 'Identity: The identity of the managed cluster, if configured.' - properties: - delegatedResources: - additionalProperties: - description: Delegated resource properties - internal use only. - properties: - location: - description: 'Location: The source resource location - internal use only.' - type: string - referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' - type: string - resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' - type: string - tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' - type: string - type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. - type: object - principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' - type: string - tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' - type: string - type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). - type: string - userAssignedIdentities: - additionalProperties: - properties: - clientId: - description: 'ClientId: The client id of user assigned identity.' - type: string - principalId: - description: 'PrincipalId: The principal id of user assigned identity.' - type: string - type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. - type: object - type: object - identityProfile: - additionalProperties: - description: Details about a user assigned identity. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". - type: object - ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' - properties: - webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. - properties: - dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when - Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public - DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. - items: - type: string - type: array - enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' - type: boolean - identity: - description: |- - Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, - for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview - of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - type: object - type: object - kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. - type: string - linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' - properties: - adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' - type: string - ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' - properties: - publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' - items: - description: Contains information about SSH certificate public key data. - properties: - keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. - type: string - type: object - type: array - type: object - type: object - location: - description: 'Location: The geo-location where the resource lives' - type: string - maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' - type: integer - metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' - properties: - costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' - properties: - enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. - type: boolean - type: object - type: object - name: - description: 'Name: The name of the resource' - type: string - networkProfile: - description: 'NetworkProfile: The network configuration profile.' - properties: - advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. - properties: - enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. - type: boolean - observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' - properties: - enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' - type: boolean - type: object - security: - description: 'Security: Security profile to enable security features on cilium based cluster.' - properties: - enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. - type: boolean - type: object - type: object - dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. - type: string - ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. - items: - type: string - type: array - loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' - properties: - allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. - type: integer - backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' - type: string - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' - type: boolean - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. - type: integer - managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' - properties: - count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. - type: integer - countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. - type: integer - type: object - outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' - properties: - publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - type: object - outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' - properties: - publicIPs: - description: 'PublicIPs: A list of public IP resources.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. - type: string - natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' - properties: - effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' - items: - description: A reference to an Azure resource. - properties: - id: - description: 'Id: The fully qualified Azure resource id.' - type: string - type: object - type: array - idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. - type: integer - managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' - properties: - count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. - type: integer - type: object - type: object - networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' - type: string - networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' - type: string - networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' - type: string - networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' - type: string - networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' - type: string - outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). - type: string - podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' - type: string - podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. - items: - type: string - type: array - serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. - type: string - serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. - items: - type: string - type: array - type: object - nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' - type: string - nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' - properties: - restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' - type: string - type: object - oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' - properties: - enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' - type: boolean - issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' - type: string - type: object - podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. - properties: - allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. - type: boolean - enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' - type: boolean - userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' - items: - description: Details about the pod identity assigned to the Managed Cluster. - properties: - bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' - type: string - identity: - description: 'Identity: The user assigned identity details.' - properties: - clientId: - description: 'ClientId: The client ID of the user assigned identity.' - type: string - objectId: - description: 'ObjectId: The object ID of the user assigned identity.' - type: string - resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' - type: string - type: object - name: - description: 'Name: The name of the pod identity.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity.' - type: string - provisioningInfo: - properties: - error: - description: 'Error: Pod identity assignment error (if any).' - properties: - error: - description: 'Error: Details about the error.' - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - details: - description: 'Details: A list of additional details about the error.' - items: - properties: - code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' - type: string - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: array - message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' - type: string - target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' - type: string - type: object - type: object - type: object - provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' - type: string - type: object - type: array - userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' - items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - name: - description: 'Name: The name of the pod identity exception.' - type: string - namespace: - description: 'Namespace: The namespace of the pod identity exception.' - type: string - podLabels: - additionalProperties: - type: string - description: 'PodLabels: The pod labels to match.' - type: object - type: object - type: array - type: object - powerState: - description: 'PowerState: The Power State of the cluster.' - properties: - code: - description: 'Code: Tells whether the cluster is Running or Stopped' - type: string - type: object - privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' - type: string - privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' - items: - description: A private link resource - properties: - groupId: - description: 'GroupId: The group ID of the resource.' - type: string - id: - description: 'Id: The ID of the private link resource.' - type: string - name: - description: 'Name: The name of the private link resource.' - type: string - privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' - type: string - requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' - items: - type: string - type: array - type: - description: 'Type: The resource type.' - type: string - type: object - type: array - provisioningState: - description: 'ProvisioningState: The current provisioning state.' - type: string - publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' - type: string - resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) - type: string - securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' - properties: - azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. - properties: - enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' - type: boolean - keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. - type: string - keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. - type: string - keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - type: string - type: object - defender: - description: 'Defender: Microsoft Defender settings for the security profile.' - properties: - logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. - type: string - securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Defender threat detection' - type: boolean - type: object - type: object - imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' - type: boolean - intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' - type: integer - type: object - workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. - properties: - enabled: - description: 'Enabled: Whether to enable workload identity.' - type: boolean - type: object - type: object - serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' - properties: - istio: - description: 'Istio: Istio service mesh configuration.' - properties: - certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca - properties: - plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' - properties: - certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' - type: string - certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' - type: string - keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' - type: string - keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' - type: string - rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' - type: string - type: object - type: object - components: - description: 'Components: Istio components configuration.' - properties: - egressGateways: - description: 'EgressGateways: Istio egress gateways.' - items: - description: Istio egress gateway configuration. - properties: - enabled: - description: 'Enabled: Whether to enable the egress gateway.' - type: boolean - type: object - type: array - ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' - items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - enabled: - description: 'Enabled: Whether to enable the ingress gateway.' - type: boolean - mode: - description: 'Mode: Mode of an ingress gateway.' - type: string - type: object - type: array - type: object - revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade - items: - type: string - type: array - type: object - mode: - description: 'Mode: Mode of the service mesh.' - type: string - type: object - servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. - properties: - clientId: - description: 'ClientId: The ID for the service principal.' - type: string - type: object - sku: - description: 'Sku: The managed cluster SKU.' - properties: - name: - description: 'Name: The name of a managed cluster SKU.' - type: string - tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. - type: string - type: object - storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' - properties: - blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' - type: boolean - type: object - diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' - type: boolean - type: object - fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' - type: boolean - type: object - snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' - properties: - enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' - type: boolean - type: object - type: object - supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' - type: string - systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' - properties: - createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' - type: string - createdBy: - description: 'CreatedBy: The identity that created the resource.' - type: string - createdByType: - description: 'CreatedByType: The type of identity that created the resource.' - type: string - lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' - type: string - lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' - type: string - lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' - type: string - type: object - tags: - additionalProperties: - type: string - description: 'Tags: Resource tags.' - type: object - type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' - properties: - overrideSettings: - description: 'OverrideSettings: Settings for overrides.' - properties: - forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. - type: boolean - until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. - type: string - type: object - type: object - windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' - properties: - adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters - type: string - enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). - type: boolean - gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' - properties: - dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' - type: boolean - rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. - type: string - type: object - licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. - type: string - type: object - workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' - properties: - keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable KEDA.' - type: boolean - type: object - verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' - properties: - enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20240901storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20240901.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20240901.ManagedCluster_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - count: - type: integer - creationData: - description: |- - Storage version of v1api20240901.CreationData - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240901.PortRange - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroupsReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240901.IPTag - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - powerState: - description: |- - Storage version of v1api20240901.PowerState - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - type: object - vmSize: - type: string - vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - dnsPrefix: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - tenantId: - type: string - type: object - type: object - type: - type: string - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.UserAssignedIdentityDetails - Information about the user assigned identity for the resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting - Application Routing add-on settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceReferences: - items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: array - enabled: - type: boolean - type: object - type: object - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity - Security profile to enable security features on cilium based cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - reference: - description: 'Reference: The fully qualified Azure resource id.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - operatorSpec: - description: |- - Storage version of v1api20240901.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - configMaps: - description: Storage version of v1api20240901.ManagedClusterOperatorConfigMaps - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the ConfigMap being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secrets: - description: Storage version of v1api20240901.ManagedClusterOperatorSecrets - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced. - type: string - name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. - type: string - required: - - key - - name - type: object - type: object - type: object - originalVersion: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - name: - type: string - namespace: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - privateLinkResources: - items: - description: |- - Storage version of v1api20240901.PrivateLinkResource - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - name: - type: string - reference: - description: 'Reference: The ID of the private link resource.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - publicNetworkAccess: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - type: object - defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240901.IstioComponents - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240901.IstioEgressGateway - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240901.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - type: object - sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - tags: - additionalProperties: - type: string - type: object - upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. - properties: - key: - description: Key is the key in the Kubernetes secret being referenced - type: string - name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource - type: string - required: - - key - - name - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - required: - - owner - type: object - status: - description: |- - Storage version of v1api20240901.ManagedCluster_STATUS - Managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminGroupObjectIDs: - items: - type: string - type: array - clientAppID: - type: string - enableAzureRBAC: - type: boolean - managed: - type: boolean - serverAppID: - type: string - serverAppSecret: - type: string - tenantID: - type: string - type: object - addonProfiles: - additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - config: - additionalProperties: - type: string - type: object - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - agentPoolProfiles: - items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - capacityReservationGroupID: - type: string - count: - type: integer - creationData: - description: |- - Storage version of v1api20240901.CreationData_STATUS - Data used when creating a target resource from a source resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - sourceResourceId: - type: string - type: object - currentOrchestratorVersion: - type: string - eTag: - type: string - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - hostGroupID: - type: string - kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowedHostPorts: - items: - description: |- - Storage version of v1api20240901.PortRange_STATUS - The port range. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - portEnd: - type: integer - portStart: - type: integer - protocol: - type: string - type: object - type: array - applicationSecurityGroups: - items: - type: string - type: array - nodePublicIPTags: - items: - description: |- - Storage version of v1api20240901.IPTag_STATUS - Contains the IPTag associated with the object. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - ipTagType: - type: string - tag: - type: string - type: object - type: array - type: object - nodeImageVersion: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleDownMode: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enableSecureBoot: - type: boolean - enableVTPM: - type: boolean - type: object - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - drainTimeoutInMinutes: - type: integer - maxSurge: - type: string - nodeSoakDurationInMinutes: - type: integer - type: object - vmSize: - type: string - vnetSubnetID: - type: string - windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - disableOutboundNat: - type: boolean - type: object - workloadRuntime: - type: string - type: object - type: array - apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - authorizedIPRanges: - items: - type: string - type: array - disableRunCommand: - type: boolean - enablePrivateCluster: - type: boolean - enablePrivateClusterPublicFQDN: - type: boolean - privateDNSZone: - type: string - type: object - autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - balance-similar-node-groups: - type: string - daemonset-eviction-for-empty-nodes: - type: boolean - daemonset-eviction-for-occupied-nodes: - type: boolean - expander: - type: string - ignore-daemonsets-utilization: - type: boolean - max-empty-bulk-delete: - type: string - max-graceful-termination-sec: - type: string - max-node-provision-time: - type: string - max-total-unready-percentage: - type: string - new-pod-scale-up-delay: - type: string - ok-total-unready-count: - type: string - scale-down-delay-after-add: - type: string - scale-down-delay-after-delete: - type: string - scale-down-delay-after-failure: - type: string - scale-down-unneeded-time: - type: string - scale-down-unready-time: - type: string - scale-down-utilization-threshold: - type: string - scan-interval: - type: string - skip-nodes-with-local-storage: - type: string - skip-nodes-with-system-pods: - type: string - type: object - autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - nodeOSUpgradeChannel: - type: string - upgradeChannel: - type: string - type: object - azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - metricAnnotationsAllowList: - type: string - metricLabelsAllowlist: - type: string - type: object - type: object - type: object - azurePortalFQDN: - type: string - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - currentKubernetesVersion: - type: string - disableLocalAccounts: - type: boolean - diskEncryptionSetID: - type: string - dnsPrefix: - type: string - eTag: - type: string - enablePodSecurityPolicy: - type: boolean - enableRBAC: - type: boolean - extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation_STATUS - The complex type of the extended location. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - type: - type: string - type: object - fqdn: - type: string - fqdnSubdomain: - type: string - httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - httpProxy: - type: string - httpsProxy: - type: string - noProxy: - items: - type: string - type: array - trustedCa: - type: string - type: object - id: - type: string - identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity_STATUS - Identity for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - delegatedResources: - additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource_STATUS - Delegated resource properties - internal use only. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - location: - type: string - referralResource: - type: string - resourceId: - type: string - tenantId: - type: string - type: object - type: object - principalId: - type: string - tenantId: - type: string - type: - type: string - userAssignedIdentities: - additionalProperties: - description: Storage version of v1api20240901.ManagedClusterIdentity_UserAssignedIdentities_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - principalId: - type: string - type: object - type: object - type: object - identityProfile: - additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting_STATUS - Application Routing add-on settings for the ingress profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsZoneResourceIds: - items: - type: string - type: array - enabled: - type: boolean - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - type: object - type: object - kubernetesVersion: - type: string - linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicKeys: - items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keyData: - type: string - type: object - type: array - type: object - type: object - location: - type: string - maxAgentPools: - type: integer - metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - name: - type: string - networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity_STATUS - Security profile to enable security features on cilium based cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - dnsServiceIP: - type: string - ipFamilies: - items: - type: string - type: array - loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allocatedOutboundPorts: - type: integer - backendPoolType: - type: string - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - enableMultipleStandardLoadBalancers: - type: boolean - idleTimeoutInMinutes: - type: integer - managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - countIPv6: - type: integer - type: object - outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixes: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - type: object - type: object - loadBalancerSku: - type: string - natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - effectiveOutboundIPs: - items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - id: - type: string - type: object - type: array - idleTimeoutInMinutes: - type: integer - managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - type: object - type: object - networkDataplane: - type: string - networkMode: - type: string - networkPlugin: - type: string - networkPluginMode: - type: string - networkPolicy: - type: string - outboundType: - type: string - podCidr: - type: string - podCidrs: - items: - type: string - type: array - serviceCidr: - type: string - serviceCidrs: - items: - type: string - type: array - type: object - nodeResourceGroup: - type: string - nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - restrictionLevel: - type: string - type: object - oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - issuerURL: - type: string - type: object - podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - allowNetworkPluginKubenet: - type: boolean - enabled: - type: boolean - userAssignedIdentities: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - bindingSelector: - type: string - identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - objectId: - type: string - resourceId: - type: string - type: object - name: - type: string - namespace: - type: string - provisioningInfo: - description: Storage version of v1api20240901.ManagedClusterPodIdentity_ProvisioningInfo_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - details: - items: - description: Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - message: - type: string - target: - type: string - type: object - type: array - message: - type: string - target: - type: string - type: object - type: object - type: object - provisioningState: - type: string - type: object - type: array - userAssignedIdentityExceptions: - items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - namespace: - type: string - podLabels: - additionalProperties: - type: string - type: object - type: object - type: array - type: object - powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - code: - type: string - type: object - privateFQDN: - type: string - privateLinkResources: - items: - description: |- - Storage version of v1api20240901.PrivateLinkResource_STATUS - A private link resource - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - groupId: - type: string - id: - type: string - name: - type: string - privateLinkServiceID: - type: string - requiredMembers: - items: - type: string - type: array - type: - type: string - type: object - type: array - provisioningState: - type: string - publicNetworkAccess: - type: string - resourceUID: - type: string - securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - keyId: - type: string - keyVaultNetworkAccess: - type: string - keyVaultResourceId: - type: string - type: object - defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - logAnalyticsWorkspaceResourceId: - type: string - securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - intervalHours: - type: integer - type: object - workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh_STATUS - Istio service mesh configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - certChainObjectName: - type: string - certObjectName: - type: string - keyObjectName: - type: string - keyVaultId: - type: string - rootCertObjectName: - type: string - type: object - type: object - components: - description: |- - Storage version of v1api20240901.IstioComponents_STATUS - Istio components configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - egressGateways: - items: - description: |- - Storage version of v1api20240901.IstioEgressGateway_STATUS - Istio egress gateway configuration. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: array - ingressGateways: - items: - description: |- - Storage version of v1api20240901.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - mode: - type: string - type: object - type: array - type: object - revisions: - items: - type: string - type: array - type: object - mode: - type: string - type: object - servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - clientId: - type: string - type: object - sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - name: - type: string - tier: - type: string - type: object - storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - supportPlan: - type: string - systemData: - description: |- - Storage version of v1api20240901.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - createdAt: - type: string - createdBy: - type: string - createdByType: - type: string - lastModifiedAt: - type: string - lastModifiedBy: - type: string - lastModifiedByType: - type: string - type: object - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - forceUpgrade: - type: boolean - until: - type: string - type: object - type: object - windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - adminUsername: - type: string - enableCSIProxy: - type: boolean - gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - dnsServer: - type: string - enabled: - type: boolean - rootDomainName: - type: string - type: object - licenseType: - type: string - type: object - workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 - labels: - app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 - name: managedclustersagentpools.containerservice.azure.com -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: azureserviceoperator-webhook-service - namespace: azureserviceoperator-system - path: /convert - port: 443 - conversionReviewVersions: - - v1 - group: containerservice.azure.com - names: - kind: ManagedClustersAgentPool - listKind: ManagedClustersAgentPoolList - plural: managedclustersagentpools - singular: managedclustersagentpool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501 - schema: - openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - enum: - - MIG1g - - MIG2g - - MIG3g - - MIG4g - - MIG7g - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - minimum: 2 - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - enum: - - OS - - Temporary - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - enum: - - System - - User - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixIDReference: - description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure - properties: - configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. - type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ - type: string - required: - - name - - value - type: object - type: array - type: object - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - maximum: 2048 - minimum: 0 - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - enum: - - Ephemeral - - Managed - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - enum: - - CBLMariner - - Ubuntu - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - enum: - - Linux - - Windows - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string - type: object - podSubnetIDReference: - description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - enum: - - Deallocate - - Delete - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - enum: - - Regular - - Spot - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: The type of Agent Pool.' - enum: - - AvailabilitySet - - VirtualMachineScaleSets - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string - type: object - required: - - owner - type: object - status: - properties: - availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. - items: - type: string - type: array - conditions: - description: 'Conditions: The observed state of the resource' - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. - type: integer - enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' - type: boolean - enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption - type: boolean - enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. - type: boolean - enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. - type: boolean - enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' - type: boolean - gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' - type: string - id: - description: 'Id: Resource ID.' - type: string - kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' - properties: - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. - type: string - linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' - properties: - swapFileSizeMB: - type: integer - sysctls: - properties: - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer - type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: - type: string - type: object - maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' - type: integer - maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' - type: integer - mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools - type: string - name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' - type: string - nodeImageVersion: - description: 'NodeImageVersion: The version of node image' - type: string - nodeLabels: - additionalProperties: - type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' - type: object - nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} - type: string - nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' - items: - type: string - type: array - orchestratorVersion: - description: |- - OrchestratorVersion: As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes - version. The node pool version must have the same major version as the control plane. The node pool minor version must - be within two minor versions of the control plane version. The node pool version cannot be greater than the control - plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). - type: string - osDiskSizeGB: - type: integer - osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). - type: string - osSKU: - description: 'OsSKU: Specifies an OS SKU. This value must not be specified if OSType is Windows.' - type: string - osType: - description: 'OsType: The operating system type. The default is Linux.' - type: string - podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - powerState: - description: 'PowerState: Describes whether the Agent Pool is Running or Stopped' - properties: - code: - type: string - type: object - properties_type: - description: 'PropertiesType: The type of Agent Pool.' - type: string - provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' - type: string - proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' - type: string - scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. - type: string - scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' - type: string - spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) - type: number - tags: - additionalProperties: - type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' - type: object - type: - description: 'Type: Resource type' - type: string - upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' - properties: - maxSurge: - type: string - type: object - vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions - type: string - vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].severity - name: Severity - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].message - name: Message - type: string - name: v1api20210501storage - schema: - openAPIV3Schema: - description: |- - Storage version of v1api20210501.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2021-05-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Storage version of v1api20210501.ManagedClustersAgentPool_Spec - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. - type: string - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: + publicNetworkAccess: type: string - kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig + resourceUID: + type: string + securityProfile: + description: |- + Storage version of v1api20250801.ManagedClusterSecurityProfile_STATUS + Security profile for the container service cluster. properties: $propertyBag: additionalProperties: @@ -46594,35 +44651,99 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowedUnsafeSysctls: + azureKeyVaultKms: + description: |- + Storage version of v1api20250801.AzureKeyVaultKms_STATUS + Azure Key Vault key management service settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + keyId: + type: string + keyVaultNetworkAccess: + type: string + keyVaultResourceId: + type: string + type: object + customCATrustCertificates: items: type: string type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: - type: string - failSwapOn: - type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string + defender: + description: |- + Storage version of v1api20250801.ManagedClusterSecurityProfileDefender_STATUS + Microsoft Defender settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + logAnalyticsWorkspaceResourceId: + type: string + securityMonitoring: + description: |- + Storage version of v1api20250801.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS + Microsoft Defender settings for the security profile threat detection. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: object + imageCleaner: + description: |- + Storage version of v1api20250801.ManagedClusterSecurityProfileImageCleaner_STATUS + Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here + are settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + intervalHours: + type: integer + type: object + workloadIdentity: + description: |- + Storage version of v1api20250801.ManagedClusterSecurityProfileWorkloadIdentity_STATUS + Workload identity settings for the security profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig + serviceMeshProfile: + description: |- + Storage version of v1api20250801.ServiceMeshProfile_STATUS + Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: @@ -46631,10 +44752,10 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - swapFileSizeMB: - type: integer - sysctls: - description: Storage version of v1api20210501.SysctlConfig + istio: + description: |- + Storage version of v1api20250801.IstioServiceMesh_STATUS + Istio service mesh configuration. properties: $propertyBag: additionalProperties: @@ -46643,110 +44764,137 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: - type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: - type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer + certificateAuthority: + description: |- + Storage version of v1api20250801.IstioCertificateAuthority_STATUS + Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described + here https://aka.ms/asm-plugin-ca + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + plugin: + description: |- + Storage version of v1api20250801.IstioPluginCertificateAuthority_STATUS + Plugin certificates information for Service Mesh. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + certChainObjectName: + type: string + certObjectName: + type: string + keyObjectName: + type: string + keyVaultId: + type: string + rootCertObjectName: + type: string + type: object + type: object + components: + description: |- + Storage version of v1api20250801.IstioComponents_STATUS + Istio components configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + egressGateways: + items: + description: |- + Storage version of v1api20250801.IstioEgressGateway_STATUS + Istio egress gateway configuration. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + type: array + ingressGateways: + items: + description: |- + Storage version of v1api20250801.IstioIngressGateway_STATUS + Istio ingress gateway configuration. For now, we support up to one external ingress gateway named + `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + mode: + type: string + type: object + type: array + type: object + revisions: + items: + type: string + type: array type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: + mode: type: string type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixIDReference: + servicePrincipalProfile: description: |- - NodePublicIPPrefixIDReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} + Storage version of v1api20250801.ManagedClusterServicePrincipalProfile_STATUS + Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + clientId: type: string + type: object + sku: + description: |- + Storage version of v1api20250801.ManagedClusterSKU_STATUS + The SKU of a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object name: - description: Name is the Kubernetes name of the resource. + type: string + tier: type: string type: object - nodeTaints: - items: - type: string - type: array - operatorSpec: + status: description: |- - Storage version of v1api20210501.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + Storage version of v1api20250801.ManagedClusterStatus_STATUS + Contains read-only information about the Managed Cluster. properties: $propertyBag: additionalProperties: @@ -46755,121 +44903,187 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - configMapExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. - type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + provisioningError: + description: |- + Storage version of v1api20250801.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: type: string - value: + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object + storageProfile: + description: |- + Storage version of v1api20250801.ManagedClusterStorageProfile_STATUS + Storage profile for the container service cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + blobCSIDriver: + description: |- + Storage version of v1api20250801.ManagedClusterStorageProfileBlobCSIDriver_STATUS + AzureBlob CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - secretExpressions: - items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. - properties: - key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + diskCSIDriver: + description: |- + Storage version of v1api20250801.ManagedClusterStorageProfileDiskCSIDriver_STATUS + AzureDisk CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: type: string - name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + fileCSIDriver: + description: |- + Storage version of v1api20250801.ManagedClusterStorageProfileFileCSIDriver_STATUS + AzureFile CSI Driver settings for the storage profile. + properties: + $propertyBag: + additionalProperties: type: string - value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + snapshotController: + description: |- + Storage version of v1api20250801.ManagedClusterStorageProfileSnapshotController_STATUS + Snapshot Controller settings for the storage profile. + properties: + $propertyBag: + additionalProperties: type: string - required: - - name - - value - type: object - type: array - type: object - orchestratorVersion: - type: string - originalVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource - properties: - armId: - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - name: - description: This is the name of the Kubernetes resource to reference. - type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object type: object - podSubnetIDReference: + supportPlan: + type: string + systemData: description: |- - PodSubnetIDReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more - details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} + Storage version of v1api20250801.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. properties: - armId: + $propertyBag: + additionalProperties: + type: string description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: type: string - group: - description: Group is the Kubernetes group of the resource. + createdBy: type: string - kind: - description: Kind is the Kubernetes kind of the resource. + createdByType: type: string - name: - description: Name is the Kubernetes name of the resource. + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: type: string type: object - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number tags: additionalProperties: type: string @@ -46877,7 +45091,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings + description: |- + Storage version of v1api20250801.ClusterUpgradeSettings_STATUS + Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: @@ -46886,112 +45102,28 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - maxSurge: - type: string - type: object - vmSize: - type: string - vnetSubnetIDReference: - description: |- - VnetSubnetIDReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} - properties: - armId: + overrideSettings: description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. - pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) - type: string - group: - description: Group is the Kubernetes group of the resource. - type: string - kind: - description: Kind is the Kubernetes kind of the resource. - type: string - name: - description: Name is the Kubernetes name of the resource. - type: string + Storage version of v1api20250801.UpgradeOverrideSettings_STATUS + Settings for overrides when upgrading a cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + forceUpgrade: + type: boolean + until: + type: string + type: object type: object - required: - - owner - type: object - status: - description: Storage version of v1api20210501.ManagedClustersAgentPool_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + windowsProfile: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - availabilityZones: - items: - type: string - type: array - conditions: - items: - description: Condition defines an extension to status (an observation) of a resource - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Message is a human readable message indicating details about the transition. This field may be empty. - type: string - observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - type: integer - reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. - type: string - severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown - type: string - status: - description: Status of the condition, one of True, False, or Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - lastTransitionTime - - reason - - status - - type - type: object - type: array - count: - type: integer - enableAutoScaling: - type: boolean - enableEncryptionAtHost: - type: boolean - enableFIPS: - type: boolean - enableNodePublicIP: - type: boolean - enableUltraSSD: - type: boolean - gpuInstanceProfile: - type: string - id: - type: string - kubeletConfig: - description: Storage version of v1api20210501.KubeletConfig_STATUS + Storage version of v1api20250801.ManagedClusterWindowsProfile_STATUS + Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: @@ -47000,47 +45132,14 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - allowedUnsafeSysctls: - items: - type: string - type: array - containerLogMaxFiles: - type: integer - containerLogMaxSizeMB: - type: integer - cpuCfsQuota: - type: boolean - cpuCfsQuotaPeriod: - type: string - cpuManagerPolicy: + adminUsername: type: string - failSwapOn: + enableCSIProxy: type: boolean - imageGcHighThreshold: - type: integer - imageGcLowThreshold: - type: integer - podMaxPids: - type: integer - topologyManagerPolicy: - type: string - type: object - kubeletDiskType: - type: string - linuxOSConfig: - description: Storage version of v1api20210501.LinuxOSConfig_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + gmsaProfile: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - swapFileSizeMB: - type: integer - sysctls: - description: Storage version of v1api20210501.SysctlConfig_STATUS + Storage version of v1api20250801.WindowsGmsaProfile_STATUS + Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: @@ -47049,104 +45148,20 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - fsAioMaxNr: - type: integer - fsFileMax: - type: integer - fsInotifyMaxUserWatches: - type: integer - fsNrOpen: - type: integer - kernelThreadsMax: - type: integer - netCoreNetdevMaxBacklog: - type: integer - netCoreOptmemMax: - type: integer - netCoreRmemDefault: - type: integer - netCoreRmemMax: - type: integer - netCoreSomaxconn: - type: integer - netCoreWmemDefault: - type: integer - netCoreWmemMax: - type: integer - netIpv4IpLocalPortRange: + dnsServer: type: string - netIpv4NeighDefaultGcThresh1: - type: integer - netIpv4NeighDefaultGcThresh2: - type: integer - netIpv4NeighDefaultGcThresh3: - type: integer - netIpv4TcpFinTimeout: - type: integer - netIpv4TcpKeepaliveProbes: - type: integer - netIpv4TcpKeepaliveTime: - type: integer - netIpv4TcpMaxSynBacklog: - type: integer - netIpv4TcpMaxTwBuckets: - type: integer - netIpv4TcpTwReuse: + enabled: type: boolean - netIpv4TcpkeepaliveIntvl: - type: integer - netNetfilterNfConntrackBuckets: - type: integer - netNetfilterNfConntrackMax: - type: integer - vmMaxMapCount: - type: integer - vmSwappiness: - type: integer - vmVfsCachePressure: - type: integer + rootDomainName: + type: string type: object - transparentHugePageDefrag: - type: string - transparentHugePageEnabled: + licenseType: type: string type: object - maxCount: - type: integer - maxPods: - type: integer - minCount: - type: integer - mode: - type: string - name: - type: string - nodeImageVersion: - type: string - nodeLabels: - additionalProperties: - type: string - type: object - nodePublicIPPrefixID: - type: string - nodeTaints: - items: - type: string - type: array - orchestratorVersion: - type: string - osDiskSizeGB: - type: integer - osDiskType: - type: string - osSKU: - type: string - osType: - type: string - podSubnetID: - type: string - powerState: - description: Storage version of v1api20210501.PowerState_STATUS + workloadAutoScalerProfile: + description: |- + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfile_STATUS + Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: @@ -47155,50 +45170,78 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - code: - type: string - type: object - properties_type: - type: string - provisioningState: - type: string - proximityPlacementGroupID: - type: string - scaleSetEvictionPolicy: - type: string - scaleSetPriority: - type: string - spotMaxPrice: - type: number - tags: - additionalProperties: - type: string - type: object - type: - type: string - upgradeSettings: - description: Storage version of v1api20210501.AgentPoolUpgradeSettings_STATUS - properties: - $propertyBag: - additionalProperties: - type: string + keda: description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS + KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean + type: object + verticalPodAutoscaler: + description: |- + Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS + VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + enabled: + type: boolean type: object - maxSurge: - type: string type: object - vmSize: - type: string - vnetSubnetID: - type: string type: object type: object served: true - storage: false + storage: true subresources: status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: managedclustersagentpools.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: ManagedClustersAgentPool + listKind: ManagedClustersAgentPoolList + plural: managedclustersagentpools + singular: managedclustersagentpool + preserveUnknownFields: false + scope: Namespaced + versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready @@ -51075,12 +49118,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102preview + name: v1api20240402preview schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -51106,6 +49149,9 @@ spec: description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: @@ -51154,7 +49200,7 @@ spec: a snapshot. properties: sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: description: |- @@ -51205,6 +49251,22 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: @@ -51218,6 +49280,11 @@ spec: description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. type: boolean type: object hostGroupReference: @@ -51247,29 +49314,50 @@ spec: description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: @@ -51284,75 +49372,113 @@ spec: description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: @@ -51375,6 +49501,7 @@ spec: Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: + - Gateway - System - User type: string @@ -51382,17 +49509,26 @@ spec: description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: + description: The port range. properties: portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: + description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -51400,6 +49536,9 @@ spec: type: object type: array applicationSecurityGroupsReferences: + description: |- + ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when + created. items: description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: @@ -51422,11 +49561,15 @@ spec: type: object type: array nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: + description: Contains the IPTag associated with the object. properties: ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -51595,6 +49738,14 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -51625,6 +49776,7 @@ spec: be stopped if it is Running and provisioning state is Succeeded properties: code: + description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped @@ -51674,10 +49826,17 @@ spec: description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' enum: - Disabled - LocalUser @@ -51705,22 +49864,46 @@ spec: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string type: object virtualMachineNodesStatus: items: + description: Current status on a group of nodes of the same vm size. properties: count: + description: 'Count: Number of nodes.' type: integer size: + description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array @@ -51728,15 +49911,44 @@ spec: description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: + description: Specifications on number of machines. properties: count: - maximum: 1000 - minimum: 0 + description: 'Count: Number of nodes.' type: integer sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. items: type: string type: array @@ -51777,6 +49989,9 @@ spec: description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: @@ -51795,6 +50010,9 @@ spec: description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: + description: |- + Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use + this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: @@ -51862,6 +50080,7 @@ spec: a snapshot. properties: sourceResourceId: + description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: @@ -51870,6 +50089,12 @@ spec: exactly equal to it. If orchestratorVersion was , this field will contain the full version being used. type: string + eTag: + description: |- + ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is + updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic + concurrency per the normal etag convention. + type: string enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean @@ -51901,6 +50126,20 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string @@ -51908,6 +50147,11 @@ spec: description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: + description: |- + InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU + Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents + automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver + installation themselves. type: boolean type: object hostGroupID: @@ -51923,28 +50167,49 @@ spec: description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: + description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: + description: |- + ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be + ≥ 2. type: integer containerLogMaxSizeMB: + description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: + description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: + description: |- + CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and + a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: + description: |- + CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more + information. Allowed values are 'none' and 'static'. type: string failSwapOn: + description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: + description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: + description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: + description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: + description: |- + TopologyManagerPolicy: For more information see [Kubernetes Topology + Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values + are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: @@ -51956,69 +50221,107 @@ spec: description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: + description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: + description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: + description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: + description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: + description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: + description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: + description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: + description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: + description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: + description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: + description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: + description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: + description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: + description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: + description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: + description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: + description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: + description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: + description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: + description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: + description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: + description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: + description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: + description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: + description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: + description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: + description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: + description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: + description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: + description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: + description: |- + TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is + 'madvise'. For more information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: + description: |- + TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more + information see [Transparent + Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: @@ -52048,26 +50351,40 @@ spec: description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: + description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: + description: The port range. properties: portEnd: + description: |- + PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or + equal to portStart. type: integer portStart: + description: |- + PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or + equal to portEnd. type: integer protocol: + description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: + description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: + description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: + description: Contains the IPTag associated with the object. properties: ipTagType: + description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: + description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -52127,6 +50444,11 @@ spec: osType: description: 'OsType: The operating system type. The default is Linux.' type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is + 'DynamicIndividual'. + type: string podSubnetID: description: |- PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is @@ -52140,6 +50462,7 @@ spec: be stopped if it is Running and provisioning state is Succeeded properties: code: + description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: @@ -52166,10 +50489,17 @@ spec: description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: + description: |- + EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and + drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: + description: |- + EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held + locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: @@ -52190,18 +50520,39 @@ spec: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: + description: |- + DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. + This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not + specified, the default is 30 minutes. type: integer maxSurge: + description: |- + MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it + is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded + up. If not specified, the default is 1. For more information, including best practices, see: + https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: + description: |- + NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and + moving on to next node. If not specified, the default is 0 minutes. type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string type: object virtualMachineNodesStatus: items: + description: Current status on a group of nodes of the same vm size. properties: count: + description: 'Count: Number of nodes.' type: integer size: + description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array @@ -52209,13 +50560,44 @@ spec: description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: + autoscale: + description: |- + Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, + at most one AutoScaleProfile is allowed. + items: + description: Specifications on auto-scaling. + properties: + maxCount: + description: 'MaxCount: The maximum number of nodes of the specified sizes.' + type: integer + minCount: + description: 'MinCount: The minimum number of nodes of the specified sizes.' + type: integer + sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS + will use the next size. + items: + type: string + type: array + type: object + type: array manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: + description: Specifications on number of machines. properties: count: + description: 'Count: Number of nodes.' type: integer sizes: + description: |- + Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the + first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will + use the next size. items: type: string type: array @@ -52239,6 +50621,9 @@ spec: description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: + description: |- + DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT + Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: @@ -52263,13 +50648,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20231102previewstorage + name: v1api20240402previewstorage schema: openAPIV3Schema: description: |- - Storage version of v1api20231102preview.ManagedClustersAgentPool + Storage version of v1api20240402preview.ManagedClustersAgentPool Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2023-11-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -52290,7 +50675,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20231102preview.ManagedClustersAgentPool_Spec + description: Storage version of v1api20240402preview.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: @@ -52300,7 +50685,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile properties: $propertyBag: additionalProperties: @@ -52344,7 +50729,9 @@ spec: count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData + description: |- + Storage version of v1api20240402preview.CreationData + Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: @@ -52354,7 +50741,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID + description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: description: |- @@ -52386,10 +50773,25 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile + description: Storage version of v1api20240402preview.AgentPoolGPUProfile properties: $propertyBag: additionalProperties: @@ -52425,7 +50827,9 @@ spec: type: string type: object kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig + description: |- + Storage version of v1api20240402preview.KubeletConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -52462,7 +50866,9 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig + description: |- + Storage version of v1api20240402preview.LinuxOSConfig + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -52474,7 +50880,9 @@ spec: swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig + description: |- + Storage version of v1api20240402preview.SysctlConfig + Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: @@ -52556,7 +50964,9 @@ spec: mode: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile + Network settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -52567,7 +50977,9 @@ spec: type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange + description: |- + Storage version of v1api20240402preview.PortRange + The port range. properties: $propertyBag: additionalProperties: @@ -52608,7 +51020,9 @@ spec: type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag + description: |- + Storage version of v1api20240402preview.IPTag + Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: @@ -52660,7 +51074,7 @@ spec: type: array operatorSpec: description: |- - Storage version of v1api20231102preview.ManagedClustersAgentPoolOperatorSpec + Storage version of v1api20240402preview.ManagedClustersAgentPoolOperatorSpec Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: @@ -52754,6 +51168,8 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -52778,7 +51194,9 @@ spec: type: string type: object powerState: - description: Storage version of v1api20231102preview.PowerState + description: |- + Storage version of v1api20240402preview.PowerState + Describes the Power State of the cluster properties: $propertyBag: additionalProperties: @@ -52817,7 +51235,9 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile + The security settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -52842,7 +51262,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: @@ -52857,10 +51279,14 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: - description: Storage version of v1api20231102preview.VirtualMachineNodes + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes + Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: @@ -52876,7 +51302,9 @@ spec: type: object type: array virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: @@ -52886,7 +51314,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object scale: - description: Storage version of v1api20231102preview.ScaleProfile + description: |- + Storage version of v1api20240402preview.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: @@ -52895,9 +51325,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: - description: Storage version of v1api20231102preview.ManualScaleProfile + description: |- + Storage version of v1api20240402preview.ManualScaleProfile + Specifications on number of machines. properties: $propertyBag: additionalProperties: @@ -52942,7 +51397,9 @@ spec: type: string type: object windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile + The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: @@ -52960,7 +51417,7 @@ spec: - owner type: object status: - description: Storage version of v1api20231102preview.ManagedClustersAgentPool_STATUS + description: Storage version of v1api20240402preview.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: @@ -52970,7 +51427,7 @@ spec: resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20231102preview.AgentPoolArtifactStreamingProfile_STATUS + description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS properties: $propertyBag: additionalProperties: @@ -53034,7 +51491,9 @@ spec: count: type: integer creationData: - description: Storage version of v1api20231102preview.CreationData_STATUS + description: |- + Storage version of v1api20240402preview.CreationData_STATUS + Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: @@ -53048,6 +51507,8 @@ spec: type: object currentOrchestratorVersion: type: string + eTag: + type: string enableAutoScaling: type: boolean enableCustomCATrust: @@ -53060,10 +51521,25 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20231102preview.AgentPoolGPUProfile_STATUS + description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: $propertyBag: additionalProperties: @@ -53080,7 +51556,9 @@ spec: id: type: string kubeletConfig: - description: Storage version of v1api20231102preview.KubeletConfig_STATUS + description: |- + Storage version of v1api20240402preview.KubeletConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -53117,7 +51595,9 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20231102preview.LinuxOSConfig_STATUS + description: |- + Storage version of v1api20240402preview.LinuxOSConfig_STATUS + See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -53129,7 +51609,9 @@ spec: swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20231102preview.SysctlConfig_STATUS + description: |- + Storage version of v1api20240402preview.SysctlConfig_STATUS + Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: @@ -53213,7 +51695,9 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20231102preview.AgentPoolNetworkProfile_STATUS + description: |- + Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Network settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -53224,7 +51708,9 @@ spec: type: object allowedHostPorts: items: - description: Storage version of v1api20231102preview.PortRange_STATUS + description: |- + Storage version of v1api20240402preview.PortRange_STATUS + The port range. properties: $propertyBag: additionalProperties: @@ -53247,7 +51733,9 @@ spec: type: array nodePublicIPTags: items: - description: Storage version of v1api20231102preview.IPTag_STATUS + description: |- + Storage version of v1api20240402preview.IPTag_STATUS + Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: @@ -53289,10 +51777,14 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: - description: Storage version of v1api20231102preview.PowerState_STATUS + description: |- + Storage version of v1api20240402preview.PowerState_STATUS + Describes the Power State of the cluster properties: $propertyBag: additionalProperties: @@ -53317,7 +51809,9 @@ spec: scaleSetPriority: type: string securityProfile: - description: Storage version of v1api20231102preview.AgentPoolSecurityProfile_STATUS + description: |- + Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + The security settings of an agent pool. properties: $propertyBag: additionalProperties: @@ -53342,7 +51836,9 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20231102preview.AgentPoolUpgradeSettings_STATUS + description: |- + Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: @@ -53357,10 +51853,14 @@ spec: type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string type: object virtualMachineNodesStatus: items: - description: Storage version of v1api20231102preview.VirtualMachineNodes_STATUS + description: |- + Storage version of v1api20240402preview.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: @@ -53376,7 +51876,9 @@ spec: type: object type: array virtualMachinesProfile: - description: Storage version of v1api20231102preview.VirtualMachinesProfile_STATUS + description: |- + Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: @@ -53386,7 +51888,9 @@ spec: resources, allowing for full fidelity round trip conversions type: object scale: - description: Storage version of v1api20231102preview.ScaleProfile_STATUS + description: |- + Storage version of v1api20240402preview.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: @@ -53395,9 +51899,34 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object + autoscale: + items: + description: |- + Storage version of v1api20240402preview.AutoScaleProfile_STATUS + Specifications on auto-scaling. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + maxCount: + type: integer + minCount: + type: integer + sizes: + items: + type: string + type: array + type: object + type: array manual: items: - description: Storage version of v1api20231102preview.ManualScaleProfile_STATUS + description: |- + Storage version of v1api20240402preview.ManualScaleProfile_STATUS + Specifications on number of machines. properties: $propertyBag: additionalProperties: @@ -53421,7 +51950,9 @@ spec: vnetSubnetID: type: string windowsProfile: - description: Storage version of v1api20231102preview.AgentPoolWindowsProfile_STATUS + description: |- + Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: @@ -53454,12 +51985,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402preview + name: v1api20240901 schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -53481,15 +52012,6 @@ spec: type: object spec: properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object availabilityZones: description: |- AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType @@ -53559,12 +52081,6 @@ spec: enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -53587,22 +52103,6 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - maximum: 31 - minimum: 28 - type: integer - type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: @@ -53612,17 +52112,6 @@ spec: - MIG4g - MIG7g type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupReference: description: |- HostGroupReference: This is of the form: @@ -53823,12 +52312,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -53837,7 +52320,6 @@ spec: Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - - Gateway - System - User type: string @@ -53910,16 +52392,6 @@ spec: type: object type: array type: object - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -54020,13 +52492,14 @@ spec: type: object orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 @@ -54043,17 +52516,14 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner - - Mariner - Ubuntu - Windows2019 - Windows2022 - - WindowsAnnual type: string osType: description: 'OsType: The operating system type. The default is Linux.' @@ -54074,14 +52544,6 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - enum: - - DynamicIndividual - - StaticBlock - type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -54171,12 +52633,6 @@ spec: EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - enum: - - Disabled - - LocalUser - type: string type: object spotMaxPrice: description: |- @@ -54194,7 +52650,6 @@ spec: enum: - AvailabilitySet - VirtualMachineScaleSets - - VirtualMachines type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' @@ -54221,76 +52676,6 @@ spec: maximum: 30 minimum: 0 type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - enum: - - Cordon - - Schedule - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: description: |- @@ -54333,7 +52718,6 @@ spec: workloadRuntime: description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - - KataMshvVmIsolation - OCIContainer - WasmWasi type: string @@ -54342,15 +52726,6 @@ spec: type: object status: properties: - artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' - properties: - enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. - type: boolean - type: object availabilityZones: description: |- AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType @@ -54421,8 +52796,8 @@ spec: type: object currentOrchestratorVersion: description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full + CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be + exactly equal to it. If orchestratorVersion is , this field will contain the full version being used. type: string eTag: @@ -54434,12 +52809,6 @@ spec: enableAutoScaling: description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean - enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. - type: boolean enableEncryptionAtHost: description: |- EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, @@ -54462,34 +52831,9 @@ spec: enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean - gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. - properties: - publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. - type: integer - type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string - gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' - properties: - installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. - type: boolean - type: object hostGroupID: description: |- HostGroupID: This is of the form: @@ -54666,12 +53010,6 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer - messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). - type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer @@ -54728,16 +53066,6 @@ spec: nodeImageVersion: description: 'NodeImageVersion: The version of node image' type: string - nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -54755,13 +53083,14 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. + When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster + with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer + patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same + Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor + version must be within two minor versions of the control plane version. The node pool version cannot be greater than the + control plane version. For more information see [upgrading a node + pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer @@ -54773,18 +53102,12 @@ spec: type: string osSKU: description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. + OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 + when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: description: 'OsType: The operating system type. The default is Linux.' type: string - podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. - type: string podSubnetID: description: |- PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is @@ -54834,9 +53157,6 @@ spec: EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean - sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' - type: string type: object spotMaxPrice: description: |- @@ -54873,73 +53193,6 @@ spec: NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer - undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. - type: string - type: object - virtualMachineNodesStatus: - items: - description: Current status on a group of nodes of the same vm size. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - size: - description: 'Size: The VM size of the agents used to host this group of nodes.' - type: string - type: object - type: array - virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' - properties: - scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' - properties: - autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. - items: - description: Specifications on auto-scaling. - properties: - maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' - type: integer - minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. - items: - type: string - type: array - type: object - type: array - manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' - items: - description: Specifications on number of machines. - properties: - count: - description: 'Count: Number of nodes.' - type: integer - sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: description: |- @@ -54984,13 +53237,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240402previewstorage + name: v1api20240901storage schema: openAPIV3Schema: description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPool + Storage version of v1api20240901.ManagedClustersAgentPool Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -55011,7 +53264,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_Spec + description: Storage version of v1api20240901.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: @@ -55020,19 +53273,6 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string @@ -55066,7 +53306,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20240402preview.CreationData + Storage version of v1api20240901.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -55099,8 +53339,6 @@ spec: type: object enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -55109,36 +53347,8 @@ spec: type: boolean enableUltraSSD: type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupReference: description: |- HostGroupReference: This is of the form: @@ -55164,7 +53374,7 @@ spec: type: object kubeletConfig: description: |- - Storage version of v1api20240402preview.KubeletConfig + Storage version of v1api20240901.KubeletConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -55203,7 +53413,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20240402preview.LinuxOSConfig + Storage version of v1api20240901.LinuxOSConfig See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -55217,7 +53427,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20240402preview.SysctlConfig + Storage version of v1api20240901.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -55293,15 +53503,13 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: type: string networkProfile: description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile + Storage version of v1api20240901.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -55314,7 +53522,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20240402preview.PortRange + Storage version of v1api20240901.PortRange The port range. properties: $propertyBag: @@ -55357,7 +53565,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20240402preview.IPTag + Storage version of v1api20240901.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -55374,10 +53582,6 @@ spec: type: object type: array type: object - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -55410,7 +53614,7 @@ spec: type: array operatorSpec: description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPoolOperatorSpec + Storage version of v1api20240901.ManagedClustersAgentPoolOperatorSpec Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: @@ -55504,8 +53708,6 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object - podIPAllocationMode: - type: string podSubnetReference: description: |- PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). @@ -55531,7 +53733,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20240402preview.PowerState + Storage version of v1api20240901.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -55572,7 +53774,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile + Storage version of v1api20240901.AgentPoolSecurityProfile The security settings of an agent pool. properties: $propertyBag: @@ -55586,8 +53788,6 @@ spec: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -55599,7 +53799,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings + Storage version of v1api20240901.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -55615,97 +53815,6 @@ spec: type: string nodeSoakDurationInMinutes: type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: type: string @@ -55734,7 +53843,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile + Storage version of v1api20240901.AgentPoolWindowsProfile The Windows agent pool's specific profile. properties: $propertyBag: @@ -55753,7 +53862,7 @@ spec: - owner type: object status: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_STATUS + description: Storage version of v1api20240901.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: @@ -55762,19 +53871,6 @@ spec: PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage resources, allowing for full fidelity round trip conversions type: object - artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - enabled: - type: boolean - type: object availabilityZones: items: type: string @@ -55828,7 +53924,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20240402preview.CreationData_STATUS + Storage version of v1api20240901.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -55847,8 +53943,6 @@ spec: type: string enableAutoScaling: type: boolean - enableCustomCATrust: - type: boolean enableEncryptionAtHost: type: boolean enableFIPS: @@ -55857,43 +53951,15 @@ spec: type: boolean enableUltraSSD: type: boolean - gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - publicIPPrefixSize: - type: integer - type: object gpuInstanceProfile: type: string - gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - installGPUDriver: - type: boolean - type: object hostGroupID: type: string id: type: string kubeletConfig: description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS + Storage version of v1api20240901.KubeletConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -55932,7 +53998,7 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS + Storage version of v1api20240901.LinuxOSConfig_STATUS See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: @@ -55946,7 +54012,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS + Storage version of v1api20240901.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -56022,8 +54088,6 @@ spec: type: integer maxPods: type: integer - messageOfTheDay: - type: string minCount: type: integer mode: @@ -56032,7 +54096,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS + Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS Network settings of an agent pool. properties: $propertyBag: @@ -56045,7 +54109,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20240402preview.PortRange_STATUS + Storage version of v1api20240901.PortRange_STATUS The port range. properties: $propertyBag: @@ -56070,7 +54134,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20240402preview.IPTag_STATUS + Storage version of v1api20240901.IPTag_STATUS Contains the IPTag associated with the object. properties: $propertyBag: @@ -56089,10 +54153,6 @@ spec: type: object nodeImageVersion: type: string - nodeInitializationTaints: - items: - type: string - type: array nodeLabels: additionalProperties: type: string @@ -56113,13 +54173,11 @@ spec: type: string osType: type: string - podIPAllocationMode: - type: string podSubnetID: type: string powerState: description: |- - Storage version of v1api20240402preview.PowerState_STATUS + Storage version of v1api20240901.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -56146,7 +54204,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS + Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS The security settings of an agent pool. properties: $propertyBag: @@ -56160,8 +54218,6 @@ spec: type: boolean enableVTPM: type: boolean - sshAccess: - type: string type: object spotMaxPrice: type: number @@ -56173,7 +54229,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -56189,97 +54245,6 @@ spec: type: string nodeSoakDurationInMinutes: type: integer - undrainableNodeBehavior: - type: string - type: object - virtualMachineNodesStatus: - items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - size: - type: string - type: object - type: array - virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - autoscale: - items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - maxCount: - type: integer - minCount: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - manual: - items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. - properties: - $propertyBag: - additionalProperties: - type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions - type: object - count: - type: integer - sizes: - items: - type: string - type: array - type: object - type: array - type: object type: object vmSize: type: string @@ -56287,7 +54252,7 @@ spec: type: string windowsProfile: description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS + Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS The Windows agent pool's specific profile. properties: $propertyBag: @@ -56321,12 +54286,12 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240901 + name: v1api20250801 schema: openAPIV3Schema: description: |- Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -56419,26 +54384,43 @@ spec: type: boolean enableEncryptionAtHost: description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption + EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM + sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: description: |- - EnableFIPS: See [Add a FIPS-enabled node + EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. type: boolean enableNodePublicIP: description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. + EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to + receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to + make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP + per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false. type: boolean enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + maximum: 31 + minimum: 28 + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: @@ -56448,9 +54430,20 @@ spec: - MIG4g - MIG7g type: string + gpuProfile: + description: 'GpuProfile: GPU settings for the Agent Pool.' + properties: + driver: + description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' + enum: + - Install + - None + type: string + type: object hostGroupReference: description: |- - HostGroupReference: This is of the form: + HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used + only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: @@ -56489,16 +54482,17 @@ spec: description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' + description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal + numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', + 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more information. Allowed values are 'none' and 'static'. type: string @@ -56506,17 +54500,21 @@ spec: description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' + description: |- + ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image + garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' + description: |- + ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set + higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology + TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string @@ -56631,14 +54629,15 @@ spec: type: object transparentHugePageDefrag: description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent + TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages + available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For + more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent + TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and + 'never'. The default is 'always'. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object @@ -56648,14 +54647,21 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to + /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). + type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional + information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: + - Gateway - System - User type: string @@ -56735,7 +54741,7 @@ spec: type: object nodePublicIPPrefixReference: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: @@ -56828,13 +54834,13 @@ spec: type: object orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node + OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: @@ -56843,8 +54849,9 @@ spec: type: integer osDiskType: description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it + and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after + creation. For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral @@ -56856,8 +54863,10 @@ spec: when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux + - AzureLinux3 - CBLMariner - Ubuntu + - Ubuntu2204 - Windows2019 - Windows2022 type: string @@ -56880,10 +54889,18 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + description: |- + PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with + podSubnetId. The default is 'DynamicIndividual'. + enum: + - DynamicIndividual + - StaticBlock + type: string podSubnetReference: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -56905,9 +54922,9 @@ spec: type: object powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded + PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. + The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not + accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: description: 'Code: Tells whether the cluster is Running or Stopped' @@ -56937,15 +54954,17 @@ spec: type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + description: |- + ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete. enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. + ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the + scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. enum: - Deallocate - Delete @@ -56969,12 +54988,19 @@ spec: EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + enum: + - Disabled + - LocalUser + type: string type: object spotMaxPrice: description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal + value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: @@ -56986,43 +55012,97 @@ spec: enum: - AvailabilitySet - VirtualMachineScaleSets + - VirtualMachines type: string upgradeSettings: description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. + DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and + graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is + exceeded, the upgrade fails. If not specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer + (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size + at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For + more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster + type: string + maxUnavailable: + description: |- + MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This + can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the + percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If + not specified, the default is 0. For more information, including best practices, see: + https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. + NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node + and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + enum: + - Cordon + - Schedule + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: |- + Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or + 'Standard_D16s_v5'. + type: string + type: object + type: array + type: object type: object vmSize: description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: + VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute + resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is + not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and + pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -57047,8 +55127,8 @@ spec: properties: disableOutboundNat: description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. + DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only + be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: @@ -57132,9 +55212,9 @@ spec: type: object currentOrchestratorVersion: description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. + CurrentOrchestratorVersion: The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully + specified version , this field will be exactly equal to it. If orchestratorVersion is , + this field will contain the full version being used. type: string eTag: description: |- @@ -57147,32 +55227,55 @@ spec: type: boolean enableEncryptionAtHost: description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption + EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM + sizes and in certain Azure regions. For more information, see: + https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: description: |- - EnableFIPS: See [Add a FIPS-enabled node + EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. type: boolean enableNodePublicIP: description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. + EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to + receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to + make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP + per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + The default is false. type: boolean enableUltraSSD: description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean + gatewayProfile: + description: |- + GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is + not Gateway. + properties: + publicIPPrefixSize: + description: |- + PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide + public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with + one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure + public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 + nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. + type: integer + type: object gpuInstanceProfile: description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string + gpuProfile: + description: 'GpuProfile: GPU settings for the Agent Pool.' + properties: + driver: + description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' + type: string + type: object hostGroupID: description: |- - HostGroupID: This is of the form: + HostGroupID: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only + in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string @@ -57196,16 +55299,17 @@ spec: description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' + description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. + CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal + numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', + 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management + CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more information. Allowed values are 'none' and 'static'. type: string @@ -57213,17 +55317,21 @@ spec: description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' + description: |- + ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image + garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' + description: |- + ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set + higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology + TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string @@ -57329,14 +55437,15 @@ spec: type: object transparentHugePageDefrag: description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent + TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages + available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For + more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent + TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and + 'never'. The default is 'always'. For more information see [Transparent Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object @@ -57346,13 +55455,19 @@ spec: maxPods: description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer + messageOfTheDay: + description: |- + MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to + /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified + for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). + type: string minCount: description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools + Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional + information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' @@ -57409,7 +55524,7 @@ spec: type: object nodePublicIPPrefixID: description: |- - NodePublicIPPrefixID: This is of the form: + NodePublicIPPrefixID: The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: @@ -57419,21 +55534,22 @@ spec: type: array orchestratorVersion: description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node + OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. + 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch + version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x + -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade + all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version + as the control plane. The node pool minor version must be within two minor versions of the control plane version. The + node pool version cannot be greater than the control plane version. For more information see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral + OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it + and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after + creation. For more information see [Ephemeral OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: @@ -57444,17 +55560,22 @@ spec: osType: description: 'OsType: The operating system type. The default is Linux.' type: string + podIPAllocationMode: + description: |- + PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with + podSubnetId. The default is 'DynamicIndividual'. + type: string podSubnetID: description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: + PodSubnetID: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the + node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded + PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. + The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not + accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: description: 'Code: Tells whether the cluster is Running or Stopped' @@ -57470,12 +55591,14 @@ spec: description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' + description: |- + ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler + behavior. If not specified, it defaults to Delete. type: string scaleSetEvictionPolicy: description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. + ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the + scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. type: string scaleSetPriority: description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' @@ -57493,13 +55616,81 @@ spec: EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean + sshAccess: + description: 'SshAccess: SSH access method of an agent pool.' + type: string type: object spotMaxPrice: description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) + SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal + value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value + greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, + see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number + status: + description: 'Status: Contains read-only information about the Agent Pool.' + properties: + provisioningError: + description: |- + ProvisioningError: The error detail information of the agent pool. Preserves the detailed info of failure. If there was + no error, this field is omitted. + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + details: + description: 'Details: The error details.' + items: + properties: + additionalInfo: + description: 'AdditionalInfo: The error additional info.' + items: + description: The resource management error additional info. + properties: + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Info: The additional info.' + type: object + type: + description: 'Type: The additional info type.' + type: string + type: object + type: array + code: + description: 'Code: The error code.' + type: string + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: array + message: + description: 'Message: The error message.' + type: string + target: + description: 'Target: The error target.' + type: string + type: object + type: object tags: additionalProperties: type: string @@ -57513,33 +55704,83 @@ spec: properties: drainTimeoutInMinutes: description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. + DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and + graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is + exceeded, the upgrade fails. If not specified, the default is 30 minutes. type: integer maxSurge: description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade + MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer + (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size + at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For + more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster + type: string + maxUnavailable: + description: |- + MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This + can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the + percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If + not specified, the default is 0. For more information, including best practices, see: + https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. + NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node + and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer + undrainableNodeBehavior: + description: |- + UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable + nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the + remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. + type: string + type: object + virtualMachineNodesStatus: + items: + description: Current status on a group of nodes of the same vm size. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: 'Size: The VM size of the agents used to host this group of nodes.' + type: string + type: object + type: array + virtualMachinesProfile: + description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' + properties: + scale: + description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' + properties: + manual: + description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' + items: + description: Specifications on number of machines. + properties: + count: + description: 'Count: Number of nodes.' + type: integer + size: + description: |- + Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or + 'Standard_D16s_v5'. + type: string + type: object + type: array + type: object type: object vmSize: description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: + VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute + resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetID: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not + specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, + otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: @@ -57547,8 +55788,8 @@ spec: properties: disableOutboundNat: description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. + DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only + be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: @@ -57573,13 +55814,13 @@ spec: - jsonPath: .status.conditions[?(@.type=='Ready')].message name: Message type: string - name: v1api20240901storage + name: v1api20250801storage schema: openAPIV3Schema: description: |- - Storage version of v1api20240901.ManagedClustersAgentPool + Storage version of v1api20250801.ManagedClustersAgentPool Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: @@ -57600,7 +55841,7 @@ spec: metadata: type: object spec: - description: Storage version of v1api20240901.ManagedClustersAgentPool_Spec + description: Storage version of v1api20250801.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: @@ -57642,7 +55883,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20240901.CreationData + Storage version of v1api20250801.CreationData Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -57683,11 +55924,42 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20250801.AgentPoolGatewayProfile + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string + gpuProfile: + description: |- + Storage version of v1api20250801.GPUProfile + GPU settings for the Agent Pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + driver: + type: string + type: object hostGroupReference: description: |- - HostGroupReference: This is of the form: + HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used + only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: @@ -57710,8 +55982,9 @@ spec: type: object kubeletConfig: description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.KubeletConfig + Kubelet configurations of agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -57749,8 +56022,9 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.LinuxOSConfig + OS configurations of Linux agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -57763,7 +56037,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20240901.SysctlConfig + Storage version of v1api20250801.SysctlConfig Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -57839,13 +56113,15 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: type: string networkProfile: description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile + Storage version of v1api20250801.AgentPoolNetworkProfile Network settings of an agent pool. properties: $propertyBag: @@ -57858,7 +56134,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20240901.PortRange + Storage version of v1api20250801.PortRange The port range. properties: $propertyBag: @@ -57901,7 +56177,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20240901.IPTag + Storage version of v1api20250801.IPTag Contains the IPTag associated with the object. properties: $propertyBag: @@ -57924,7 +56200,7 @@ spec: type: object nodePublicIPPrefixReference: description: |- - NodePublicIPPrefixReference: This is of the form: + NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: @@ -57950,7 +56226,7 @@ spec: type: array operatorSpec: description: |- - Storage version of v1api20240901.ManagedClustersAgentPoolOperatorSpec + Storage version of v1api20250801.ManagedClustersAgentPoolOperatorSpec Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: @@ -58044,10 +56320,12 @@ spec: description: This is the name of the Kubernetes resource to reference. type: string type: object + podIPAllocationMode: + type: string podSubnetReference: description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: + PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned + on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -58069,7 +56347,7 @@ spec: type: object powerState: description: |- - Storage version of v1api20240901.PowerState + Storage version of v1api20250801.PowerState Describes the Power State of the cluster properties: $propertyBag: @@ -58110,7 +56388,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile + Storage version of v1api20250801.AgentPoolSecurityProfile The security settings of an agent pool. properties: $propertyBag: @@ -58124,6 +56402,8 @@ spec: type: boolean enableVTPM: type: boolean + sshAccess: + type: string type: object spotMaxPrice: type: number @@ -58135,7 +56415,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings + Storage version of v1api20250801.AgentPoolUpgradeSettings Settings for upgrading an agentpool properties: $propertyBag: @@ -58149,15 +56429,84 @@ spec: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20250801.VirtualMachineNodes + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20250801.VirtualMachinesProfile + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20250801.ScaleProfile + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20250801.ManualScaleProfile + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: type: string vnetSubnetReference: description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: + VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is + not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and + pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: @@ -58179,7 +56528,7 @@ spec: type: object windowsProfile: description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile + Storage version of v1api20250801.AgentPoolWindowsProfile The Windows agent pool's specific profile. properties: $propertyBag: @@ -58198,7 +56547,7 @@ spec: - owner type: object status: - description: Storage version of v1api20240901.ManagedClustersAgentPool_STATUS + description: Storage version of v1api20250801.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: @@ -58260,7 +56609,7 @@ spec: type: integer creationData: description: |- - Storage version of v1api20240901.CreationData_STATUS + Storage version of v1api20250801.CreationData_STATUS Data used when creating a target resource from a source resource. properties: $propertyBag: @@ -58287,16 +56636,47 @@ spec: type: boolean enableUltraSSD: type: boolean + gatewayProfile: + description: |- + Storage version of v1api20250801.AgentPoolGatewayProfile_STATUS + Profile of the managed cluster gateway agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + publicIPPrefixSize: + type: integer + type: object gpuInstanceProfile: type: string + gpuProfile: + description: |- + Storage version of v1api20250801.GPUProfile_STATUS + GPU settings for the Agent Pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + driver: + type: string + type: object hostGroupID: type: string id: type: string kubeletConfig: description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.KubeletConfig_STATUS + Kubelet configurations of agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -58334,8 +56714,9 @@ spec: type: string linuxOSConfig: description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. + Storage version of v1api20250801.LinuxOSConfig_STATUS + OS configurations of Linux agent nodes. See [AKS custom node + configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: @@ -58348,7 +56729,7 @@ spec: type: integer sysctls: description: |- - Storage version of v1api20240901.SysctlConfig_STATUS + Storage version of v1api20250801.SysctlConfig_STATUS Sysctl settings for Linux agent nodes. properties: $propertyBag: @@ -58424,6 +56805,8 @@ spec: type: integer maxPods: type: integer + messageOfTheDay: + type: string minCount: type: integer mode: @@ -58432,7 +56815,7 @@ spec: type: string networkProfile: description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS + Storage version of v1api20250801.AgentPoolNetworkProfile_STATUS Network settings of an agent pool. properties: $propertyBag: @@ -58445,7 +56828,7 @@ spec: allowedHostPorts: items: description: |- - Storage version of v1api20240901.PortRange_STATUS + Storage version of v1api20250801.PortRange_STATUS The port range. properties: $propertyBag: @@ -58470,7 +56853,7 @@ spec: nodePublicIPTags: items: description: |- - Storage version of v1api20240901.IPTag_STATUS + Storage version of v1api20250801.IPTag_STATUS Contains the IPTag associated with the object. properties: $propertyBag: @@ -58509,11 +56892,13 @@ spec: type: string osType: type: string + podIPAllocationMode: + type: string podSubnetID: type: string powerState: description: |- - Storage version of v1api20240901.PowerState_STATUS + Storage version of v1api20250801.PowerState_STATUS Describes the Power State of the cluster properties: $propertyBag: @@ -58540,7 +56925,7 @@ spec: type: string securityProfile: description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS + Storage version of v1api20250801.AgentPoolSecurityProfile_STATUS The security settings of an agent pool. properties: $propertyBag: @@ -58554,9 +56939,104 @@ spec: type: boolean enableVTPM: type: boolean + sshAccess: + type: string type: object spotMaxPrice: type: number + status: + description: |- + Storage version of v1api20250801.AgentPoolStatus_STATUS + Contains read-only information about the Agent Pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + provisioningError: + description: |- + Storage version of v1api20250801.ErrorDetail_STATUS + The error detail. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + details: + items: + description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + additionalInfo: + items: + description: |- + Storage version of v1api20250801.ErrorAdditionalInfo_STATUS + The resource management error additional info. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + info: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + type: + type: string + type: object + type: array + code: + type: string + message: + type: string + target: + type: string + type: object + type: array + message: + type: string + target: + type: string + type: object + type: object tags: additionalProperties: type: string @@ -58565,7 +57045,7 @@ spec: type: string upgradeSettings: description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS + Storage version of v1api20250801.AgentPoolUpgradeSettings_STATUS Settings for upgrading an agentpool properties: $propertyBag: @@ -58579,8 +57059,76 @@ spec: type: integer maxSurge: type: string + maxUnavailable: + type: string nodeSoakDurationInMinutes: type: integer + undrainableNodeBehavior: + type: string + type: object + virtualMachineNodesStatus: + items: + description: |- + Storage version of v1api20250801.VirtualMachineNodes_STATUS + Current status on a group of nodes of the same vm size. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + virtualMachinesProfile: + description: |- + Storage version of v1api20250801.VirtualMachinesProfile_STATUS + Specifications on VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + scale: + description: |- + Storage version of v1api20250801.ScaleProfile_STATUS + Specifications on how to scale a VirtualMachines agent pool. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + manual: + items: + description: |- + Storage version of v1api20250801.ManualScaleProfile_STATUS + Specifications on number of machines. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + count: + type: integer + size: + type: string + type: object + type: array + type: object type: object vmSize: type: string @@ -58588,7 +57136,7 @@ spec: type: string windowsProfile: description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS + Storage version of v1api20250801.AgentPoolWindowsProfile_STATUS The Windows agent pool's specific profile. properties: $propertyBag: @@ -58615,10 +57163,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: natgateways.network.azure.com spec: conversion: @@ -58634,6 +57182,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: NatGateway listKind: NatGatewayList plural: natgateways @@ -60089,10 +58640,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: privateendpoints.network.azure.com spec: conversion: @@ -60108,6 +58659,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: PrivateEndpoint listKind: PrivateEndpointList plural: privateendpoints @@ -61144,7 +59698,7 @@ spec: type: object status: description: |- - Storage version of v1api20220701.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Storage version of v1api20220701.PrivateEndpoint_STATUS Private endpoint resource. properties: $propertyBag: @@ -62468,7 +61022,7 @@ spec: type: object status: description: |- - Storage version of v1api20240301.PrivateEndpoint_STATUS_PrivateEndpoint_SubResourceEmbedded + Storage version of v1api20240301.PrivateEndpoint_STATUS Private endpoint resource. properties: $propertyBag: @@ -62769,10 +61323,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: resourcegroups.resources.azure.com spec: conversion: @@ -62788,6 +61342,9 @@ spec: - v1 group: resources.azure.com names: + categories: + - azure + - resources kind: ResourceGroup listKind: ResourceGroupList plural: resourcegroups @@ -63238,10 +61795,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: virtualnetworks.network.azure.com spec: conversion: @@ -63257,6 +61814,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: VirtualNetwork listKind: VirtualNetworkList plural: virtualnetworks @@ -65084,10 +63644,10 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.17.3 labels: app.kubernetes.io/name: azure-service-operator - app.kubernetes.io/version: v2.13.0 + app.kubernetes.io/version: v2.16.0 name: virtualnetworkssubnets.network.azure.com spec: conversion: @@ -65103,6 +63663,9 @@ spec: - v1 group: network.azure.com names: + categories: + - azure + - network kind: VirtualNetworksSubnet listKind: VirtualNetworksSubnetList plural: virtualnetworkssubnets diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml index 5451c2bbc7e..9180556d6ff 100644 --- a/config/aso/kustomization.yaml +++ b/config/aso/kustomization.yaml @@ -3,7 +3,7 @@ kind: Component namespace: capz-system resources: # The ASO version here is managed by `make generate-aso-crds` - - https://github.com/Azure/azure-service-operator/releases/download/v2.13.0/azureserviceoperator_v2.13.0.yaml + - https://github.com/Azure/azure-service-operator/releases/download/v2.16.0/azureserviceoperator_v2.16.0.yaml - crds.yaml - settings.yaml patches: @@ -30,24 +30,6 @@ patches: - op: replace # Users can specify additional ASO CRDs. CRDs should be appended with ';' path: /spec/template/spec/containers/0/args/6 value: --crd-pattern=${ADDITIONAL_ASO_CRDS:= } - - # ASO will provide a startupProbe starting in v2.14.0. - # These patches should be removed when the upstream probe is set. - - op: test - path: /spec/template/spec/containers/0/startupProbe - value: null - - op: add - path: /spec/template/spec/containers/0/startupProbe - value: - httpGet: - path: /healthz - port: 8081 - periodSeconds: 10 - failureThreshold: 12 - - op: remove - path: /spec/template/spec/containers/0/livenessProbe/initialDelaySeconds - - op: remove - path: /spec/template/spec/containers/0/readinessProbe/initialDelaySeconds target: group: apps kind: Deployment diff --git a/controllers/azuremanagedmachinepool_reconciler.go b/controllers/azuremanagedmachinepool_reconciler.go index d5e06ee41aa..8bb7ca1f9e8 100644 --- a/controllers/azuremanagedmachinepool_reconciler.go +++ b/controllers/azuremanagedmachinepool_reconciler.go @@ -24,7 +24,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/pkg/errors" azprovider "sigs.k8s.io/cloud-provider-azure/pkg/provider" diff --git a/go.mod b/go.mod index 35c6eb02ca1..2409249d9c8 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresourcehealth v1.3.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 - github.com/Azure/azure-service-operator/v2 v2.13.0 + github.com/Azure/azure-service-operator/v2 v2.16.0 github.com/Azure/msi-dataplane v0.4.3 github.com/asaskevich/govalidator/v11 v11.0.2-0.20250122183457-e11347878e23 github.com/blang/semver v3.5.1+incompatible @@ -106,9 +106,10 @@ require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/jsonpointer v0.21.2 // indirect + github.com/go-openapi/jsonpointer v0.22.1 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.1 // indirect + github.com/go-openapi/swag/jsonname v0.25.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobuffalo/flect v1.0.3 // indirect @@ -125,7 +126,7 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/jellydator/ttlcache/v3 v3.3.0 // indirect + github.com/jellydator/ttlcache/v3 v3.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kr/fs v0.1.0 // indirect @@ -165,7 +166,7 @@ require ( github.com/rivo/uniseg v0.4.7 // indirect github.com/rotisserie/eris v0.5.4 // indirect github.com/sagikazarmark/locafero v0.11.0 // indirect - github.com/samber/lo v1.51.0 // indirect + github.com/samber/lo v1.52.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect github.com/spf13/afero v1.15.0 // indirect @@ -189,7 +190,7 @@ require ( golang.org/x/sync v0.20.0 // indirect golang.org/x/sys v0.43.0 // indirect golang.org/x/term v0.42.0 // indirect - golang.org/x/time v0.12.0 // indirect + golang.org/x/time v0.14.0 // indirect golang.org/x/tools v0.43.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect diff --git a/go.sum b/go.sum index 058ecffa576..08b85e8c8a4 100644 --- a/go.sum +++ b/go.sum @@ -20,6 +20,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappcon github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/appconfiguration/armappconfiguration v1.1.1/go.mod h1:21Lewei+tg5zp5xmyOxfDY//2tBvWQXee0UoM8xZjr8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0 h1:Hp+EScFOu9HeCbeW8WU2yQPJd4gGwhMgKxWe+G6jNzw= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.2.0/go.mod h1:/pz8dyNQe+Ey3yBp/XuYz7oqX8YDNWVpPB0hH3XWfbc= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices v1.8.0 h1:ZMGAqCZov8+7iFUPWKVcTaLgNXUeTlz20sIuWkQWNfg= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices v1.8.0/go.mod h1:BElPQ/GZtrdQ2i5uDZw3OKLE1we75W0AEWyeBR1TWQA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.4.0 h1:z7Mqz6l0EFH549GvHEqfjKvi+cRScxLWbaoeLm9wxVQ= @@ -81,8 +83,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresource github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resourcehealth/armresourcehealth v1.3.0/go.mod h1:AN7AudLmrOvJlt7ormR1M5splG0TkZ4xyAqEIMIwTB0= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.3.0 h1:HpCtTs500PzKoBWKBLZVFEG9Zh20f7cAFbWj8D9JWkg= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.3.0/go.mod h1:3uruTckNIGQ4iNsvAs/qrLgWBoS1pA7pCzHFmTFU+LU= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.4.0 h1:zBdabY8pMSMLPb1XJnFSEdJi9Bd0h+VMjh1uU8B6Yp8= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch v1.4.0/go.mod h1:Y2Q3nB3UfSnG9nALOpPAjflXPM3jL/n2ZmYIu2Occ9g= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus v1.2.0 h1:jngSeKBnzC7qIk3rvbWHsLI7eeasEucORHWr2CHX0Yg= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/servicebus/armservicebus v1.2.0/go.mod h1:1YXAxWw6baox+KafeQU2scy21/4IHvqXoIJuCpcvpMQ= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/signalr/armsignalr v1.2.0 h1:Y8CF7FyuVVDyX5W6Azwjj3PpwUZVbXBOCyQytv/0QEA= @@ -97,8 +99,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 h1:nCYfg github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0/go.mod h1:ucUjca2JtSZboY8IoUqyQyuuXvwbMBVwFOm0vdQPNhA= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0 h1:RTTsXUJWn0jumeX62Mb153wYXykqnrzYBYDeHp0kiuk= github.com/Azure/azure-sdk-for-go/sdk/tracing/azotel v0.4.0/go.mod h1:k4MMjrPHIEK+umaMGk1GNLgjEybJZ9mHSRDZ+sDFv3Y= -github.com/Azure/azure-service-operator/v2 v2.13.0 h1:24xDkuGOjSDKKkthECRo/I76slmlt3u0buYQ4rvX3pQ= -github.com/Azure/azure-service-operator/v2 v2.13.0/go.mod h1:3xfZMZm4yjdcjr3lh1kWqP2dtvZS/nCy7wpNERYDatg= +github.com/Azure/azure-service-operator/v2 v2.16.0 h1:dQhwA4Bnvqfxyd+IGCFyHP/s5Q1e0oGj8d209qRBeXY= +github.com/Azure/azure-service-operator/v2 v2.16.0/go.mod h1:fOuOu1LCm69WQg48nTyW+1juzzucKQvOcqs9OFM47bg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/msi-dataplane v0.4.3 h1:dWPWzY4b54tLIR9T1Q014Xxd/1DxOsMIp6EjRFAJlQY= @@ -206,14 +208,16 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA= -github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= +github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk= +github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= -github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU= -github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= +github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU= +github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo= +github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo= +github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= @@ -279,12 +283,12 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.4 h1:9wKznZrhWa2QiHL+NjTSPP6yjl3451BX3imWDnokYlg= -github.com/jackc/pgx/v5 v5.7.4/go.mod h1:ncY89UGWxg82EykZUwSpUKEfccBGGYq1xjrOpsbsfGQ= +github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk= +github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= -github.com/jellydator/ttlcache/v3 v3.3.0 h1:BdoC9cE81qXfrxeb9eoJi9dWrdhSuwXMAnHTbnBm4Wc= -github.com/jellydator/ttlcache/v3 v3.3.0/go.mod h1:bj2/e0l4jRnQdrnSTaGTsh4GSXvMjQcy41i7th0GVGw= +github.com/jellydator/ttlcache/v3 v3.4.0 h1:YS4P125qQS0tNhtL6aeYkheEaB/m8HCqdMMP4mnWdTY= +github.com/jellydator/ttlcache/v3 v3.4.0/go.mod h1:Hw9EgjymziQD3yGsQdf1FqFdpp7YjFMd4Srg5EJlgD4= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/joshdk/go-junit v1.0.0 h1:S86cUKIdwBHWwA6xCmFlf3RTLfVXYQfvanM5Uh+K6GE= @@ -321,8 +325,26 @@ github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6T github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/microsoft/go-mssqldb v1.8.0 h1:7cyZ/AT7ycDsEoWPIXibd+aVKFtteUNhDGf3aobP+tw= -github.com/microsoft/go-mssqldb v1.8.0/go.mod h1:6znkekS3T2vp0waiMhen4GPU1BiAsrP+iXHcE7a7rFo= +github.com/microsoft/go-mssqldb v1.9.3 h1:hy4p+LDC8LIGvI3JATnLVmBOLMJbmn5X400mr5j0lPs= +github.com/microsoft/go-mssqldb v1.9.3/go.mod h1:GBbW9ASTiDC+mpgWDGKdm3FnFLTUsLYN3iFL90lQ+PA= +github.com/microsoft/kiota-abstractions-go v1.9.3 h1:cqhbqro+VynJ7kObmo7850h3WN2SbvoyhypPn8uJ1SE= +github.com/microsoft/kiota-abstractions-go v1.9.3/go.mod h1:f06pl3qSyvUHEfVNkiRpXPkafx7khZqQEb71hN/pmuU= +github.com/microsoft/kiota-authentication-azure-go v1.3.1 h1:AGta92S6IL1E6ZMDb8YYB7NVNTIFUakbtLKUdY5RTuw= +github.com/microsoft/kiota-authentication-azure-go v1.3.1/go.mod h1:26zylt2/KfKwEWZSnwHaMxaArpbyN/CuzkbotdYXF0g= +github.com/microsoft/kiota-http-go v1.5.4 h1:wSUmL1J+bTQlAWHjbRkSwr+SPAkMVYeYxxB85Zw0KFs= +github.com/microsoft/kiota-http-go v1.5.4/go.mod h1:L+5Ri+SzwELnUcNA0cpbFKp/pBbvypLh3Cd1PR6sjx0= +github.com/microsoft/kiota-serialization-form-go v1.1.2 h1:SD6MATqNw+Dc5beILlsb/D87C36HKC/Zw7l+N9+HY2A= +github.com/microsoft/kiota-serialization-form-go v1.1.2/go.mod h1:m4tY2JT42jAZmgbqFwPy3zGDF+NPJACuyzmjNXeuHio= +github.com/microsoft/kiota-serialization-json-go v1.1.2 h1:eJrPWeQ665nbjO0gsHWJ0Bw6V/ZHHU1OfFPaYfRG39k= +github.com/microsoft/kiota-serialization-json-go v1.1.2/go.mod h1:deaGt7fjZarywyp7TOTiRsjfYiyWxwJJPQZytXwYQn8= +github.com/microsoft/kiota-serialization-multipart-go v1.1.2 h1:1pUyA1QgIeKslQwbk7/ox1TehjlCUUT3r1f8cNlkvn4= +github.com/microsoft/kiota-serialization-multipart-go v1.1.2/go.mod h1:j2K7ZyYErloDu7Kuuk993DsvfoP7LPWvAo7rfDpdPio= +github.com/microsoft/kiota-serialization-text-go v1.1.3 h1:8z7Cebn0YAAr++xswVgfdxZjnAZ4GOB9O7XP4+r5r/M= +github.com/microsoft/kiota-serialization-text-go v1.1.3/go.mod h1:NDSvz4A3QalGMjNboKKQI9wR+8k+ih8UuagNmzIRgTQ= +github.com/microsoftgraph/msgraph-sdk-go v1.87.0 h1:N+BSwQggS4aC/WsImtwJ+FijMUm4RisOvYQx7j5PGtk= +github.com/microsoftgraph/msgraph-sdk-go v1.87.0/go.mod h1:UdZWxbZiFvjPug9DYayD90JNiHjXyNRA39lEpcy3Kms= +github.com/microsoftgraph/msgraph-sdk-go-core v1.4.0 h1:0SrIoFl7TQnMRrsi5TFaeNe0q8KO5lRzRp4GSCCL2So= +github.com/microsoftgraph/msgraph-sdk-go-core v1.4.0/go.mod h1:A1iXs+vjsRjzANxF6UeKv2ACExG7fqTwHHbwh1FL+EE= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= @@ -400,8 +422,8 @@ github.com/rotisserie/eris v0.5.4/go.mod h1:Z/kgYTJiJtocxCbFfvRmO+QejApzG6zpyky9 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc= github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik= -github.com/samber/lo v1.51.0 h1:kysRYLbHy/MB7kQZf5DSN50JHmMsNEdeY24VzJFu7wI= -github.com/samber/lo v1.51.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= +github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw= +github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -419,6 +441,8 @@ github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU= github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY= +github.com/std-uritemplate/std-uritemplate/go/v2 v2.0.3 h1:7hth9376EoQEd1hH4lAp3vnaLP2UMyxuMMghLKzDHyU= +github.com/std-uritemplate/std-uritemplate/go/v2 v2.0.3/go.mod h1:Z5KcoM0YLC7INlNhEezeIZ0TZNYf7WSNO0Lvah4DSeQ= github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs= github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -514,8 +538,8 @@ golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY= golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY= golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= +golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= diff --git a/main.go b/main.go index 36db4f8c003..8daad0cd88d 100644 --- a/main.go +++ b/main.go @@ -24,11 +24,9 @@ import ( "time" // +kubebuilder:scaffold:imports - asocontainerservicev1api20210501 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20210501" asocontainerservicev1api20230201 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230201" asocontainerservicev1api20230315preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20230315preview" asocontainerservicev1api20231001 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1api20231102preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" asocontainerservicev1api20240402preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" asocontainerservicev1api20240901 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" asokubernetesconfigurationv1 "github.com/Azure/azure-service-operator/v2/api/kubernetesconfiguration/v1api20230501" @@ -83,13 +81,11 @@ func init() { _ = clusterv1.AddToScheme(scheme) _ = bootstrapv1.AddToScheme(scheme) _ = asoresourcesv1.AddToScheme(scheme) - _ = asocontainerservicev1api20210501.AddToScheme(scheme) _ = asocontainerservicev1api20230201.AddToScheme(scheme) _ = asocontainerservicev1api20231001.AddToScheme(scheme) _ = asonetworkv1api20220701.AddToScheme(scheme) _ = asonetworkv1api20201101.AddToScheme(scheme) _ = asocontainerservicev1api20230315preview.AddToScheme(scheme) - _ = asocontainerservicev1api20231102preview.AddToScheme(scheme) _ = asocontainerservicev1api20240402preview.AddToScheme(scheme) _ = asocontainerservicev1api20240901.AddToScheme(scheme) _ = asokubernetesconfigurationv1.AddToScheme(scheme) diff --git a/pkg/mutators/azureasomanagedcontrolplane.go b/pkg/mutators/azureasomanagedcontrolplane.go index 7db6fa1eb26..bce23509f01 100644 --- a/pkg/mutators/azureasomanagedcontrolplane.go +++ b/pkg/mutators/azureasomanagedcontrolplane.go @@ -31,7 +31,7 @@ import ( // then updated to the user-defined value. If the field is immutable, this // update will fail. The linter should catch if there are missing fields, // but verify that check is actually working. - asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901/storage" + asocontainerservicev1hub "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20250801/storage" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" "sigs.k8s.io/cluster-api/util" @@ -333,12 +333,15 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a EnableFIPS: hubPool.Spec.EnableFIPS, EnableNodePublicIP: hubPool.Spec.EnableNodePublicIP, EnableUltraSSD: hubPool.Spec.EnableUltraSSD, + GatewayProfile: hubPool.Spec.GatewayProfile, GpuInstanceProfile: hubPool.Spec.GpuInstanceProfile, + GpuProfile: hubPool.Spec.GpuProfile, HostGroupReference: hubPool.Spec.HostGroupReference, KubeletConfig: hubPool.Spec.KubeletConfig, KubeletDiskType: hubPool.Spec.KubeletDiskType, LinuxOSConfig: hubPool.Spec.LinuxOSConfig, MaxCount: hubPool.Spec.MaxCount, + MessageOfTheDay: hubPool.Spec.MessageOfTheDay, MaxPods: hubPool.Spec.MaxPods, MinCount: hubPool.Spec.MinCount, Mode: hubPool.Spec.Mode, @@ -352,6 +355,7 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a OsDiskType: hubPool.Spec.OsDiskType, OsSKU: hubPool.Spec.OsSKU, OsType: hubPool.Spec.OsType, + PodIPAllocationMode: hubPool.Spec.PodIPAllocationMode, PodSubnetReference: hubPool.Spec.PodSubnetReference, PowerState: hubPool.Spec.PowerState, PropertyBag: hubPool.Spec.PropertyBag, @@ -364,6 +368,8 @@ func setAgentPoolProfilesFromAgentPools(managedCluster conversion.Convertible, a Tags: hubPool.Spec.Tags, Type: hubPool.Spec.Type, UpgradeSettings: hubPool.Spec.UpgradeSettings, + VirtualMachineNodesStatus: hubPool.Spec.VirtualMachineNodesStatus, + VirtualMachinesProfile: hubPool.Spec.VirtualMachinesProfile, VmSize: hubPool.Spec.VmSize, VnetSubnetReference: hubPool.Spec.VnetSubnetReference, WindowsProfile: hubPool.Spec.WindowsProfile, diff --git a/pkg/mutators/azureasomanagedcontrolplane_test.go b/pkg/mutators/azureasomanagedcontrolplane_test.go index eb4d3d460b3..63e4a655af2 100644 --- a/pkg/mutators/azureasomanagedcontrolplane_test.go +++ b/pkg/mutators/azureasomanagedcontrolplane_test.go @@ -23,7 +23,7 @@ import ( "testing" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" "github.com/Azure/azure-service-operator/v2/pkg/genruntime" "github.com/google/go-cmp/cmp" . "github.com/onsi/gomega" diff --git a/test/e2e/aks_patches.go b/test/e2e/aks_patches.go index dcd1d75b502..2357d854817 100644 --- a/test/e2e/aks_patches.go +++ b/test/e2e/aks_patches.go @@ -26,7 +26,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/test/e2e/azure_clusterproxy.go b/test/e2e/azure_clusterproxy.go index 3aae66ffa85..e2a471d3d12 100644 --- a/test/e2e/azure_clusterproxy.go +++ b/test/e2e/azure_clusterproxy.go @@ -35,7 +35,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" - asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231102preview" + asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" From 97a294b0cdbb2448978b7062249fe1fb75eae1c3 Mon Sep 17 00:00:00 2001 From: William Yao Date: Fri, 24 Apr 2026 09:11:08 -0700 Subject: [PATCH 44/61] Use upstream k8s images if no artifacts are built Signed-off-by: William Yao --- ...ter-template-prow-dalec-custom-builds.yaml | 105 +++++++++++++++++- .../patches/azl3-machine-deployment.yaml | 41 ++++++- .../patches/control-plane-custom-builds.yaml | 32 +++++- .../kubeadm-bootstrap-custom-builds.yaml | 32 +++++- 4 files changed, 204 insertions(+), 6 deletions(-) diff --git a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml index edf4103d911..618e885c186 100644 --- a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml +++ b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml @@ -204,7 +204,37 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi @@ -453,7 +483,37 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi @@ -817,7 +877,46 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + + # Clean up stale kubelet flags in /etc/sysconfig/kubelet. + # The gallery image may ship flags removed in newer k8s versions + # (e.g. --pod-infra-container-image was removed in v1.35). + if [ -f /etc/sysconfig/kubelet ]; then + echo "Sanitizing /etc/sysconfig/kubelet for $${TARGET_VERSION}" + sed -i 's/--pod-infra-container-image=[^ ]*//g' /etc/sysconfig/kubelet + fi + + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml index 93a552ccf3c..37ab535586d 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/azl3-machine-deployment.yaml @@ -110,7 +110,46 @@ spec: [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + + # Clean up stale kubelet flags in /etc/sysconfig/kubelet. + # The gallery image may ship flags removed in newer k8s versions + # (e.g. --pod-infra-container-image was removed in v1.35). + if [ -f /etc/sysconfig/kubelet ]; then + echo "Sanitizing /etc/sysconfig/kubelet for $${TARGET_VERSION}" + sed -i 's/--pod-infra-container-image=[^ ]*//g' /etc/sysconfig/kubelet + fi + + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml index f636c822e73..96b020d347f 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/control-plane-custom-builds.yaml @@ -25,7 +25,37 @@ [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi diff --git a/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml b/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml index d869355c52d..77850b73921 100644 --- a/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml +++ b/templates/test/ci/prow-dalec-custom-builds/patches/kubeadm-bootstrap-custom-builds.yaml @@ -25,7 +25,37 @@ [[ -n "${KUBELET_REVISION}" ]] && ANY_REVISION_SET="true" if [[ "$${ANY_REVISION_SET}" != "true" ]]; then - echo "No *_REVISION variables set. Skipping binary replacement." + # No dalec revisions set — download official upstream binaries from + # dl.k8s.io to ensure binaries match the dalec container image version. + TARGET_VERSION="v$${VERSION}" + + echo "============================================================" + echo "DALEC IMAGE-ONLY TEST: No dalec binary revisions set." + echo "Downloading official upstream binaries ($${TARGET_VERSION})" + echo "from dl.k8s.io for version consistency with dalec images." + echo "============================================================" + + # Download all binaries to temp files first, then replace + DOWNLOAD_DIR=$$(mktemp -d) + ALL_UPSTREAM_BINARIES=("kubeadm" "kubectl" "kubelet") + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + DL_URL="https://dl.k8s.io/release/$${TARGET_VERSION}/bin/linux/amd64/$${BINARY}" + echo "* downloading $${BINARY} $${TARGET_VERSION} from $${DL_URL}" + curl --fail --location --retry 10 --retry-delay 5 "$${DL_URL}" --output "$${DOWNLOAD_DIR}/$${BINARY}" + chmod +x "$${DOWNLOAD_DIR}/$${BINARY}" + done + + # All downloads succeeded — now stop kubelet and replace binaries + systemctl stop kubelet + for BINARY in "$${ALL_UPSTREAM_BINARIES[@]}"; do + mv "$${DOWNLOAD_DIR}/$${BINARY}" "/usr/bin/$${BINARY}" + done + rm -rf "$${DOWNLOAD_DIR}" + systemctl restart kubelet + + echo "kubeadm version: $(kubeadm version -o=short)" + echo "kubectl version: $(kubectl version --client=true)" + echo "kubelet version: $(kubelet --version)" exit 0 fi From b26a7b1bfd1a83c38bb73f33c991a19e86083ec2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 15:54:39 +0000 Subject: [PATCH 45/61] dependabot(deps): bump github.com/onsi/ginkgo/v2 from 2.28.1 to 2.28.2 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.28.1 to 2.28.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.28.1...v2.28.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.28.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2409249d9c8..0dca70aca5a 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/google/uuid v1.6.0 github.com/hashicorp/go-retryablehttp v0.7.8 github.com/hashicorp/golang-lru v1.0.2 - github.com/onsi/ginkgo/v2 v2.28.1 + github.com/onsi/ginkgo/v2 v2.28.2 github.com/onsi/gomega v1.39.1 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.10 diff --git a/go.sum b/go.sum index 08b85e8c8a4..cdcb1b8e367 100644 --- a/go.sum +++ b/go.sum @@ -379,8 +379,8 @@ github.com/olekukonko/ll v0.1.1 h1:9Dfeed5/Mgaxb9lHRAftLK9pVfYETvHn+If6lywVhJc= github.com/olekukonko/ll v0.1.1/go.mod h1:2dJo+hYZcJMLMbKwHEWvxCUbAOLc/CXWS9noET22Mdo= github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8= github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo= -github.com/onsi/ginkgo/v2 v2.28.1 h1:S4hj+HbZp40fNKuLUQOYLDgZLwNUVn19N3Atb98NCyI= -github.com/onsi/ginkgo/v2 v2.28.1/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= +github.com/onsi/ginkgo/v2 v2.28.2 h1:DTrMfpqxiNUyQ3Y0zhn1n3cOO2euFgQPYIpkWwxVFps= +github.com/onsi/ginkgo/v2 v2.28.2/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From 51fec6a4ce14b596ee3785479d9fb87391d777f6 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 29 Apr 2026 09:43:13 -0600 Subject: [PATCH 46/61] Bump CAPI to v1.13.1 --- Makefile | 2 +- Tiltfile | 2 +- .../getting-started-with-capi-operator.md | 2 +- go.mod | 26 +++++----- go.sum | 52 +++++++++---------- hack/tools/go.mod | 8 +-- hack/tools/go.sum | 16 +++--- test/e2e/config/azure-dev.yaml | 18 +++---- 8 files changed, 63 insertions(+), 63 deletions(-) diff --git a/Makefile b/Makefile index 18d7a5c0a78..c73f52c8076 100644 --- a/Makefile +++ b/Makefile @@ -365,7 +365,7 @@ create-management-cluster: $(KUSTOMIZE) $(ENVSUBST) $(KUBECTL) $(KIND) ## Create ./hack/create-custom-cloud-provider-config.sh # Deploy CAPI - timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" + timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/cluster-api-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" # Deploy CAAPH timeout --foreground 300 bash -c "until curl --retry $(CURL_RETRIES) -sSL https://github.com/kubernetes-sigs/cluster-api-addon-provider-helm/releases/download/v0.6.2/addon-components.yaml | $(ENVSUBST) | $(KUBECTL) apply -f - --server-side=true; do sleep 5; done" diff --git a/Tiltfile b/Tiltfile index e52c119083a..b1e94ed7e66 100644 --- a/Tiltfile +++ b/Tiltfile @@ -22,7 +22,7 @@ settings = { "deploy_cert_manager": True, "preload_images_for_kind": True, "kind_cluster_name": "capz", - "capi_version": "v1.13.0", + "capi_version": "v1.13.1", "caaph_version": "v0.6.2", "cert_manager_version": "v1.20.2", "kubernetes_version": "v1.35.4", diff --git a/docs/book/src/developers/getting-started-with-capi-operator.md b/docs/book/src/developers/getting-started-with-capi-operator.md index a30b27dd056..c3e6d472813 100644 --- a/docs/book/src/developers/getting-started-with-capi-operator.md +++ b/docs/book/src/developers/getting-started-with-capi-operator.md @@ -120,7 +120,7 @@ helm install cert-manager jetstack/cert-manager --namespace cert-manager --creat Create a `values.yaml` file for the CAPI Operator Helm chart like so: ```yaml -core: "cluster-api:v1.13.0" +core: "cluster-api:v1.13.1" infrastructure: "azure:v1.17.2" addon: "helm:v0.6.2" manager: diff --git a/go.mod b/go.mod index 0dca70aca5a..0c40d01c59d 100644 --- a/go.mod +++ b/go.mod @@ -47,17 +47,17 @@ require ( golang.org/x/mod v0.35.0 golang.org/x/text v0.36.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.35.3 - k8s.io/apimachinery v0.35.3 - k8s.io/client-go v0.35.3 - k8s.io/cluster-bootstrap v0.35.3 - k8s.io/component-base v0.35.3 + k8s.io/api v0.35.4 + k8s.io/apimachinery v0.35.4 + k8s.io/client-go v0.35.4 + k8s.io/cluster-bootstrap v0.35.4 + k8s.io/component-base v0.35.4 k8s.io/klog/v2 v2.130.1 k8s.io/kubectl v0.34.2 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 sigs.k8s.io/cloud-provider-azure v1.34.3 - sigs.k8s.io/cluster-api v1.13.0 - sigs.k8s.io/cluster-api/test v1.13.0 + sigs.k8s.io/cluster-api v1.13.1 + sigs.k8s.io/cluster-api/test v1.13.1 sigs.k8s.io/controller-runtime v0.23.3 sigs.k8s.io/kind v0.31.0 ) @@ -95,7 +95,7 @@ require ( github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/go-connections v0.6.0 // indirect + github.com/docker/go-connections v0.7.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect github.com/emicklei/go-restful/v3 v3.13.0 // indirect @@ -139,8 +139,8 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect - github.com/moby/moby/api v1.54.1 // indirect - github.com/moby/moby/client v0.4.0 // indirect + github.com/moby/moby/api v1.54.2 // indirect + github.com/moby/moby/client v0.4.1 // indirect github.com/moby/spdystream v0.5.1 // indirect github.com/moby/term v0.5.2 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -199,8 +199,8 @@ require ( google.golang.org/protobuf v1.36.11 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/apiextensions-apiserver v0.35.3 // indirect - k8s.io/apiserver v0.35.3 // indirect + k8s.io/apiextensions-apiserver v0.35.4 // indirect + k8s.io/apiserver v0.35.4 // indirect k8s.io/cli-runtime v0.34.2 // indirect k8s.io/cloud-provider v0.34.0 // indirect k8s.io/component-helpers v0.34.2 // indirect @@ -212,6 +212,6 @@ require ( sigs.k8s.io/kustomize/api v0.20.1 // indirect sigs.k8s.io/kustomize/kyaml v0.20.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect sigs.k8s.io/yaml v1.6.0 // indirect ) diff --git a/go.sum b/go.sum index cdcb1b8e367..2023b4db50f 100644 --- a/go.sum +++ b/go.sum @@ -167,8 +167,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= -github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= +github.com/docker/go-connections v0.7.0 h1:6SsRfJddP22WMrCkj19x9WKjEDTB+ahsdiGYf0mN39c= +github.com/docker/go-connections v0.7.0/go.mod h1:no1qkHdjq7kLMGUXYAduOhYPSJxxvgWBh7ogVvptn3Q= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 h1:7QPwrLT79GlD5sizHf27aoY2RTvw62mO6x7mxkScNk0= @@ -351,10 +351,10 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= -github.com/moby/moby/api v1.54.1 h1:TqVzuJkOLsgLDDwNLmYqACUuTehOHRGKiPhvH8V3Nn4= -github.com/moby/moby/api v1.54.1/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= -github.com/moby/moby/client v0.4.0 h1:S+2XegzHQrrvTCvF6s5HFzcrywWQmuVnhOXe2kiWjIw= -github.com/moby/moby/client v0.4.0/go.mod h1:QWPbvWchQbxBNdaLSpoKpCdf5E+WxFAgNHogCWDoa7g= +github.com/moby/moby/api v1.54.2 h1:wiat9QAhnDQjA7wk1kh/TqHz2I1uUA7M7t9SAl/JNXg= +github.com/moby/moby/api v1.54.2/go.mod h1:+RQ6wluLwtYaTd1WnPLykIDPekkuyD/ROWQClE83pzs= +github.com/moby/moby/client v0.4.1 h1:DMQgisVoMkmMs7fp3ROSdiBnoAu8+vo3GggFl06M/wY= +github.com/moby/moby/client v0.4.1/go.mod h1:z52C9O2POPOsnxZAy//WtKcQ32P+jT/NGeXu/7nfjGQ= github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= @@ -570,24 +570,24 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= -k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= -k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= -k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= +k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988= +k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU= +k8s.io/apiextensions-apiserver v0.35.4 h1:HeP+Upp7ItdvnyGmub0yoix+2z5+ev4M5cE5TCgtOUU= +k8s.io/apiextensions-apiserver v0.35.4/go.mod h1:ogQlk+stIE8mnoRthSYCwlOS12fVqgWFiErMwPaXA7c= +k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= +k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= +k8s.io/apiserver v0.35.4 h1:vtuFqNFmF9bPRdHDL2lpK6qCTPWDreZJL4LRPwVM6ho= +k8s.io/apiserver v0.35.4/go.mod h1:JnBcb+J8kFXKpZkgcbcUnPBBHi4qgBii1I7dLxFY/oo= k8s.io/cli-runtime v0.34.2 h1:cct1GEuWc3IyVT8MSCoIWzRGw9HJ/C5rgP32H60H6aE= k8s.io/cli-runtime v0.34.2/go.mod h1:X13tsrYexYUCIq8MarCBy8lrm0k0weFPTpcaNo7lms4= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= +k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8= +k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY= k8s.io/cloud-provider v0.34.0 h1:OgrNE+WSgfvDBQf6WS9qFM7Xr37bc0Og5kkL4hyWDmU= k8s.io/cloud-provider v0.34.0/go.mod h1:JbMa0t6JIGDMLI7Py6bdp9TN6cfuHrWGq+E/X+Ljkmo= -k8s.io/cluster-bootstrap v0.35.3 h1:fDSLN5jLBX6SdEB3EOaOmVytfpLkhUzEpfdijRNkGPs= -k8s.io/cluster-bootstrap v0.35.3/go.mod h1:Sr0FYu1mGqLOrtrPBBh2U323YtTBiIo2oue4w2VvhHI= -k8s.io/component-base v0.35.3 h1:mbKbzoIMy7JDWS/wqZobYW1JDVRn/RKRaoMQHP9c4P0= -k8s.io/component-base v0.35.3/go.mod h1:IZ8LEG30kPN4Et5NeC7vjNv5aU73ku5MS15iZyvyMYk= +k8s.io/cluster-bootstrap v0.35.4 h1:XAOSQ+4dvUPdksaVHp/C9rq0XlFmF3UHkx4KGgNgaU4= +k8s.io/cluster-bootstrap v0.35.4/go.mod h1:9tlzRvPEjXAhKV2cok7pJLnMjiRgKZdT9IR3iJzksek= +k8s.io/component-base v0.35.4 h1:6n1tNJ87johN0Hif0Fs8K2GMthsaUwMqCebUDLYyv7U= +k8s.io/component-base v0.35.4/go.mod h1:qaDJgz5c1KYKla9occFmlJEfPpkuA55s90G509R+PeY= k8s.io/component-helpers v0.34.2 h1:RIUGDdU+QFzeVKLZ9f05sXTNAtJrRJ3bnbMLrogCrvM= k8s.io/component-helpers v0.34.2/go.mod h1:pLi+GByuRTeFjjcezln8gHL7LcT6HImkwVQ3A2SQaEE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= @@ -608,10 +608,10 @@ sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2 h1:7vEaYwdsvOz1OBAtEm6vyc4K sigs.k8s.io/cloud-provider-azure/pkg/azclient v0.9.2/go.mod h1:BgPOvGEdPTyaIWREF7pywm6teBhO3fNVQ+CTPYyr/5w= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4 h1:Sy+dyfxemdQaz/UfJYWzALlbLdEaZ7IoKn93JXTqWYs= sigs.k8s.io/cloud-provider-azure/pkg/azclient/configloader v0.8.4/go.mod h1:RgIi9n/PhULbvPjYZGsjP2zWJf1ZEd1qyA0CYUuSgcE= -sigs.k8s.io/cluster-api v1.13.0 h1:xX0vAQ/a9mv0OwW+Tlx/EqmIdPHQAMp+T+gxalSZ3gc= -sigs.k8s.io/cluster-api v1.13.0/go.mod h1:DNgWpqSGIc8tWI4vwCbgLhDcnDNuDZ2L/FQur4ulAW0= -sigs.k8s.io/cluster-api/test v1.13.0 h1:1MWOFmL4YzJDIvd3mPqOIIm0T/RSw6O7Ugge94vhBws= -sigs.k8s.io/cluster-api/test v1.13.0/go.mod h1:uN9BzpjtzUwDr9nClw95VldtT3L97ZsKiA/z5Dde3Rk= +sigs.k8s.io/cluster-api v1.13.1 h1:5qksGznSU1fJOXIxsI4EayTqG1Q9S0qJNp3HdsVm1KU= +sigs.k8s.io/cluster-api v1.13.1/go.mod h1:Hqq5yucu3OwPiAjNEh/O/zZX4dF63MD8Q6I0cwL/bUU= +sigs.k8s.io/cluster-api/test v1.13.1 h1:NimY83SFiO24J3GhF2Fw+iUcKzRPUY2Ev0wRPbogl2k= +sigs.k8s.io/cluster-api/test v1.13.1/go.mod h1:3FL7oJBT6ThT63TcbTigSNNXCXK/2CJ5b8ODbaVs3nk= sigs.k8s.io/controller-runtime v0.23.3 h1:VjB/vhoPoA9l1kEKZHBMnQF33tdCLQKJtydy4iqwZ80= sigs.k8s.io/controller-runtime v0.23.3/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= @@ -624,7 +624,7 @@ sigs.k8s.io/kustomize/kyaml v0.20.1 h1:PCMnA2mrVbRP3NIB6v9kYCAc38uvFLVs8j/CD567A sigs.k8s.io/kustomize/kyaml v0.20.1/go.mod h1:0EmkQHRUsJxY8Ug9Niig1pUMSCGHxQ5RklbpV/Ri6po= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 1aacfb6b49a..3799d08ff80 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -4,7 +4,7 @@ go 1.25.0 toolchain go1.25.9 -require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c +require sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260427114648-16d0a6538ef0 require ( github.com/fxamacker/cbor/v2 v2.9.0 // indirect @@ -22,13 +22,13 @@ require ( golang.org/x/tools v0.43.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/apiextensions-apiserver v0.35.3 // indirect - k8s.io/apimachinery v0.35.3 // indirect + k8s.io/apiextensions-apiserver v0.35.4 // indirect + k8s.io/apimachinery v0.35.4 // indirect k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect sigs.k8s.io/controller-tools v0.20.1 // indirect sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.2 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.4.0 // indirect ) diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 3e960d82a7b..902e0e2c981 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -72,25 +72,25 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/apiextensions-apiserver v0.35.3 h1:2fQUhEO7P17sijylbdwt0nBdXP0TvHrHj0KeqHD8FiU= -k8s.io/apiextensions-apiserver v0.35.3/go.mod h1:tK4Kz58ykRpwAEkXUb634HD1ZAegEElktz/B3jgETd8= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= +k8s.io/apiextensions-apiserver v0.35.4 h1:HeP+Upp7ItdvnyGmub0yoix+2z5+ev4M5cE5TCgtOUU= +k8s.io/apiextensions-apiserver v0.35.4/go.mod h1:ogQlk+stIE8mnoRthSYCwlOS12fVqgWFiErMwPaXA7c= +k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= +k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c h1:1KWb+zphK3devFi/geiLps3VhB8/5qxCmEGaVFXA5HQ= -sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260420175955-cf3d8f81e95c/go.mod h1:/gNJAf/oJ+1MId6ydMeUIFntI1mng8ZH0HTdVuJCC7o= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260427114648-16d0a6538ef0 h1:UWW+2n7ef4Cmnk+U5XwfY/fLT9Admg9wA3NZpMwQ/HY= +sigs.k8s.io/cluster-api/hack/tools v0.0.0-20260427114648-16d0a6538ef0/go.mod h1:zIKgABMegdCknbQ3HnEuOS74syLC3C5nIrc1HFtrv38= sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs= sigs.k8s.io/controller-tools v0.20.1/go.mod h1:b4qPmjGU3iZwqn34alUU5tILhNa9+VXK+J3QV0fT/uU= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2 h1:kwVWMx5yS1CrnFWA/2QHyRVJ8jM6dBA80uLmm0wJkk8= -sigs.k8s.io/structured-merge-diff/v6 v6.3.2/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0 h1:qmp2e3ZfFi1/jJbDGpD4mt3wyp6PE1NfKHCYLqgNQJo= +sigs.k8s.io/structured-merge-diff/v6 v6.4.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= diff --git a/test/e2e/config/azure-dev.yaml b/test/e2e/config/azure-dev.yaml index d5f1d6db9fd..4b8ce5b4275 100644 --- a/test/e2e/config/azure-dev.yaml +++ b/test/e2e/config/azure-dev.yaml @@ -5,15 +5,15 @@ images: loadBehavior: mustLoad - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.0 + - name: registry.k8s.io/cluster-api/cluster-api-controller:v1.13.1 loadBehavior: tryLoad - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.0 + - name: registry.k8s.io/cluster-api/kubeadm-bootstrap-controller:v1.13.1 loadBehavior: tryLoad - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.12.7 loadBehavior: tryLoad - - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.0 + - name: registry.k8s.io/cluster-api/kubeadm-control-plane-controller:v1.13.1 loadBehavior: tryLoad - name: registry.k8s.io/cluster-api-helm/cluster-api-helm-controller:v0.6.2 loadBehavior: tryLoad @@ -42,8 +42,8 @@ providers: new: "imagePullPolicy: IfNotPresent" - old: "- --leader-elect" new: "- --leader-elect\n - --remote-connection-grace-period=3m" - - name: v1.13.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/core-components.yaml + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/core-components.yaml type: url contract: v1beta2 files: @@ -75,8 +75,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.13.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/bootstrap-components.yaml + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/bootstrap-components.yaml type: url contract: v1beta2 files: @@ -106,8 +106,8 @@ providers: replacements: - old: "imagePullPolicy: Always" new: "imagePullPolicy: IfNotPresent" - - name: v1.13.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.0/control-plane-components.yaml + - name: v1.13.1 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.13.1/control-plane-components.yaml type: url contract: v1beta2 files: From dc662a2d89c19973f586e050de9bd8507f48e800 Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Thu, 30 Apr 2026 12:04:45 -0500 Subject: [PATCH 47/61] Remove fake FakeClient controller-runtime implemented server-side apply in the fake client. Our tests worked around its absence by wrapping it in our own FakeClient with some light-touch logic to make sure that an apply was invoked. Now, the fake client produces the expected side effects where we can GET the applied objects and inspect them directly. This produces simpler and more robust tests. --- ...easomanagedcontrolplane_controller_test.go | 121 +++++++-------- controllers/resource_reconciler_test.go | 142 ++++++------------ 2 files changed, 96 insertions(+), 167 deletions(-) diff --git a/controllers/azureasomanagedcontrolplane_controller_test.go b/controllers/azureasomanagedcontrolplane_controller_test.go index 5b8e35f0033..20e7aacb1f5 100644 --- a/controllers/azureasomanagedcontrolplane_controller_test.go +++ b/controllers/azureasomanagedcontrolplane_controller_test.go @@ -302,23 +302,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: false, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { - data, err := json.Marshal(obj) - g.Expect(err).NotTo(HaveOccurred()) - kubeconfigSecret := &corev1.Secret{} - g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) - g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -331,11 +318,19 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(err).NotTo(HaveOccurred()) g.Expect(result).To(Equal(ctrl.Result{})) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.ControlPlaneEndpoint.Host).To(Equal("endpoint")) g.Expect(asoManagedControlPlane.Status.Version).To(Equal("vCurrent")) - g.Expect(kubeConfigPatched).To(BeTrue()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeTrue()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) }) t.Run("successfully reconciles a kubeconfig with a token", func(t *testing.T) { @@ -431,31 +426,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: false, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { - data, err := json.Marshal(obj) - g.Expect(err).NotTo(HaveOccurred()) - kubeconfigSecret := &corev1.Secret{} - g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) - g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - - kubeconfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(kubeconfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { - return user.Exec == nil && - user.Token == "token" - }))) - - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -472,9 +446,23 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(result.Requeue).To(BeFalse()) //nolint:staticcheck g.Expect(result.RequeueAfter).NotTo(BeZero()) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) - g.Expect(kubeConfigPatched).To(BeTrue()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeTrue()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) + clientConfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(clientConfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { + return user.Exec == nil && + user.Token == "token" + }))) }) t.Run("successfully reconciles a kubeconfig with a token that has expired", func(t *testing.T) { @@ -570,31 +558,10 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { Ready: true, }, } - c := fakeClientBuilder(). - WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). - Build() - kubeConfigPatched := false r := &AzureASOManagedControlPlaneReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(_ context.Context, obj runtime.ApplyConfiguration, _ ...client.ApplyOption) error { - data, err := json.Marshal(obj) - g.Expect(err).NotTo(HaveOccurred()) - kubeconfigSecret := &corev1.Secret{} - g.Expect(json.Unmarshal(data, kubeconfigSecret)).To(Succeed()) - g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) - kubeConfigPatched = true - - kubeconfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(kubeconfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { - return user.Exec == nil && - user.Token == "token" - }))) - - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(cluster, asoManagedControlPlane, managedCluster, kubeconfig). + Build(), newResourceReconciler: func(_ *infrav1.AzureASOManagedControlPlane, _ []*unstructured.Unstructured) resourceReconciler { return &fakeResourceReconciler{ reconcileFunc: func(ctx context.Context, o client.Object) error { @@ -610,9 +577,23 @@ func TestAzureASOManagedControlPlaneReconcile(t *testing.T) { g.Expect(err).NotTo(HaveOccurred()) g.Expect(result).To(Equal(ctrl.Result{Requeue: true})) - g.Expect(c.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) - g.Expect(kubeConfigPatched).To(BeTrue()) + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(asoManagedControlPlane), asoManagedControlPlane)).To(Succeed()) g.Expect(asoManagedControlPlane.Status.Ready).To(BeFalse()) + + kubeconfigSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secret.Name(cluster.Name, secret.Kubeconfig), + Namespace: cluster.Namespace, + }, + } + g.Expect(r.Get(ctx, client.ObjectKeyFromObject(kubeconfigSecret), kubeconfigSecret)).To(Succeed()) + g.Expect(kubeconfigSecret.Data[secret.KubeconfigDataName]).NotTo(BeEmpty()) + clientConfig, err := clientcmd.Load(kubeconfigSecret.Data[secret.KubeconfigDataName]) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(clientConfig.AuthInfos).To(HaveEach(Satisfy(func(user *clientcmdapi.AuthInfo) bool { + return user.Exec == nil && + user.Token == "token" + }))) }) t.Run("successfully reconciles pause", func(t *testing.T) { diff --git a/controllers/resource_reconciler_test.go b/controllers/resource_reconciler_test.go index ffb79e7e21c..298b3da2872 100644 --- a/controllers/resource_reconciler_test.go +++ b/controllers/resource_reconciler_test.go @@ -17,14 +17,15 @@ limitations under the License. package controllers import ( - "context" "testing" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" - "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" + asoannotations "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" "github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions" "github.com/go-logr/logr" . "github.com/onsi/gomega" + "github.com/onsi/gomega/gstruct" + "github.com/onsi/gomega/types" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -39,29 +40,6 @@ import ( infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" ) -type FakeClient struct { - client.Client - // Override the Patch method because controller-runtime's doesn't really support - // server-side apply, so we make our own dollar store version: - // https://github.com/kubernetes-sigs/controller-runtime/issues/2341 - patchFunc func(context.Context, client.Object, client.Patch, ...client.PatchOption) error - applyFunc func(context.Context, runtime.ApplyConfiguration, ...client.ApplyOption) error -} - -func (c *FakeClient) Patch(ctx context.Context, obj client.Object, patch client.Patch, opts ...client.PatchOption) error { - if c.patchFunc == nil { - return c.Client.Patch(ctx, obj, patch, opts...) - } - return c.patchFunc(ctx, obj, patch, opts...) -} - -func (c *FakeClient) Apply(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { - if c.applyFunc == nil { - return c.Client.Apply(ctx, obj, opts...) - } - return c.applyFunc(ctx, obj, opts...) -} - type FakeWatcher struct { watching map[string]struct{} } @@ -105,22 +83,11 @@ func TestResourceReconcilerReconcile(t *testing.T) { g := NewGomegaWithT(t) w := &FakeWatcher{} - c := fakeClientBuilder(). - Build() asoManagedCluster := &infrav1.AzureASOManagedCluster{} - unpatchedRGs := map[string]struct{}{} r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { - o := obj.(client.Object) - g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) - delete(unpatchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder().Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -140,7 +107,6 @@ func TestResourceReconcilerReconcile(t *testing.T) { err := r.Reconcile(ctx) g.Expect(err).NotTo(HaveOccurred()) g.Expect(w.watching).To(BeEmpty()) - g.Expect(unpatchedRGs).To(BeEmpty()) // all expected resources were patched g.Expect(asoManagedCluster.Annotations).To(HaveKeyWithValue(ownedKindsAnnotation, getOwnedKindsValue([]schema.GroupVersionKind{asoresourcesv1.GroupVersion.WithKind("ResourceGroup")}))) resourcesStatuses := asoManagedCluster.Status.Resources @@ -149,6 +115,10 @@ func TestResourceReconcilerReconcile(t *testing.T) { g.Expect(resourcesStatuses[0].Ready).To(BeFalse()) g.Expect(resourcesStatuses[1].Resource.Name).To(Equal("rg2")) g.Expect(resourcesStatuses[1].Ready).To(BeFalse()) + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(BeEmpty(), "Resources should not have been created") }) t.Run("create resources with acknowledged types", func(t *testing.T) { @@ -163,23 +133,9 @@ func TestResourceReconcilerReconcile(t *testing.T) { } w := &FakeWatcher{} - c := fakeClientBuilder(). - Build() - unpatchedRGs := map[string]struct{}{ - "rg1": {}, - "rg2": {}, - } r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { - o := obj.(client.Object) - g.Expect(unpatchedRGs).To(HaveKey(o.GetName())) - delete(unpatchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder().Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -216,7 +172,6 @@ func TestResourceReconcilerReconcile(t *testing.T) { err := r.Reconcile(ctx) g.Expect(err).NotTo(HaveOccurred()) g.Expect(w.watching).To(HaveKey("ResourceGroup.resources.azure.com")) - g.Expect(unpatchedRGs).To(BeEmpty()) // all expected resources were patched g.Expect(asoManagedCluster.Annotations).To(HaveKeyWithValue(ownedKindsAnnotation, getOwnedKindsValue([]schema.GroupVersionKind{asoresourcesv1.GroupVersion.WithKind("ResourceGroup")}))) resourcesStatuses := asoManagedCluster.Status.Resources @@ -225,6 +180,13 @@ func TestResourceReconcilerReconcile(t *testing.T) { g.Expect(resourcesStatuses[0].Ready).To(BeTrue()) g.Expect(resourcesStatuses[1].Resource.Name).To(Equal("rg2")) g.Expect(resourcesStatuses[1].Ready).To(BeFalse()) + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(ConsistOf( + HaveField("Name", "rg1"), + HaveField("Name", "rg2"), + ), "Expected ResourceGroups should have been created") }) t.Run("delete stale resources", func(t *testing.T) { @@ -280,17 +242,10 @@ func TestResourceReconcilerReconcile(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -401,25 +356,10 @@ func TestResourceReconcilerPause(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - - var patchedRGs []string r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - applyFunc: func(ctx context.Context, obj runtime.ApplyConfiguration, opts ...client.ApplyOption) error { - o := obj.(client.Object) - g.Expect(o.GetAnnotations()).To(HaveKeyWithValue(annotations.ReconcilePolicy, string(annotations.ReconcilePolicySkip))) - if err := c.Get(ctx, client.ObjectKeyFromObject(o), &asoresourcesv1.ResourceGroup{}); err != nil { - // propagate errors like "NotFound" - return err - } - patchedRGs = append(patchedRGs, o.GetName()) - return nil - }, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), resources: []*unstructured.Unstructured{ rgJSON(g, s, &asoresourcesv1.ResourceGroup{ ObjectMeta: metav1.ObjectMeta{ @@ -441,7 +381,24 @@ func TestResourceReconcilerPause(t *testing.T) { } g.Expect(r.Pause(ctx)).To(Succeed()) - g.Expect(patchedRGs).To(ConsistOf("rg1", "rg2")) + + haveNameAndAnnotations := func(name string, haveAnnotations types.GomegaMatcher) types.GomegaMatcher { + return gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ + "ObjectMeta": gstruct.MatchFields(gstruct.IgnoreExtras, gstruct.Fields{ + "Name": Equal(name), + "Annotations": haveAnnotations, + }), + }) + } + + resourceGroups := new(asoresourcesv1.ResourceGroupList) + g.Expect(r.List(ctx, resourceGroups)).To(Succeed()) + g.Expect(resourceGroups.Items).To(ConsistOf( + haveNameAndAnnotations("deleted from spec", BeEmpty()), + haveNameAndAnnotations("not-yet-created", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + haveNameAndAnnotations("rg1", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + haveNameAndAnnotations("rg2", HaveKeyWithValue(asoannotations.ReconcilePolicy, string(asoannotations.ReconcilePolicySkip))), + ), "Expected ResourceGroups should have been updated") }) } @@ -506,14 +463,10 @@ func TestResourceReconcilerDelete(t *testing.T) { }, } - c := fakeClientBuilder(). - WithObjects(objs...). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - }, + Client: fakeClientBuilder(). + WithObjects(objs...). + Build(), owner: owner, } @@ -541,14 +494,9 @@ func TestResourceReconcilerDelete(t *testing.T) { }, } - c := fakeClientBuilder(). - Build() - r := &ResourceReconciler{ - Client: &FakeClient{ - Client: c, - }, - owner: owner, + Client: fakeClientBuilder().Build(), + owner: owner, } g.Expect(r.Delete(ctx)).To(Succeed()) From 4a8e9f11d196327f9e864caa07f9e769be646252 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Fri, 1 May 2026 11:07:57 -0600 Subject: [PATCH 48/61] test/e2e: make collectNodes log dump best-effort The collectNodes helper runs from [AfterEach] to dump per-node logs and descriptions for the workload cluster. It currently uses Expect(...).To(Succeed()) when listing nodes, which turns any transient inability to reach the workload cluster API server into a hard spec failure during teardown. In practice the workload cluster's Azure load balancer / API server is sometimes briefly unreachable while the spec is being torn down, which has been causing otherwise-successful runs of the apiversion-upgrade job to fail in [AfterEach] with i/o timeout against *.cloudapp.azure.com:6443. Match the pattern already used a few lines above for streaming pod logs: log the error and continue instead of failing the spec. Signed-off-by: Matt Boersma --- test/e2e/azure_clusterproxy.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/test/e2e/azure_clusterproxy.go b/test/e2e/azure_clusterproxy.go index 26dfba9f6f3..ff29321a5ab 100644 --- a/test/e2e/azure_clusterproxy.go +++ b/test/e2e/azure_clusterproxy.go @@ -190,7 +190,14 @@ func (acp *AzureClusterProxy) collectNodes(ctx context.Context, namespace string workload := acp.GetWorkloadCluster(ctx, namespace, name) nodes := &corev1.NodeList{} - Expect(workload.GetClient().List(ctx, nodes)).To(Succeed()) + // Failing to collect node logs should not cause the test to fail. The workload cluster + // API server may be unreachable during teardown (for example due to a transient Azure + // load balancer / DNS issue), and we should not turn an otherwise-successful spec into + // a failure during [AfterEach] log collection. + if err := workload.GetClient().List(ctx, nodes); err != nil { + Logf("Failed to list nodes for workload cluster %s/%s: %v", namespace, name, err) + return + } var err error var nodeDescribe string From 2cccd52c1b544dd284bc54d12c30998120fb6bf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 16:30:38 +0000 Subject: [PATCH 49/61] dependabot(deps): bump the all-github-actions group with 2 updates Bumps the all-github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action). Updates `step-security/harden-runner` from 2.19.0 to 2.19.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450) Updates `github/codeql-action` from 4.35.2 to 4.35.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...e46ed2cbd01164d986452f91f178727624ae40d7) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/cover.yaml | 2 +- .github/workflows/dependabot-code-gen.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint-docs.yaml | 2 +- .github/workflows/release.yaml | 4 ++-- .github/workflows/scorecards.yml | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c6e4ab3c747..e560796e505 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/cover.yaml b/.github/workflows/cover.yaml index 5de3cf5b191..5182cac62e3 100644 --- a/.github/workflows/cover.yaml +++ b/.github/workflows/cover.yaml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/dependabot-code-gen.yml b/.github/workflows/dependabot-code-gen.yml index e3a5a6f86a4..a4d2b17982d 100644 --- a/.github/workflows/dependabot-code-gen.yml +++ b/.github/workflows/dependabot-code-gen.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Get Go version diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 4b8fb809f2e..6eb9643ed20 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit diff --git a/.github/workflows/lint-docs.yaml b/.github/workflows/lint-docs.yaml index 2794370b6fa..5ece52a856b 100644 --- a/.github/workflows/lint-docs.yaml +++ b/.github/workflows/lint-docs.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index be971c02dcf..cde79d35f3d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,7 +20,7 @@ jobs: release_tag: ${{ steps.release-version.outputs.release_version }} steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Checkout code @@ -92,7 +92,7 @@ jobs: needs: push_release_tag steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit - name: Set env diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ad904b77cc5..fef2022f0dd 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: sarif_file: results.sarif From 78fdbfefba4981c62a530b01a1c95c9de9e4c5a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 16:30:41 +0000 Subject: [PATCH 50/61] dependabot(deps): bump github.com/onsi/ginkgo/v2 from 2.28.2 to 2.28.3 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.28.2 to 2.28.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.28.2...v2.28.3) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-version: 2.28.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 0dca70aca5a..de7c1ad46e1 100644 --- a/go.mod +++ b/go.mod @@ -29,8 +29,8 @@ require ( github.com/google/uuid v1.6.0 github.com/hashicorp/go-retryablehttp v0.7.8 github.com/hashicorp/golang-lru v1.0.2 - github.com/onsi/ginkgo/v2 v2.28.2 - github.com/onsi/gomega v1.39.1 + github.com/onsi/ginkgo/v2 v2.28.3 + github.com/onsi/gomega v1.40.0 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.10 github.com/prometheus/client_golang v1.23.2 @@ -119,7 +119,7 @@ require ( github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-github/v82 v82.0.0 // indirect github.com/google/go-querystring v1.2.0 // indirect - github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect + github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect @@ -191,7 +191,7 @@ require ( golang.org/x/sys v0.43.0 // indirect golang.org/x/term v0.42.0 // indirect golang.org/x/time v0.14.0 // indirect - golang.org/x/tools v0.43.0 // indirect + golang.org/x/tools v0.44.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect diff --git a/go.sum b/go.sum index cdcb1b8e367..1f1cfe1242c 100644 --- a/go.sum +++ b/go.sum @@ -253,8 +253,8 @@ github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/vP9vJGqPwcdqsWjOt+V8J7+bTc= -github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936 h1:EwtI+Al+DeppwYX2oXJCETMO23COyaKGP6fHVpkpWpg= +github.com/google/pprof v0.0.0-20260402051712-545e8a4df936/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -379,10 +379,10 @@ github.com/olekukonko/ll v0.1.1 h1:9Dfeed5/Mgaxb9lHRAftLK9pVfYETvHn+If6lywVhJc= github.com/olekukonko/ll v0.1.1/go.mod h1:2dJo+hYZcJMLMbKwHEWvxCUbAOLc/CXWS9noET22Mdo= github.com/olekukonko/tablewriter v1.0.9 h1:XGwRsYLC2bY7bNd93Dk51bcPZksWZmLYuaTHR0FqfL8= github.com/olekukonko/tablewriter v1.0.9/go.mod h1:5c+EBPeSqvXnLLgkm9isDdzR3wjfBkHR9Nhfp3NWrzo= -github.com/onsi/ginkgo/v2 v2.28.2 h1:DTrMfpqxiNUyQ3Y0zhn1n3cOO2euFgQPYIpkWwxVFps= -github.com/onsi/ginkgo/v2 v2.28.2/go.mod h1:CLtbVInNckU3/+gC8LzkGUb9oF+e8W8TdUsxPwvdOgE= -github.com/onsi/gomega v1.39.1 h1:1IJLAad4zjPn2PsnhH70V4DKRFlrCzGBNrNaru+Vf28= -github.com/onsi/gomega v1.39.1/go.mod h1:hL6yVALoTOxeWudERyfppUcZXjMwIMLnuSfruD2lcfg= +github.com/onsi/ginkgo/v2 v2.28.3 h1:4JvMdwtFU0imd8fHx25OJXoDMRexnf8v5NHKYSTTji4= +github.com/onsi/ginkgo/v2 v2.28.3/go.mod h1:+aXOY+vzZ5mu2iI2HpTZUPmM//oQfsNFX6gU9kNcA44= +github.com/onsi/gomega v1.40.0 h1:Vtol0e1MghCD2ZVIilPDIg44XSL9l2QAn8ZNaljWcJc= +github.com/onsi/gomega v1.40.0/go.mod h1:M/Uqpu/8qTjtzCLUA2zJHX9Iilrau25x1PdoSRbWh5A= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= @@ -540,8 +540,8 @@ golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg= golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164= golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI= golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= -golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= -golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= +golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c= +golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI= gomodules.xyz/jsonpatch/v2 v2.5.0 h1:JELs8RLM12qJGXU4u/TO3V25KW8GreMKl9pdkk14RM0= gomodules.xyz/jsonpatch/v2 v2.5.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= From 61484a9e8025e512328921d39a59bc08a50e7e5c Mon Sep 17 00:00:00 2001 From: William Yao Date: Thu, 30 Apr 2026 12:47:30 -0700 Subject: [PATCH 51/61] Add E2E test for AKS maintenance configurations via ASO Signed-off-by: William Yao --- .codespellignore | 1 + Makefile | 2 +- config/aso/crds.yaml | 2159 +++++++++++++++++ config/aso/kustomization.yaml | 1 + ...er_label_in_maintenanceconfigurations.yaml | 7 + config/rbac/role.yaml | 2 + .../azuremanagedcontrolplane_controller.go | 2 + .../cluster-template-aks-aso-maintenance.yaml | 194 ++ .../aks-aso-maintenance/kustomization.yaml | 81 + test/e2e/aks_maintenance_configuration.go | 252 ++ test/e2e/azure_clusterproxy.go | 2 + test/e2e/azure_test.go | 9 + 12 files changed, 2711 insertions(+), 1 deletion(-) create mode 100644 config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml create mode 100644 templates/cluster-template-aks-aso-maintenance.yaml create mode 100644 templates/flavors/aks-aso-maintenance/kustomization.yaml create mode 100644 test/e2e/aks_maintenance_configuration.go diff --git a/.codespellignore b/.codespellignore index accc22264f2..907a2e2599a 100644 --- a/.codespellignore +++ b/.codespellignore @@ -7,3 +7,4 @@ shouldnot decorder overriden wit +ist diff --git a/Makefile b/Makefile index 18d7a5c0a78..00fed004ad4 100644 --- a/Makefile +++ b/Makefile @@ -183,7 +183,7 @@ WEBHOOK_ROOT ?= $(MANIFEST_ROOT)/webhook RBAC_ROOT ?= $(MANIFEST_ROOT)/rbac ASO_CRDS_PATH := $(MANIFEST_ROOT)/aso/crds.yaml ASO_VERSION := $(shell go list -m -f '{{ .Version }}' github.com/Azure/azure-service-operator/v2) -ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com managedclusters.containerservice.azure.com managedclustersagentpools.containerservice.azure.com bastionhosts.network.azure.com virtualnetworks.network.azure.com virtualnetworkssubnets.network.azure.com privateendpoints.network.azure.com fleetsmembers.containerservice.azure.com extensions.kubernetesconfiguration.azure.com +ASO_CRDS := resourcegroups.resources.azure.com natgateways.network.azure.com managedclusters.containerservice.azure.com managedclustersagentpools.containerservice.azure.com bastionhosts.network.azure.com virtualnetworks.network.azure.com virtualnetworkssubnets.network.azure.com privateendpoints.network.azure.com fleetsmembers.containerservice.azure.com extensions.kubernetesconfiguration.azure.com maintenanceconfigurations.containerservice.azure.com # Allow overriding the imagePullPolicy PULL_POLICY ?= Always diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index e815101e8ac..919afdecc63 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -5431,6 +5431,2165 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert + controller-gen.kubebuilder.io/version: v0.17.3 + labels: + app.kubernetes.io/name: azure-service-operator + app.kubernetes.io/version: v2.16.0 + name: maintenanceconfigurations.containerservice.azure.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: azureserviceoperator-webhook-service + namespace: azureserviceoperator-system + path: /convert + port: 443 + conversionReviewVersions: + - v1 + group: containerservice.azure.com + names: + categories: + - azure + - containerservice + kind: MaintenanceConfiguration + listKind: MaintenanceConfigurationList + plural: maintenanceconfigurations + singular: maintenanceconfiguration + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + maintenanceWindow: + description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' + properties: + durationHours: + description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' + maximum: 24 + minimum: 4 + type: integer + notAllowedDates: + description: |- + NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with + 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 + 22:00' to '2023-01-03 22:00' in UTC time. + items: + description: For example, between '2022-12-23' and '2023-01-05'. + properties: + end: + description: 'End: The end date of the date span.' + type: string + start: + description: 'Start: The start date of the date span.' + type: string + required: + - end + - start + type: object + type: array + schedule: + description: 'Schedule: Recurrence schedule for the maintenance window.' + properties: + absoluteMonthly: + description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' + properties: + dayOfMonth: + description: 'DayOfMonth: The date of the month.' + maximum: 31 + minimum: 1 + type: integer + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + maximum: 6 + minimum: 1 + type: integer + required: + - dayOfMonth + - intervalMonths + type: object + daily: + description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' + properties: + intervalDays: + description: 'IntervalDays: Specifies the number of days between each set of occurrences.' + maximum: 7 + minimum: 1 + type: integer + required: + - intervalDays + type: object + relativeMonthly: + description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + maximum: 6 + minimum: 1 + type: integer + weekIndex: + description: 'WeekIndex: Specifies on which week of the month the dayOfWeek applies.' + enum: + - First + - Fourth + - Last + - Second + - Third + type: string + required: + - dayOfWeek + - intervalMonths + - weekIndex + type: object + weekly: + description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalWeeks: + description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' + maximum: 4 + minimum: 1 + type: integer + required: + - dayOfWeek + - intervalWeeks + type: object + type: object + startDate: + description: |- + StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is + inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. + type: string + startTime: + description: |- + StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to + this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. + pattern: ^\d{2}:\d{2}$ + type: string + utcOffset: + description: |- + UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the + default is '+00:00'. + pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ + type: string + required: + - durationHours + - schedule + - startTime + type: object + notAllowedTime: + description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' + items: + description: For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + end: + description: 'End: The end of a time span' + type: string + start: + description: 'Start: The start of a time span' + type: string + type: object + type: array + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + timeInWeek: + description: |- + TimeInWeek: If two array entries specify the same day of the week, the applied configuration is the union of times in + both entries. + items: + description: Time in a week. + properties: + day: + description: 'Day: The day of the week.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + hourSlots: + description: |- + HourSlots: Each integer hour represents a time range beginning at 0m after the hour ending at the next hour + (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC + time range. + items: + maximum: 23 + minimum: 0 + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: Resource ID.' + type: string + maintenanceWindow: + description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' + properties: + durationHours: + description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' + type: integer + notAllowedDates: + description: |- + NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with + 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 + 22:00' to '2023-01-03 22:00' in UTC time. + items: + description: For example, between '2022-12-23' and '2023-01-05'. + properties: + end: + description: 'End: The end date of the date span.' + type: string + start: + description: 'Start: The start date of the date span.' + type: string + type: object + type: array + schedule: + description: 'Schedule: Recurrence schedule for the maintenance window.' + properties: + absoluteMonthly: + description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' + properties: + dayOfMonth: + description: 'DayOfMonth: The date of the month.' + type: integer + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + type: integer + type: object + daily: + description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' + properties: + intervalDays: + description: 'IntervalDays: Specifies the number of days between each set of occurrences.' + type: integer + type: object + relativeMonthly: + description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + type: string + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + type: integer + weekIndex: + description: 'WeekIndex: Specifies on which week of the month the dayOfWeek applies.' + type: string + type: object + weekly: + description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + type: string + intervalWeeks: + description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' + type: integer + type: object + type: object + startDate: + description: |- + StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is + inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. + type: string + startTime: + description: |- + StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to + this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. + type: string + utcOffset: + description: |- + UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the + default is '+00:00'. + type: string + type: object + name: + description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' + type: string + notAllowedTime: + description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' + items: + description: For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + end: + description: 'End: The end of a time span' + type: string + start: + description: 'Start: The start of a time span' + type: string + type: object + type: array + systemData: + description: 'SystemData: The system metadata relating to this resource.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object + timeInWeek: + description: |- + TimeInWeek: If two array entries specify the same day of the week, the applied configuration is the union of times in + both entries. + items: + description: Time in a week. + properties: + day: + description: 'Day: The day of the week.' + type: string + hourSlots: + description: |- + HourSlots: Each integer hour represents a time range beginning at 0m after the hour ending at the next hour + (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC + time range. + items: + type: integer + type: array + type: object + type: array + type: + description: 'Type: Resource type' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20240901storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20240901.MaintenanceConfiguration + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20240901.MaintenanceConfiguration_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + maintenanceWindow: + description: |- + Storage version of v1api20240901.MaintenanceWindow + Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + durationHours: + type: integer + notAllowedDates: + items: + description: |- + Storage version of v1api20240901.DateSpan + For example, between '2022-12-23' and '2023-01-05'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + schedule: + description: |- + Storage version of v1api20240901.Schedule + One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or + 'relativeMonthly' for your maintenance schedule. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + absoluteMonthly: + description: |- + Storage version of v1api20240901.AbsoluteMonthlySchedule + For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + description: |- + Storage version of v1api20240901.DailySchedule + For schedules like: 'recur every day' or 'recur every 3 days'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + description: |- + Storage version of v1api20240901.RelativeMonthlySchedule + For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + description: |- + Storage version of v1api20240901.WeeklySchedule + For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + notAllowedTime: + items: + description: |- + Storage version of v1api20240901.TimeSpan + For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + operatorSpec: + description: |- + Storage version of v1api20240901.MaintenanceConfigurationOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMapExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + timeInWeek: + items: + description: |- + Storage version of v1api20240901.TimeInWeek + Time in a week. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20240901.MaintenanceConfiguration_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + maintenanceWindow: + description: |- + Storage version of v1api20240901.MaintenanceWindow_STATUS + Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + durationHours: + type: integer + notAllowedDates: + items: + description: |- + Storage version of v1api20240901.DateSpan_STATUS + For example, between '2022-12-23' and '2023-01-05'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + schedule: + description: |- + Storage version of v1api20240901.Schedule_STATUS + One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or + 'relativeMonthly' for your maintenance schedule. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + absoluteMonthly: + description: |- + Storage version of v1api20240901.AbsoluteMonthlySchedule_STATUS + For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + description: |- + Storage version of v1api20240901.DailySchedule_STATUS + For schedules like: 'recur every day' or 'recur every 3 days'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + description: |- + Storage version of v1api20240901.RelativeMonthlySchedule_STATUS + For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + description: |- + Storage version of v1api20240901.WeeklySchedule_STATUS + For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + name: + type: string + notAllowedTime: + items: + description: |- + Storage version of v1api20240901.TimeSpan_STATUS + For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + systemData: + description: |- + Storage version of v1api20240901.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + timeInWeek: + items: + description: |- + Storage version of v1api20240901.TimeInWeek_STATUS + Time in a week. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250801 + schema: + openAPIV3Schema: + description: |- + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + maintenanceWindow: + description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' + properties: + durationHours: + description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' + maximum: 24 + minimum: 4 + type: integer + notAllowedDates: + description: |- + NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with + 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 + 22:00' to '2023-01-03 22:00' in UTC time. + items: + description: A date range. For example, between '2022-12-23' and '2023-01-05'. + properties: + end: + description: 'End: The end date of the date span.' + type: string + start: + description: 'Start: The start date of the date span.' + type: string + required: + - end + - start + type: object + type: array + schedule: + description: 'Schedule: Recurrence schedule for the maintenance window.' + properties: + absoluteMonthly: + description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' + properties: + dayOfMonth: + description: 'DayOfMonth: The date of the month.' + maximum: 31 + minimum: 1 + type: integer + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + maximum: 6 + minimum: 1 + type: integer + required: + - dayOfMonth + - intervalMonths + type: object + daily: + description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' + properties: + intervalDays: + description: 'IntervalDays: Specifies the number of days between each set of occurrences.' + maximum: 7 + minimum: 1 + type: integer + required: + - intervalDays + type: object + relativeMonthly: + description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + maximum: 6 + minimum: 1 + type: integer + weekIndex: + description: 'WeekIndex: The week index. Specifies on which week of the month the dayOfWeek applies.' + enum: + - First + - Fourth + - Last + - Second + - Third + type: string + required: + - dayOfWeek + - intervalMonths + - weekIndex + type: object + weekly: + description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + intervalWeeks: + description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' + maximum: 4 + minimum: 1 + type: integer + required: + - dayOfWeek + - intervalWeeks + type: object + type: object + startDate: + description: |- + StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is + inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. + type: string + startTime: + description: |- + StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to + this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. + pattern: ^\d{2}:\d{2}$ + type: string + utcOffset: + description: |- + UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the + default is '+00:00'. + pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ + type: string + required: + - durationHours + - schedule + - startTime + type: object + notAllowedTime: + description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' + items: + description: A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + end: + description: 'End: The end of a time span' + type: string + start: + description: 'Start: The start of a time span' + type: string + type: object + type: array + operatorSpec: + description: |- + OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not + passed directly to Azure + properties: + configMapExpressions: + description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + type: object + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + timeInWeek: + description: |- + TimeInWeek: Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the + same day of the week, the applied configuration is the union of times in both entries. + items: + description: Time in a week. + properties: + day: + description: 'Day: The day of the week.' + enum: + - Friday + - Monday + - Saturday + - Sunday + - Thursday + - Tuesday + - Wednesday + type: string + hourSlots: + description: |- + HourSlots: A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning + at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. + Specifying [0, 1] means the 00:00 - 02:00 UTC time range. + items: + maximum: 23 + minimum: 0 + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + properties: + conditions: + description: 'Conditions: The observed state of the resource' + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + description: 'Id: Resource ID.' + type: string + maintenanceWindow: + description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' + properties: + durationHours: + description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' + type: integer + notAllowedDates: + description: |- + NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with + 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 + 22:00' to '2023-01-03 22:00' in UTC time. + items: + description: A date range. For example, between '2022-12-23' and '2023-01-05'. + properties: + end: + description: 'End: The end date of the date span.' + type: string + start: + description: 'Start: The start date of the date span.' + type: string + type: object + type: array + schedule: + description: 'Schedule: Recurrence schedule for the maintenance window.' + properties: + absoluteMonthly: + description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' + properties: + dayOfMonth: + description: 'DayOfMonth: The date of the month.' + type: integer + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + type: integer + type: object + daily: + description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' + properties: + intervalDays: + description: 'IntervalDays: Specifies the number of days between each set of occurrences.' + type: integer + type: object + relativeMonthly: + description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + type: string + intervalMonths: + description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' + type: integer + weekIndex: + description: 'WeekIndex: The week index. Specifies on which week of the month the dayOfWeek applies.' + type: string + type: object + weekly: + description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' + properties: + dayOfWeek: + description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' + type: string + intervalWeeks: + description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' + type: integer + type: object + type: object + startDate: + description: |- + StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is + inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. + type: string + startTime: + description: |- + StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to + this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. + type: string + utcOffset: + description: |- + UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the + default is '+00:00'. + type: string + type: object + name: + description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' + type: string + notAllowedTime: + description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' + items: + description: A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + end: + description: 'End: The end of a time span' + type: string + start: + description: 'Start: The start of a time span' + type: string + type: object + type: array + systemData: + description: 'SystemData: The system metadata relating to this resource.' + properties: + createdAt: + description: 'CreatedAt: The timestamp of resource creation (UTC).' + type: string + createdBy: + description: 'CreatedBy: The identity that created the resource.' + type: string + createdByType: + description: 'CreatedByType: The type of identity that created the resource.' + type: string + lastModifiedAt: + description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' + type: string + lastModifiedBy: + description: 'LastModifiedBy: The identity that last modified the resource.' + type: string + lastModifiedByType: + description: 'LastModifiedByType: The type of identity that last modified the resource.' + type: string + type: object + timeInWeek: + description: |- + TimeInWeek: Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the + same day of the week, the applied configuration is the union of times in both entries. + items: + description: Time in a week. + properties: + day: + description: 'Day: The day of the week.' + type: string + hourSlots: + description: |- + HourSlots: A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning + at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. + Specifying [0, 1] means the 00:00 - 02:00 UTC time range. + items: + type: integer + type: array + type: object + type: array + type: + description: 'Type: Resource type' + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].severity + name: Severity + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].message + name: Message + type: string + name: v1api20250801storage + schema: + openAPIV3Schema: + description: |- + Storage version of v1api20250801.MaintenanceConfiguration + Generator information: + - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json + - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Storage version of v1api20250801.MaintenanceConfiguration_Spec + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + azureName: + description: |- + AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it + doesn't have to be. + type: string + maintenanceWindow: + description: |- + Storage version of v1api20250801.MaintenanceWindow + Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + durationHours: + type: integer + notAllowedDates: + items: + description: |- + Storage version of v1api20250801.DateSpan + A date range. For example, between '2022-12-23' and '2023-01-05'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + schedule: + description: |- + Storage version of v1api20250801.Schedule + One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or + 'relativeMonthly' for your maintenance schedule. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + absoluteMonthly: + description: |- + Storage version of v1api20250801.AbsoluteMonthlySchedule + For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + description: |- + Storage version of v1api20250801.DailySchedule + For schedules like: 'recur every day' or 'recur every 3 days'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + description: |- + Storage version of v1api20250801.RelativeMonthlySchedule + For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + description: |- + Storage version of v1api20250801.WeeklySchedule + For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + notAllowedTime: + items: + description: |- + Storage version of v1api20250801.TimeSpan + A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + operatorSpec: + description: |- + Storage version of v1api20250801.MaintenanceConfigurationOperatorSpec + Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + configMapExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + secretExpressions: + items: + description: |- + DestinationExpression is a CEL expression and a destination to store the result in. The destination may + be a secret or a configmap. The value of the expression is stored at the specified location in + the destination. + properties: + key: + description: |- + Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string + this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string + Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting + map[string]string. + type: string + name: + description: |- + Name is the name of the Kubernetes configmap or secret to write to. + The configmap or secret will be created in the same namespace as the resource. + type: string + value: + description: |- + Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information + on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ + type: string + required: + - name + - value + type: object + type: array + type: object + originalVersion: + type: string + owner: + description: |- + Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also + controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a + reference to a containerservice.azure.com/ManagedCluster resource + properties: + armId: + pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) + type: string + name: + description: This is the name of the Kubernetes resource to reference. + type: string + type: object + timeInWeek: + items: + description: |- + Storage version of v1api20250801.TimeInWeek + Time in a week. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + required: + - owner + type: object + status: + description: Storage version of v1api20250801.MaintenanceConfiguration_STATUS + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + conditions: + items: + description: Condition defines an extension to status (an observation) of a resource + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. + format: date-time + type: string + message: + description: Message is a human readable message indicating details about the transition. This field may be empty. + type: string + observedGeneration: + description: |- + ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + type: integer + reason: + description: |- + Reason for the condition's last transition. + Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True + For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. + This is omitted in all cases when Status == Unknown + type: string + status: + description: Status of the condition, one of True, False, or Unknown. + type: string + type: + description: Type of condition. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + id: + type: string + maintenanceWindow: + description: |- + Storage version of v1api20250801.MaintenanceWindow_STATUS + Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + durationHours: + type: integer + notAllowedDates: + items: + description: |- + Storage version of v1api20250801.DateSpan_STATUS + A date range. For example, between '2022-12-23' and '2023-01-05'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + schedule: + description: |- + Storage version of v1api20250801.Schedule_STATUS + One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or + 'relativeMonthly' for your maintenance schedule. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + absoluteMonthly: + description: |- + Storage version of v1api20250801.AbsoluteMonthlySchedule_STATUS + For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfMonth: + type: integer + intervalMonths: + type: integer + type: object + daily: + description: |- + Storage version of v1api20250801.DailySchedule_STATUS + For schedules like: 'recur every day' or 'recur every 3 days'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + intervalDays: + type: integer + type: object + relativeMonthly: + description: |- + Storage version of v1api20250801.RelativeMonthlySchedule_STATUS + For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalMonths: + type: integer + weekIndex: + type: string + type: object + weekly: + description: |- + Storage version of v1api20250801.WeeklySchedule_STATUS + For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + dayOfWeek: + type: string + intervalWeeks: + type: integer + type: object + type: object + startDate: + type: string + startTime: + type: string + utcOffset: + type: string + type: object + name: + type: string + notAllowedTime: + items: + description: |- + Storage version of v1api20250801.TimeSpan_STATUS + A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + end: + type: string + start: + type: string + type: object + type: array + systemData: + description: |- + Storage version of v1api20250801.SystemData_STATUS + Metadata pertaining to creation and last modification of the resource. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + createdAt: + type: string + createdBy: + type: string + createdByType: + type: string + lastModifiedAt: + type: string + lastModifiedBy: + type: string + lastModifiedByType: + type: string + type: object + timeInWeek: + items: + description: |- + Storage version of v1api20250801.TimeInWeek_STATUS + Time in a week. + properties: + $propertyBag: + additionalProperties: + type: string + description: |- + PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage + resources, allowing for full fidelity round trip conversions + type: object + day: + type: string + hourSlots: + items: + type: integer + type: array + type: object + type: array + type: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: azureserviceoperator-system/azureserviceoperator-serving-cert diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml index 9180556d6ff..28eed6383e9 100644 --- a/config/aso/kustomization.yaml +++ b/config/aso/kustomization.yaml @@ -12,6 +12,7 @@ patches: - path: patches/visualizer_label_in_fleetmembers.yaml - path: patches/visualizer_label_in_managedclusteragentpools.yaml - path: patches/visualizer_label_in_managed_clusters.yaml + - path: patches/visualizer_label_in_maintenanceconfigurations.yaml - path: patches/visualizer_label_in_natgateways.yaml - path: patches/visualizer_label_in_privateendpoints.yaml - path: patches/visualizer_label_in_resourcegroups.yaml diff --git a/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml b/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml new file mode 100644 index 00000000000..cc259b67297 --- /dev/null +++ b/config/aso/patches/visualizer_label_in_maintenanceconfigurations.yaml @@ -0,0 +1,7 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + visualizer.cluster.x-k8s.io: "" + visualizer.cluster.x-k8s.io/provider-type: "infrastructure" + name: maintenanceconfigurations.containerservice.azure.com diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 547fa4c0f4e..f7769bc522b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -123,6 +123,7 @@ rules: - containerservice.azure.com resources: - fleetsmembers + - maintenanceconfigurations - managedclusters - managedclustersagentpools verbs: @@ -137,6 +138,7 @@ rules: - containerservice.azure.com resources: - fleetsmembers/status + - maintenanceconfigurations/status - managedclusters/status - managedclustersagentpools/status verbs: diff --git a/controllers/azuremanagedcontrolplane_controller.go b/controllers/azuremanagedcontrolplane_controller.go index 2f3728a5f21..967d9e51e9b 100644 --- a/controllers/azuremanagedcontrolplane_controller.go +++ b/controllers/azuremanagedcontrolplane_controller.go @@ -114,6 +114,8 @@ func (amcpr *AzureManagedControlPlaneReconciler) SetupWithManager(ctx context.Co // +kubebuilder:rbac:groups=network.azure.com,resources=privateendpoints/status;virtualnetworks/status;virtualnetworkssubnets/status,verbs=get;list;watch // +kubebuilder:rbac:groups=containerservice.azure.com,resources=fleetsmembers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=containerservice.azure.com,resources=fleetsmembers/status,verbs=get;list;watch +// +kubebuilder:rbac:groups=containerservice.azure.com,resources=maintenanceconfigurations,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=containerservice.azure.com,resources=maintenanceconfigurations/status,verbs=get;list;watch // +kubebuilder:rbac:groups=kubernetesconfiguration.azure.com,resources=extensions,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kubernetesconfiguration.azure.com,resources=extensions/status,verbs=get;list;watch diff --git a/templates/cluster-template-aks-aso-maintenance.yaml b/templates/cluster-template-aks-aso-maintenance.yaml new file mode 100644 index 00000000000..0108f945935 --- /dev/null +++ b/templates/cluster-template-aks-aso-maintenance.yaml @@ -0,0 +1,194 @@ +apiVersion: cluster.x-k8s.io/v1beta1 +kind: Cluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + controlPlaneRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedControlPlane + name: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedCluster + name: ${CLUSTER_NAME} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedControlPlane +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedCluster + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME} + spec: + dnsPrefix: ${CLUSTER_NAME} + identity: + type: SystemAssigned + location: ${AZURE_LOCATION} + networkProfile: + networkPlugin: azure + owner: + name: ${CLUSTER_NAME} + servicePrincipalProfile: + clientId: msi + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-default + spec: + azureName: default + owner: + name: ${CLUSTER_NAME} + timeInWeek: + - day: Sunday + hourSlots: + - 0 + - 1 + - 2 + - 3 + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-aksmanagedautoupgradeschedule + spec: + azureName: aksManagedAutoUpgradeSchedule + maintenanceWindow: + durationHours: 4 + notAllowedDates: + - end: "2026-12-26" + start: "2026-12-23" + schedule: + weekly: + dayOfWeek: Sunday + intervalWeeks: 1 + startTime: "02:00" + utcOffset: "-05:00" + owner: + name: ${CLUSTER_NAME} + - apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-aksmanagednodeosupgradeschedule + spec: + azureName: aksManagedNodeOSUpgradeSchedule + maintenanceWindow: + durationHours: 4 + schedule: + weekly: + dayOfWeek: Sunday + intervalWeeks: 1 + startTime: "02:00" + utcOffset: "-05:00" + owner: + name: ${CLUSTER_NAME} + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedCluster +metadata: + name: ${CLUSTER_NAME} + namespace: default +spec: + resources: + - apiVersion: resources.azure.com/v1api20200601 + kind: ResourceGroup + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME} + spec: + location: ${AZURE_LOCATION} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedMachinePool + name: ${CLUSTER_NAME}-pool0 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool0 + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedClustersAgentPool + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-pool0 + spec: + azureName: pool0 + mode: System + owner: + name: ${CLUSTER_NAME} + type: VirtualMachineScaleSets + vmSize: ${AZURE_NODE_MACHINE_TYPE} +--- +apiVersion: cluster.x-k8s.io/v1beta1 +kind: MachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + clusterName: ${CLUSTER_NAME} + replicas: ${WORKER_MACHINE_COUNT:=2} + template: + metadata: {} + spec: + bootstrap: + dataSecretName: "" + clusterName: ${CLUSTER_NAME} + infrastructureRef: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureASOManagedMachinePool + name: ${CLUSTER_NAME}-pool1 + version: ${KUBERNETES_VERSION} +--- +apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 +kind: AzureASOManagedMachinePool +metadata: + name: ${CLUSTER_NAME}-pool1 + namespace: default +spec: + resources: + - apiVersion: containerservice.azure.com/v1api20240901 + kind: ManagedClustersAgentPool + metadata: + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + name: ${CLUSTER_NAME}-pool1 + spec: + azureName: pool1 + mode: User + owner: + name: ${CLUSTER_NAME} + type: VirtualMachineScaleSets + vmSize: ${AZURE_NODE_MACHINE_TYPE} diff --git a/templates/flavors/aks-aso-maintenance/kustomization.yaml b/templates/flavors/aks-aso-maintenance/kustomization.yaml new file mode 100644 index 00000000000..775a3c73da3 --- /dev/null +++ b/templates/flavors/aks-aso-maintenance/kustomization.yaml @@ -0,0 +1,81 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: +- ../aks-aso + +patches: +- patch: |- + - op: test + path: /spec/resources/0/kind + value: ManagedCluster + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-default + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: default + owner: + name: ${CLUSTER_NAME} + timeInWeek: + - day: Sunday + hourSlots: + - 0 + - 1 + - 2 + - 3 + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-aksmanagedautoupgradeschedule + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: aksManagedAutoUpgradeSchedule + owner: + name: ${CLUSTER_NAME} + maintenanceWindow: + durationHours: 4 + utcOffset: "-05:00" + startTime: "02:00" + schedule: + weekly: + intervalWeeks: 1 + dayOfWeek: Sunday + notAllowedDates: + - start: "2026-12-23" + end: "2026-12-26" + - op: add + path: /spec/resources/- + value: + apiVersion: containerservice.azure.com/v1api20240901 + kind: MaintenanceConfiguration + metadata: + name: ${CLUSTER_NAME}-aksmanagednodeosupgradeschedule + annotations: + serviceoperator.azure.com/credential-from: ${ASO_CREDENTIAL_SECRET_NAME} + spec: + azureName: aksManagedNodeOSUpgradeSchedule + owner: + name: ${CLUSTER_NAME} + maintenanceWindow: + durationHours: 4 + utcOffset: "-05:00" + startTime: "02:00" + schedule: + weekly: + intervalWeeks: 1 + dayOfWeek: Sunday + target: + kind: AzureASOManagedControlPlane + +sortOptions: + order: fifo diff --git a/test/e2e/aks_maintenance_configuration.go b/test/e2e/aks_maintenance_configuration.go new file mode 100644 index 00000000000..b562e5a4c9b --- /dev/null +++ b/test/e2e/aks_maintenance_configuration.go @@ -0,0 +1,252 @@ +//go:build e2e +// +build e2e + +/* +Copyright 2026 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "context" + "encoding/json" + + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v4" + asocontainerservicev1mc "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" + asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" + asoannotations "github.com/Azure/azure-service-operator/v2/pkg/common/annotations" + "github.com/Azure/azure-service-operator/v2/pkg/genruntime" + asoconditions "github.com/Azure/azure-service-operator/v2/pkg/genruntime/conditions" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/ptr" + clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" + "sigs.k8s.io/controller-runtime/pkg/client" + + infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + "sigs.k8s.io/cluster-api-provider-azure/azure" +) + +type AKSMaintenanceConfigurationSpecInput struct { + Cluster *clusterv1.Cluster + WaitForUpdate []interface{} +} + +func AKSMaintenanceConfigurationSpec(ctx context.Context, inputGetter func() AKSMaintenanceConfigurationSpecInput) { + input := inputGetter() + + cred, err := azidentity.NewDefaultAzureCredential(nil) + Expect(err).NotTo(HaveOccurred()) + + mcClient, err := armcontainerservice.NewMaintenanceConfigurationsClient(getSubscriptionID(Default), cred, nil) + Expect(err).NotTo(HaveOccurred()) + + mgmtClient := bootstrapClusterProxy.GetClient() + Expect(mgmtClient).NotTo(BeNil()) + + namespace := input.Cluster.Namespace + managedClusterName := input.Cluster.Spec.ControlPlaneRef.Name + + By("Discovering the AKS resource group from the AzureASOManagedCluster") + asoCluster := &infrav1.AzureASOManagedCluster{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: input.Cluster.Spec.InfrastructureRef.Name}, asoCluster)).To(Succeed()) + var resourceGroup string + for _, raw := range asoCluster.Spec.Resources { + u := &unstructured.Unstructured{} + Expect(u.UnmarshalJSON(raw.Raw)).To(Succeed()) + if u.GroupVersionKind().Kind != "ResourceGroup" { + continue + } + rg := &asoresourcesv1.ResourceGroup{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: u.GetName()}, rg)).To(Succeed()) + resourceGroup = rg.AzureName() + break + } + Expect(resourceGroup).NotTo(BeEmpty()) + + infraControlPlane := &infrav1.AzureASOManagedControlPlane{} + Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: managedClusterName}, infraControlPlane)).To(Succeed()) + originalResources := append([]runtime.RawExtension(nil), infraControlPlane.Spec.Resources...) + + var credentialFrom string + for _, raw := range originalResources { + u := &unstructured.Unstructured{} + Expect(u.UnmarshalJSON(raw.Raw)).To(Succeed()) + if u.GroupVersionKind().Kind == "ManagedCluster" { + credentialFrom = u.GetAnnotations()[asoannotations.PerResourceSecret] + break + } + } + + newMC := func(name, azureName string, spec asocontainerservicev1mc.MaintenanceConfiguration_Spec) *asocontainerservicev1mc.MaintenanceConfiguration { + spec.AzureName = azureName + spec.Owner = &genruntime.KnownResourceReference{Name: managedClusterName} + mc := &asocontainerservicev1mc.MaintenanceConfiguration{ + TypeMeta: metav1.TypeMeta{ + APIVersion: asocontainerservicev1mc.GroupVersion.String(), + Kind: "MaintenanceConfiguration", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: input.Cluster.Name + "-" + name, + }, + Spec: spec, + } + if credentialFrom != "" { + mc.Annotations = map[string]string{asoannotations.PerResourceSecret: credentialFrom} + } + return mc + } + + weekly := func(day asocontainerservicev1mc.WeekDay) *asocontainerservicev1mc.MaintenanceWindow { + return &asocontainerservicev1mc.MaintenanceWindow{ + DurationHours: ptr.To(4), + UtcOffset: ptr.To("-05:00"), + StartTime: ptr.To("02:00"), + Schedule: &asocontainerservicev1mc.Schedule{ + Weekly: &asocontainerservicev1mc.WeeklySchedule{ + IntervalWeeks: ptr.To(1), + DayOfWeek: ptr.To(day), + }, + }, + } + } + + defaultMC := newMC("mc-default", "default", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + TimeInWeek: []asocontainerservicev1mc.TimeInWeek{{ + Day: ptr.To(asocontainerservicev1mc.WeekDay_Sunday), + HourSlots: []asocontainerservicev1mc.HourInDay{0, 1, 2, 3}, + }}, + }) + autoUpgradeMC := newMC("mc-auto-upgrade", "aksManagedAutoUpgradeSchedule", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + MaintenanceWindow: weekly(asocontainerservicev1mc.WeekDay_Sunday), + }) + nodeOSMC := newMC("mc-node-os-upgrade", "aksManagedNodeOSUpgradeSchedule", asocontainerservicev1mc.MaintenanceConfiguration_Spec{ + MaintenanceWindow: weekly(asocontainerservicev1mc.WeekDay_Sunday), + }) + + setMCs := func(mcs ...*asocontainerservicev1mc.MaintenanceConfiguration) { + Eventually(func(g Gomega) { + g.Expect(mgmtClient.Get(ctx, client.ObjectKeyFromObject(infraControlPlane), infraControlPlane)).To(Succeed()) + resources := append([]runtime.RawExtension(nil), originalResources...) + for _, mc := range mcs { + bs, err := json.Marshal(mc) + g.Expect(err).NotTo(HaveOccurred()) + resources = append(resources, runtime.RawExtension{Raw: bs}) + } + infraControlPlane.Spec.Resources = resources + g.Expect(mgmtClient.Update(ctx, infraControlPlane)).To(Succeed()) + }, input.WaitForUpdate...).Should(Succeed()) + } + + isReady := func(c asoconditions.Conditioner) bool { + conds := c.GetConditions() + if i, ok := conds.FindIndexByType(asoconditions.ConditionTypeReady); ok { + return conds[i].Status == metav1.ConditionTrue + } + return false + } + + By("Appending three MaintenanceConfigurations to the AzureASOManagedControlPlane") + setMCs(defaultMC, autoUpgradeMC, nodeOSMC) + + By("Waiting for each ASO MaintenanceConfiguration to reach Ready=True") + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{defaultMC, autoUpgradeMC, nodeOSMC} { + Eventually(func(g Gomega) { + got := &asocontainerservicev1mc.MaintenanceConfiguration{} + g.Expect(mgmtClient.Get(ctx, client.ObjectKey{Namespace: namespace, Name: mc.Name}, got)).To(Succeed()) + g.Expect(isReady(got)).To(BeTrue(), "expected ASO MaintenanceConfiguration %q to be Ready", mc.Name) + }, input.WaitForUpdate...).Should(Succeed()) + } + + By("Verifying the default MaintenanceConfiguration in Azure") + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, defaultMC.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties).NotTo(BeNil()) + expected := defaultMC.Spec.TimeInWeek + g.Expect(resp.Properties.TimeInWeek).To(HaveLen(len(expected))) + for i, want := range expected { + g.Expect(resp.Properties.TimeInWeek[i].Day).To(HaveValue(BeEquivalentTo(*want.Day))) + gotHours := make([]int32, 0, len(resp.Properties.TimeInWeek[i].HourSlots)) + for _, h := range resp.Properties.TimeInWeek[i].HourSlots { + gotHours = append(gotHours, *h) + } + wantHours := make([]int32, 0, len(want.HourSlots)) + for _, h := range want.HourSlots { + wantHours = append(wantHours, int32(h)) + } + g.Expect(gotHours).To(ConsistOf(wantHours)) + } + }, input.WaitForUpdate...).Should(Succeed()) + + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{autoUpgradeMC, nodeOSMC} { + Byf("Verifying the %s MaintenanceConfiguration in Azure", mc.Spec.AzureName) + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, mc.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow).NotTo(BeNil()) + want := mc.Spec.MaintenanceWindow + g.Expect(resp.Properties.MaintenanceWindow.DurationHours).To(HaveValue(BeEquivalentTo(*want.DurationHours))) + g.Expect(resp.Properties.MaintenanceWindow.UTCOffset).To(HaveValue(Equal(*want.UtcOffset))) + g.Expect(resp.Properties.MaintenanceWindow.StartTime).To(HaveValue(Equal(*want.StartTime))) + g.Expect(resp.Properties.MaintenanceWindow.Schedule).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly).NotTo(BeNil()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.IntervalWeeks).To(HaveValue(BeEquivalentTo(*want.Schedule.Weekly.IntervalWeeks))) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.DayOfWeek).To(HaveValue(BeEquivalentTo(*want.Schedule.Weekly.DayOfWeek))) + }, input.WaitForUpdate...).Should(Succeed()) + } + + By("Updating the node-OS upgrade schedule from Sunday to Saturday") + nodeOSMC.Spec.MaintenanceWindow.Schedule.Weekly.DayOfWeek = ptr.To(asocontainerservicev1mc.WeekDay_Saturday) + setMCs(defaultMC, autoUpgradeMC, nodeOSMC) + Eventually(func(g Gomega) { + resp, err := mcClient.Get(ctx, resourceGroup, managedClusterName, nodeOSMC.Spec.AzureName, nil) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(resp.Properties.MaintenanceWindow.Schedule.Weekly.DayOfWeek).To(HaveValue(BeEquivalentTo(*nodeOSMC.Spec.MaintenanceWindow.Schedule.Weekly.DayOfWeek))) + }, input.WaitForUpdate...).Should(Succeed()) + + By("Listing all maintenance configurations on the managed cluster") + Eventually(func(g Gomega) { + pager := mcClient.NewListByManagedClusterPager(resourceGroup, managedClusterName, nil) + seen := map[string]bool{} + for pager.More() { + page, err := pager.NextPage(ctx) + g.Expect(err).NotTo(HaveOccurred()) + for _, item := range page.Value { + if item != nil && item.Name != nil { + seen[*item.Name] = true + } + } + } + for _, mc := range []*asocontainerservicev1mc.MaintenanceConfiguration{defaultMC, autoUpgradeMC, nodeOSMC} { + g.Expect(seen).To(HaveKey(mc.Spec.AzureName)) + } + }, input.WaitForUpdate...).Should(Succeed()) + + By("Removing the default MaintenanceConfiguration from spec.resources") + setMCs(autoUpgradeMC, nodeOSMC) + Eventually(func(g Gomega) { + _, err := mcClient.Get(ctx, resourceGroup, managedClusterName, defaultMC.Spec.AzureName, nil) + g.Expect(azure.ResourceNotFound(err)).To(BeTrue(), "expected MaintenanceConfiguration %q to be deleted from Azure, got err=%v", defaultMC.Spec.AzureName, err) + }, input.WaitForUpdate...).Should(Succeed()) + + By("Restoring the original spec.resources") + setMCs() +} diff --git a/test/e2e/azure_clusterproxy.go b/test/e2e/azure_clusterproxy.go index e2a471d3d12..501f47ae278 100644 --- a/test/e2e/azure_clusterproxy.go +++ b/test/e2e/azure_clusterproxy.go @@ -36,6 +36,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" asocontainerservicev1 "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20231001" asocontainerservicev1preview "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240402preview" + asocontainerservicev1mc "github.com/Azure/azure-service-operator/v2/api/containerservice/v1api20240901" asoresourcesv1 "github.com/Azure/azure-service-operator/v2/api/resources/v1api20200601" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -78,6 +79,7 @@ func initScheme() *runtime.Scheme { Expect(asoresourcesv1.AddToScheme(scheme)).To(Succeed()) Expect(asocontainerservicev1.AddToScheme(scheme)).To(Succeed()) Expect(asocontainerservicev1preview.AddToScheme(scheme)).To(Succeed()) + Expect(asocontainerservicev1mc.AddToScheme(scheme)).To(Succeed()) return scheme } diff --git a/test/e2e/azure_test.go b/test/e2e/azure_test.go index fcd9c58edd8..c5fa314e20b 100644 --- a/test/e2e/azure_test.go +++ b/test/e2e/azure_test.go @@ -923,6 +923,15 @@ var _ = Describe("Workload cluster creation", func() { } }) }) + + By("Verifying AKS maintenance configurations", func() { + AKSMaintenanceConfigurationSpec(ctx, func() AKSMaintenanceConfigurationSpecInput { + return AKSMaintenanceConfigurationSpecInput{ + Cluster: result.Cluster, + WaitForUpdate: e2eConfig.GetIntervals(specName, "wait-machine-pool-nodes"), + } + }) + }) }) }) From bf831d90b19686fefffbaed0d83b21b782119ec3 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 5 May 2026 13:14:21 -0600 Subject: [PATCH 52/61] Use uuid.Validate over uuid.Parse where appropriate --- exp/api/v1beta1/azuremachinepool_webhook_test.go | 3 +-- internal/api/v1beta1/azuremachine_default_test.go | 3 +-- internal/webhooks/azuremachine_validation.go | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/exp/api/v1beta1/azuremachinepool_webhook_test.go b/exp/api/v1beta1/azuremachinepool_webhook_test.go index 69b5c0c0759..53dc0b2c720 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook_test.go +++ b/exp/api/v1beta1/azuremachinepool_webhook_test.go @@ -479,8 +479,7 @@ func TestAzureMachinePool_Default(t *testing.T) { err = ampw.Default(t.Context(), emptyTest.amp) g.Expect(err).NotTo(HaveOccurred()) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name).To(Not(BeEmpty())) - _, err = guuid.Parse(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name) - g.Expect(err).To(Not(HaveOccurred())) + g.Expect(guuid.Validate(emptyTest.amp.Spec.SystemAssignedIdentityRole.Name)).To(Succeed()) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole).To(Not(BeNil())) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.Scope).To(Equal(fmt.Sprintf("/subscriptions/%s/", fakeSubscriptionID))) g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.DefinitionID).To(Equal(fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/%s", fakeSubscriptionID, apiinternal.ContributorRoleID))) diff --git a/internal/api/v1beta1/azuremachine_default_test.go b/internal/api/v1beta1/azuremachine_default_test.go index 6f5f92d6db2..a54125c3428 100644 --- a/internal/api/v1beta1/azuremachine_default_test.go +++ b/internal/api/v1beta1/azuremachine_default_test.go @@ -116,8 +116,7 @@ func TestAzureMachineSpec_SetIdentityDefaults(t *testing.T) { SetDefaultAzureMachineSpecIdentity(&emptyTest.machine.Spec, fakeSubscriptionID) g.Expect(emptyTest.machine.Spec.SystemAssignedIdentityRole.Name).To(Not(BeEmpty())) - _, err := uuid.Parse(emptyTest.machine.Spec.SystemAssignedIdentityRole.Name) - g.Expect(err).To(Not(HaveOccurred())) + g.Expect(uuid.Validate(emptyTest.machine.Spec.SystemAssignedIdentityRole.Name)).To(Succeed()) g.Expect(emptyTest.machine.Spec.SystemAssignedIdentityRole.Scope).To(Equal(fmt.Sprintf("/subscriptions/%s/", fakeSubscriptionID))) g.Expect(emptyTest.machine.Spec.SystemAssignedIdentityRole.DefinitionID).To(Equal(fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/%s", fakeSubscriptionID, ContributorRoleID))) diff --git a/internal/webhooks/azuremachine_validation.go b/internal/webhooks/azuremachine_validation.go index 4a229ec5820..05990fb23f3 100644 --- a/internal/webhooks/azuremachine_validation.go +++ b/internal/webhooks/azuremachine_validation.go @@ -123,7 +123,7 @@ func ValidateSystemAssignedIdentity(identityType infrav1.VMIdentity, oldIdentity allErrs := field.ErrorList{} if identityType == infrav1.VMIdentitySystemAssigned { - if _, err := uuid.Parse(newIdentity); err != nil { + if err := uuid.Validate(newIdentity); err != nil { allErrs = append(allErrs, field.Invalid(fldPath, newIdentity, "Role assignment name must be a valid GUID. It is optional and will be auto-generated when not specified.")) } if oldIdentity != "" && oldIdentity != newIdentity { From 7410779206cf85630fd250a8d69341174fdb6d51 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 5 May 2026 14:20:34 -0600 Subject: [PATCH 53/61] Add unit tests for azuremachine_validation --- .../webhooks/azuremachine_validation_test.go | 140 ++++++++++++++++++ 1 file changed, 140 insertions(+) diff --git a/internal/webhooks/azuremachine_validation_test.go b/internal/webhooks/azuremachine_validation_test.go index b7e45798fa2..9aba9c61636 100644 --- a/internal/webhooks/azuremachine_validation_test.go +++ b/internal/webhooks/azuremachine_validation_test.go @@ -443,6 +443,42 @@ func TestAzureMachine_ValidateDataDisks(t *testing.T) { }, wantErr: true, }, + { + name: "nil LUN", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: nil, + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, + { + name: "LUN below valid range", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: ptr.To[int32](-1), + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, + { + name: "LUN above valid range", + disks: []infrav1.DataDisk{ + { + NameSuffix: "my_disk", + DiskSizeGB: 64, + Lun: ptr.To[int32](64), + CachingType: string(armcompute.PossibleCachingTypesValues()[0]), + }, + }, + wantErr: true, + }, } for _, test := range testcases { @@ -458,6 +494,110 @@ func TestAzureMachine_ValidateDataDisks(t *testing.T) { } } +func TestAzureMachine_ValidateDiagnostics(t *testing.T) { + testcases := []struct { + name string + diagnostics *infrav1.Diagnostics + wantErr bool + }{ + { + name: "nil diagnostics", + diagnostics: nil, + wantErr: false, + }, + { + name: "nil boot diagnostics", + diagnostics: &infrav1.Diagnostics{}, + wantErr: false, + }, + { + name: "managed storage account type without user-managed config", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.ManagedDiagnosticsStorage, + }, + }, + wantErr: false, + }, + { + name: "managed storage account type with user-managed StorageAccountURI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.ManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: true, + }, + { + name: "disabled storage account type without user-managed config", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.DisabledDiagnosticsStorage, + }, + }, + wantErr: false, + }, + { + name: "disabled storage account type with user-managed StorageAccountURI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.DisabledDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: true, + }, + { + name: "user-managed storage account type with valid URI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{ + StorageAccountURI: "https://example.blob.core.windows.net/", + }, + }, + }, + wantErr: false, + }, + { + name: "user-managed storage account type missing UserManaged", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + }, + }, + wantErr: true, + }, + { + name: "user-managed storage account type with empty URI", + diagnostics: &infrav1.Diagnostics{ + Boot: &infrav1.BootDiagnostics{ + StorageAccountType: infrav1.UserManagedDiagnosticsStorage, + UserManaged: &infrav1.UserManagedBootDiagnostics{}, + }, + }, + wantErr: true, + }, + } + + for _, test := range testcases { + t.Run(test.name, func(t *testing.T) { + g := NewWithT(t) + err := ValidateDiagnostics(test.diagnostics, field.NewPath("diagnostics")) + if test.wantErr { + g.Expect(err).NotTo(BeEmpty()) + } else { + g.Expect(err).To(BeEmpty()) + } + }) + } +} + func TestAzureMachine_ValidateSystemAssignedIdentity(t *testing.T) { tests := []struct { name string From 29c582895d30a9ac745029a16c21744c03b7a177 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Tue, 5 May 2026 15:58:58 -0600 Subject: [PATCH 54/61] Update RKE2 ClusterClass to v1beta2 and bump provider to v0.24.3 --- templates/cluster-template-clusterclass-rke2.yaml | 12 ++++++------ .../flavors/clusterclass-rke2/clusterclass.yaml | 8 ++++---- .../clusterclass-rke2/rke2-config-template.yaml | 2 +- .../rke2-controlplane-template.yaml | 2 +- .../cluster-template-prow-clusterclass-ci-rke2.yaml | 12 ++++++------ .../test/ci/prow-clusterclass-ci-rke2/patches.yaml | 6 +++--- .../rke2-config-template.yaml | 2 +- test/e2e/azure_test.go | 6 +++--- 8 files changed, 25 insertions(+), 25 deletions(-) diff --git a/templates/cluster-template-clusterclass-rke2.yaml b/templates/cluster-template-clusterclass-rke2.yaml index c2d6b587a46..06e37e7779f 100644 --- a/templates/cluster-template-clusterclass-rke2.yaml +++ b/templates/cluster-template-clusterclass-rke2.yaml @@ -11,7 +11,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-control-plane ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane infrastructure: @@ -58,7 +58,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -79,7 +79,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -103,7 +103,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -172,7 +172,7 @@ spec: diskSizeGB: 30 osType: Linux --- -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane @@ -200,7 +200,7 @@ spec: extraArgs: - --anonymous-auth=true --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/flavors/clusterclass-rke2/clusterclass.yaml b/templates/flavors/clusterclass-rke2/clusterclass.yaml index 51dc29cb251..23d20e0a361 100644 --- a/templates/flavors/clusterclass-rke2/clusterclass.yaml +++ b/templates/flavors/clusterclass-rke2/clusterclass.yaml @@ -5,7 +5,7 @@ metadata: spec: controlPlane: ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane machineInfrastructure: @@ -24,7 +24,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -72,7 +72,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -81,7 +81,7 @@ spec: - name: azureMachineTemplate definitions: - selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true diff --git a/templates/flavors/clusterclass-rke2/rke2-config-template.yaml b/templates/flavors/clusterclass-rke2/rke2-config-template.yaml index 5167ecf38da..b519fe67f2c 100644 --- a/templates/flavors/clusterclass-rke2/rke2-config-template.yaml +++ b/templates/flavors/clusterclass-rke2/rke2-config-template.yaml @@ -1,4 +1,4 @@ -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml b/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml index 3414bb06971..0864af660fe 100644 --- a/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml +++ b/templates/flavors/clusterclass-rke2/rke2-controlplane-template.yaml @@ -1,4 +1,4 @@ -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane diff --git a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml index a357a4360db..981a77f1139 100644 --- a/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml +++ b/templates/test/ci/cluster-template-prow-clusterclass-ci-rke2.yaml @@ -11,7 +11,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-control-plane ref: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate name: ${CLUSTER_NAME}-control-plane infrastructure: @@ -34,7 +34,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -53,7 +53,7 @@ spec: path: /etc/kubernetes/azure.json permissions: "0644" selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: @@ -273,7 +273,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -282,7 +282,7 @@ spec: kind: AzureMachineTemplate name: ${CLUSTER_NAME}-worker --- -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: ${CLUSTER_NAME}-control-plane @@ -372,7 +372,7 @@ spec: diskSizeGB: 30 osType: Linux --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml b/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml index bbb1ffa37bf..f1ab02677b5 100644 --- a/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml +++ b/templates/test/ci/prow-clusterclass-ci-rke2/patches.yaml @@ -15,7 +15,7 @@ spec: template: bootstrap: ref: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate name: ${CLUSTER_NAME}-worker infrastructure: @@ -27,7 +27,7 @@ spec: - name: controlPlaneAzureJsonSecretName definitions: - selector: - apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate matchResources: controlPlane: true @@ -46,7 +46,7 @@ spec: - name: workerAzureJsonSecretName definitions: - selector: - apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate matchResources: machineDeploymentClass: diff --git a/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml b/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml index 182f3275be5..e66d1ab5f81 100644 --- a/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml +++ b/templates/test/ci/prow-clusterclass-ci-rke2/rke2-config-template.yaml @@ -1,4 +1,4 @@ -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: ${CLUSTER_NAME}-worker diff --git a/test/e2e/azure_test.go b/test/e2e/azure_test.go index fcd9c58edd8..e76b8a293a1 100644 --- a/test/e2e/azure_test.go +++ b/test/e2e/azure_test.go @@ -1050,7 +1050,7 @@ var _ = Describe("Workload cluster creation", func() { clusterName = getClusterName(clusterNamePrefix, "cc") // Init rke2 CP and bootstrap providers - rke2Version := "v0.21.1" + rke2Version := "v0.24.3" initInput := clusterctl.InitInput{ // pass reference to the management cluster hosting this test KubeconfigPath: bootstrapClusterProxy.GetKubeconfigPath(), @@ -1075,7 +1075,7 @@ var _ = Describe("Workload cluster creation", func() { // // If that issue is resolved then we can remove this workaround. objects, err := yaml.ToUnstructured([]byte(` -apiVersion: controlplane.cluster.x-k8s.io/v1beta1 +apiVersion: controlplane.cluster.x-k8s.io/v1beta2 kind: RKE2ControlPlaneTemplate metadata: name: dry-run @@ -1085,7 +1085,7 @@ spec: spec: rolloutStrategy: {} --- -apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 +apiVersion: bootstrap.cluster.x-k8s.io/v1beta2 kind: RKE2ConfigTemplate metadata: name: dry-run From 0e3eea667239e3b123ed8157049ea8bdfba98736 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 6 May 2026 08:21:26 -0600 Subject: [PATCH 55/61] Move webhooks out of exp/api/v1beta1 --- Makefile | 1 + exp/api/v1beta1/azuremachinepool_test.go | 3 +- exp/api/v1beta1/zz_generated.deepcopy.go | 2 +- .../azuremachinepool_reconciler.go | 3 +- .../api/v1beta1/azuremachinepool_default.go | 51 ++--- .../v1beta1/azuremachinepool_default_test.go | 143 +++++++------ .../exp/webhooks}/azuremachinepool_webhook.go | 110 +++++----- .../azuremachinepool_webhook_test.go | 190 ++++++++++-------- .../azuremachinepoolmachine_webhook.go | 22 +- main.go | 5 +- 10 files changed, 269 insertions(+), 261 deletions(-) rename {exp => internal/exp}/api/v1beta1/azuremachinepool_default.go (78%) rename {exp => internal/exp}/api/v1beta1/azuremachinepool_default_test.go (72%) rename {exp/api/v1beta1 => internal/exp/webhooks}/azuremachinepool_webhook.go (73%) rename {exp/api/v1beta1 => internal/exp/webhooks}/azuremachinepool_webhook_test.go (78%) rename {exp/api/v1beta1 => internal/exp/webhooks}/azuremachinepoolmachine_webhook.go (62%) diff --git a/Makefile b/Makefile index 6371c2f0cee..1312a0d3786 100644 --- a/Makefile +++ b/Makefile @@ -538,6 +538,7 @@ generate-manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc. paths=./api/... \ paths=./$(EXP_DIR)/api/... \ paths=./internal/webhooks/... \ + paths=./internal/exp/webhooks/... \ crd:crdVersions=v1 \ rbac:roleName=base-manager-role \ output:crd:dir=$(CRD_ROOT) \ diff --git a/exp/api/v1beta1/azuremachinepool_test.go b/exp/api/v1beta1/azuremachinepool_test.go index 12bed0d3018..3e8e849cd4c 100644 --- a/exp/api/v1beta1/azuremachinepool_test.go +++ b/exp/api/v1beta1/azuremachinepool_test.go @@ -24,6 +24,7 @@ import ( infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" + expwebhooks "sigs.k8s.io/cluster-api-provider-azure/internal/exp/webhooks" ) func TestAzureMachinePool_Validate(t *testing.T) { @@ -249,7 +250,7 @@ func TestAzureMachinePool_Validate(t *testing.T) { // Don't add t.Parallel() here or the test will fail. g := gomega.NewGomegaWithT(t) amp := c.Factory(g) - actualErr := amp.Validate(nil, nil) + actualErr := expwebhooks.ValidateAzureMachinePool(nil, amp, nil) c.Expect(g, actualErr) }) } diff --git a/exp/api/v1beta1/zz_generated.deepcopy.go b/exp/api/v1beta1/zz_generated.deepcopy.go index 2083b59c5b5..6c0af75a80f 100644 --- a/exp/api/v1beta1/zz_generated.deepcopy.go +++ b/exp/api/v1beta1/zz_generated.deepcopy.go @@ -22,7 +22,7 @@ package v1beta1 import ( "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" + runtime "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" apiv1beta1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" corev1beta1 "sigs.k8s.io/cluster-api/api/core/v1beta1" diff --git a/exp/controllers/azuremachinepool_reconciler.go b/exp/controllers/azuremachinepool_reconciler.go index 8529eed9829..3a6680700b6 100644 --- a/exp/controllers/azuremachinepool_reconciler.go +++ b/exp/controllers/azuremachinepool_reconciler.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/cluster-api-provider-azure/azure/services/roleassignments" "sigs.k8s.io/cluster-api-provider-azure/azure/services/scalesets" "sigs.k8s.io/cluster-api-provider-azure/azure/services/tags" + apiinternalexp "sigs.k8s.io/cluster-api-provider-azure/internal/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/util/tele" ) @@ -73,7 +74,7 @@ func (s *azureMachinePoolService) Reconcile(ctx context.Context) error { defer done() // Ensure that the deprecated networking field values have been migrated to the new NetworkInterfaces field. - s.scope.AzureMachinePool.SetNetworkInterfacesDefaults() + apiinternalexp.SetNetworkInterfacesDefaults(s.scope.AzureMachinePool) if err := s.scope.SetSubnetName(); err != nil { return errors.Wrap(err, "failed defaulting subnet name") diff --git a/exp/api/v1beta1/azuremachinepool_default.go b/internal/exp/api/v1beta1/azuremachinepool_default.go similarity index 78% rename from exp/api/v1beta1/azuremachinepool_default.go rename to internal/exp/api/v1beta1/azuremachinepool_default.go index 10c931518f1..6a510ba1bd5 100644 --- a/exp/api/v1beta1/azuremachinepool_default.go +++ b/internal/exp/api/v1beta1/azuremachinepool_default.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -27,30 +27,31 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" apiinternal "sigs.k8s.io/cluster-api-provider-azure/internal/api/v1beta1" azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" utilSSH "sigs.k8s.io/cluster-api-provider-azure/util/ssh" ) // SetDefaults sets the default values for an AzureMachinePool. -func (amp *AzureMachinePool) SetDefaults(client client.Client) error { +func SetDefaults(amp *infrav1exp.AzureMachinePool, c client.Client) error { var errs []error - if err := amp.SetDefaultSSHPublicKey(); err != nil { + if err := SetDefaultSSHPublicKey(amp); err != nil { errs = append(errs, errors.Wrap(err, "failed to set default SSH public key")) } - if err := amp.SetIdentityDefaults(client); err != nil { + if err := SetIdentityDefaults(amp, c); err != nil { errs = append(errs, errors.Wrap(err, "failed to set default managed identity defaults")) } - amp.SetDiagnosticsDefaults() - amp.SetNetworkInterfacesDefaults() - amp.SetOSDiskDefaults() + SetDiagnosticsDefaults(amp) + SetNetworkInterfacesDefaults(amp) + SetOSDiskDefaults(amp) return kerrors.NewAggregate(errs) } // SetDefaultSSHPublicKey sets the default SSHPublicKey for an AzureMachinePool. -func (amp *AzureMachinePool) SetDefaultSSHPublicKey() error { +func SetDefaultSSHPublicKey(amp *infrav1exp.AzureMachinePool) error { if sshKeyData := amp.Spec.Template.SSHPublicKey; sshKeyData == "" { _, publicRsaKey, err := utilSSH.GenerateSSHKey() if err != nil { @@ -63,25 +64,25 @@ func (amp *AzureMachinePool) SetDefaultSSHPublicKey() error { } // SetIdentityDefaults sets the defaults for VMSS Identity. -func (amp *AzureMachinePool) SetIdentityDefaults(client client.Client) error { +func SetIdentityDefaults(amp *infrav1exp.AzureMachinePool, c client.Client) error { // Ensure the deprecated fields and new fields are not populated simultaneously - if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { + if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { //nolint:staticcheck // Both the deprecated and the new fields are both set, return without changes // and reject the request in the validating webhook which runs later. return nil } if amp.Spec.Identity == infrav1.VMIdentitySystemAssigned { - machinePool, err := azureutil.FindParentMachinePoolWithRetryV1Beta1(amp.Name, client, 5) + machinePool, err := azureutil.FindParentMachinePoolWithRetryV1Beta1(amp.Name, c, 5) if err != nil { return errors.Wrap(err, "failed to find parent machine pool") } - ownerAzureClusterName, ownerAzureClusterNamespace, err := apiinternal.GetOwnerAzureClusterNameAndNamespace(client, machinePool.Spec.ClusterName, machinePool.Namespace, 5) + ownerAzureClusterName, ownerAzureClusterNamespace, err := apiinternal.GetOwnerAzureClusterNameAndNamespace(c, machinePool.Spec.ClusterName, machinePool.Namespace, 5) if err != nil { return errors.Wrap(err, "failed to get owner cluster") } - subscriptionID, err := apiinternal.GetSubscriptionID(client, ownerAzureClusterName, ownerAzureClusterNamespace, 5) + subscriptionID, err := apiinternal.GetSubscriptionID(c, ownerAzureClusterName, ownerAzureClusterNamespace, 5) if err != nil { return errors.Wrap(err, "failed to get subscription ID") } @@ -89,9 +90,9 @@ func (amp *AzureMachinePool) SetIdentityDefaults(client client.Client) error { if amp.Spec.SystemAssignedIdentityRole == nil { amp.Spec.SystemAssignedIdentityRole = &infrav1.SystemAssignedIdentityRole{} } - if amp.Spec.RoleAssignmentName != "" { - amp.Spec.SystemAssignedIdentityRole.Name = amp.Spec.RoleAssignmentName - amp.Spec.RoleAssignmentName = "" + if amp.Spec.RoleAssignmentName != "" { //nolint:staticcheck + amp.Spec.SystemAssignedIdentityRole.Name = amp.Spec.RoleAssignmentName //nolint:staticcheck + amp.Spec.RoleAssignmentName = "" //nolint:staticcheck } else if amp.Spec.SystemAssignedIdentityRole.Name == "" { amp.Spec.SystemAssignedIdentityRole.Name = string(uuid.NewUUID()) } @@ -108,7 +109,7 @@ func (amp *AzureMachinePool) SetIdentityDefaults(client client.Client) error { } // SetSpotEvictionPolicyDefaults sets the defaults for the spot VM eviction policy. -func (amp *AzureMachinePool) SetSpotEvictionPolicyDefaults() { +func SetSpotEvictionPolicyDefaults(amp *infrav1exp.AzureMachinePool) { if amp.Spec.Template.SpotVMOptions != nil && amp.Spec.Template.SpotVMOptions.EvictionPolicy == nil { defaultPolicy := infrav1.SpotEvictionPolicyDeallocate if amp.Spec.Template.OSDisk.DiffDiskSettings != nil && amp.Spec.Template.OSDisk.DiffDiskSettings.Option == "Local" { @@ -119,7 +120,7 @@ func (amp *AzureMachinePool) SetSpotEvictionPolicyDefaults() { } // SetDiagnosticsDefaults sets the defaults for Diagnostic settings for an AzureMachinePool. -func (amp *AzureMachinePool) SetDiagnosticsDefaults() { +func SetDiagnosticsDefaults(amp *infrav1exp.AzureMachinePool) { bootDefault := &infrav1.BootDiagnostics{ StorageAccountType: infrav1.ManagedDiagnosticsStorage, } @@ -136,9 +137,9 @@ func (amp *AzureMachinePool) SetDiagnosticsDefaults() { } // SetNetworkInterfacesDefaults sets the defaults for the network interfaces. -func (amp *AzureMachinePool) SetNetworkInterfacesDefaults() { +func SetNetworkInterfacesDefaults(amp *infrav1exp.AzureMachinePool) { // Ensure the deprecated fields and new fields are not populated simultaneously - if (amp.Spec.Template.SubnetName != "" || amp.Spec.Template.AcceleratedNetworking != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 { + if (amp.Spec.Template.SubnetName != "" || amp.Spec.Template.AcceleratedNetworking != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 { //nolint:staticcheck // Both the deprecated and the new fields are both set, return without changes // and reject the request in the validating webhook which runs later. return @@ -147,12 +148,12 @@ func (amp *AzureMachinePool) SetNetworkInterfacesDefaults() { if len(amp.Spec.Template.NetworkInterfaces) == 0 { amp.Spec.Template.NetworkInterfaces = []infrav1.NetworkInterface{ { - SubnetName: amp.Spec.Template.SubnetName, - AcceleratedNetworking: amp.Spec.Template.AcceleratedNetworking, + SubnetName: amp.Spec.Template.SubnetName, //nolint:staticcheck + AcceleratedNetworking: amp.Spec.Template.AcceleratedNetworking, //nolint:staticcheck }, } - amp.Spec.Template.SubnetName = "" - amp.Spec.Template.AcceleratedNetworking = nil + amp.Spec.Template.SubnetName = "" //nolint:staticcheck + amp.Spec.Template.AcceleratedNetworking = nil //nolint:staticcheck } // Ensure that PrivateIPConfigs defaults to 1 if not specified. @@ -164,7 +165,7 @@ func (amp *AzureMachinePool) SetNetworkInterfacesDefaults() { } // SetOSDiskDefaults sets the defaults for the OSDisk. -func (amp *AzureMachinePool) SetOSDiskDefaults() { +func SetOSDiskDefaults(amp *infrav1exp.AzureMachinePool) { if amp.Spec.Template.OSDisk.OSType == "" { amp.Spec.Template.OSDisk.OSType = "Linux" } diff --git a/exp/api/v1beta1/azuremachinepool_default_test.go b/internal/exp/api/v1beta1/azuremachinepool_default_test.go similarity index 72% rename from exp/api/v1beta1/azuremachinepool_default_test.go rename to internal/exp/api/v1beta1/azuremachinepool_default_test.go index 1fcdd895eee..9ade88c2773 100644 --- a/exp/api/v1beta1/azuremachinepool_default_test.go +++ b/internal/exp/api/v1beta1/azuremachinepool_default_test.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" apiinternal "sigs.k8s.io/cluster-api-provider-azure/internal/api/v1beta1" ) @@ -36,19 +37,17 @@ func TestAzureMachinePool_SetDefaultSSHPublicKey(t *testing.T) { g := NewWithT(t) type test struct { - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool } existingPublicKey := "testpublickey" publicKeyExistTest := test{amp: createMachinePoolWithSSHPublicKey(existingPublicKey)} publicKeyNotExistTest := test{amp: createMachinePoolWithSSHPublicKey("")} - err := publicKeyExistTest.amp.SetDefaultSSHPublicKey() - g.Expect(err).NotTo(HaveOccurred()) + g.Expect(SetDefaultSSHPublicKey(publicKeyExistTest.amp)).To(Succeed()) g.Expect(publicKeyExistTest.amp.Spec.Template.SSHPublicKey).To(Equal(existingPublicKey)) - err = publicKeyNotExistTest.amp.SetDefaultSSHPublicKey() - g.Expect(err).NotTo(HaveOccurred()) + g.Expect(SetDefaultSSHPublicKey(publicKeyNotExistTest.amp)).To(Succeed()) g.Expect(publicKeyNotExistTest.amp.Spec.Template.SSHPublicKey).NotTo(BeEmpty()) } @@ -61,14 +60,14 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { tests := []struct { name string - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool wantErr bool expectedRoleAssignmentName string expectedSystemAssignedIdentityRole *infrav1.SystemAssignedIdentityRole }{ { name: "bothRoleAssignmentNamesPopulated", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, RoleAssignmentName: existingRoleAssignmentName, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ @@ -82,7 +81,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "roleAssignmentExist", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -96,14 +95,14 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "notSystemAssigned", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentityUserAssigned, }}, expectedSystemAssignedIdentityRole: nil, }, { name: "systemAssignedIdentityRoleExist", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -119,7 +118,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { }, { name: "deprecatedRoleAssignmentName", - machinePool: &AzureMachinePool{Spec: AzureMachinePoolSpec{ + machinePool: &infrav1exp.AzureMachinePool{Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, RoleAssignmentName: existingRoleAssignmentName, }}, @@ -136,7 +135,7 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { g := NewWithT(t) scheme := runtime.NewScheme() - _ = AddToScheme(scheme) + _ = infrav1exp.AddToScheme(scheme) _ = infrav1.AddToScheme(scheme) _ = clusterv1.AddToScheme(scheme) @@ -176,12 +175,12 @@ func TestAzureMachinePool_SetIdentityDefaults(t *testing.T) { } fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithRuntimeObjects(tc.machinePool, machinePool, azureCluster, cluster).Build() - err := tc.machinePool.SetIdentityDefaults(fakeClient) + err := SetIdentityDefaults(tc.machinePool, fakeClient) if tc.wantErr { g.Expect(err).To(HaveOccurred()) } else { g.Expect(err).NotTo(HaveOccurred()) - g.Expect(tc.machinePool.Spec.RoleAssignmentName).To(Equal(tc.expectedRoleAssignmentName)) + g.Expect(tc.machinePool.Spec.RoleAssignmentName).To(Equal(tc.expectedRoleAssignmentName)) //nolint:staticcheck g.Expect(tc.machinePool.Spec.SystemAssignedIdentityRole).To(Equal(tc.expectedSystemAssignedIdentityRole)) } }) @@ -192,16 +191,16 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { g := NewWithT(t) type test struct { - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool } bootDiagnosticsDefault := &infrav1.BootDiagnostics{ StorageAccountType: infrav1.ManagedDiagnosticsStorage, } - managedStorageDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + managedStorageDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.ManagedDiagnosticsStorage, @@ -211,9 +210,9 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - disabledStorageDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + disabledStorageDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.DisabledDiagnosticsStorage, @@ -223,9 +222,9 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - userManagedDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + userManagedDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{ Boot: &infrav1.BootDiagnostics{ StorageAccountType: infrav1.UserManagedDiagnosticsStorage, @@ -238,36 +237,36 @@ func TestAzureMachinePool_SetDiagnosticsDefaults(t *testing.T) { }, }} - nilDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: nil, }, }, }} // Test that when no diagnostics are specified, the defaults are set correctly - nilBootDiagnostics := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilBootDiagnostics := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: &infrav1.Diagnostics{}, }, }, }} - nilBootDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(nilBootDiagnostics.machinePool) g.Expect(nilBootDiagnostics.machinePool.Spec.Template.Diagnostics.Boot).To(Equal(bootDiagnosticsDefault)) - managedStorageDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(managedStorageDiagnostics.machinePool) g.Expect(managedStorageDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.ManagedDiagnosticsStorage)) - disabledStorageDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(disabledStorageDiagnostics.machinePool) g.Expect(disabledStorageDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.DisabledDiagnosticsStorage)) - userManagedDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(userManagedDiagnostics.machinePool) g.Expect(userManagedDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.UserManagedDiagnosticsStorage)) - nilDiagnostics.machinePool.SetDiagnosticsDefaults() + SetDiagnosticsDefaults(nilDiagnostics.machinePool) g.Expect(nilDiagnostics.machinePool.Spec.Template.Diagnostics.Boot.StorageAccountType).To(Equal(infrav1.ManagedDiagnosticsStorage)) } @@ -275,28 +274,28 @@ func TestAzureMachinePool_SetSpotEvictionPolicyDefaults(t *testing.T) { g := NewWithT(t) type test struct { - machinePool *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool } // test to Ensure the default policy is set to Deallocate if EvictionPolicy is nil defaultEvictionPolicy := infrav1.SpotEvictionPolicyDeallocate - nilDiffDiskSettingsPolicy := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + nilDiffDiskSettingsPolicy := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SpotVMOptions: &infrav1.SpotVMOptions{ EvictionPolicy: nil, }, }, }, }} - nilDiffDiskSettingsPolicy.machinePool.SetSpotEvictionPolicyDefaults() + SetSpotEvictionPolicyDefaults(nilDiffDiskSettingsPolicy.machinePool) g.Expect(nilDiffDiskSettingsPolicy.machinePool.Spec.Template.SpotVMOptions.EvictionPolicy).To(Equal(&defaultEvictionPolicy)) // test to Ensure the default policy is set to Delete if diffDiskSettings option is set to "Local" expectedEvictionPolicy := infrav1.SpotEvictionPolicyDelete - diffDiskSettingsPolicy := test{machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + diffDiskSettingsPolicy := test{machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SpotVMOptions: &infrav1.SpotVMOptions{}, OSDisk: infrav1.OSDisk{ DiffDiskSettings: &infrav1.DiffDiskSettings{ @@ -306,28 +305,28 @@ func TestAzureMachinePool_SetSpotEvictionPolicyDefaults(t *testing.T) { }, }, }} - diffDiskSettingsPolicy.machinePool.SetSpotEvictionPolicyDefaults() + SetSpotEvictionPolicyDefaults(diffDiskSettingsPolicy.machinePool) g.Expect(diffDiskSettingsPolicy.machinePool.Spec.Template.SpotVMOptions.EvictionPolicy).To(Equal(&expectedEvictionPolicy)) } func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { testCases := []struct { name string - machinePool *AzureMachinePool - want *AzureMachinePool + machinePool *infrav1exp.AzureMachinePool + want *infrav1exp.AzureMachinePool }{ { name: "defaulting webhook updates MachinePool with deprecated subnetName field", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "", NetworkInterfaces: []infrav1.NetworkInterface{ { @@ -341,17 +340,17 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, { name: "defaulting webhook updates MachinePool with deprecated acceleratedNetworking field", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", AcceleratedNetworking: ptr.To(true), }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "", AcceleratedNetworking: nil, NetworkInterfaces: []infrav1.NetworkInterface{ @@ -367,9 +366,9 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, { name: "defaulting webhook does nothing if both new and deprecated subnetName fields are set", - machinePool: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + machinePool: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", NetworkInterfaces: []infrav1.NetworkInterface{{ SubnetName: "test-subnet", @@ -377,9 +376,9 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { }, }, }, - want: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + want: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: "test-subnet", AcceleratedNetworking: nil, NetworkInterfaces: []infrav1.NetworkInterface{ @@ -396,20 +395,16 @@ func TestAzureMachinePool_SetNetworkInterfacesDefaults(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - tc.machinePool.SetNetworkInterfacesDefaults() + SetNetworkInterfacesDefaults(tc.machinePool) g.Expect(tc.machinePool).To(Equal(tc.want)) }) } } -func createMachinePoolWithSSHPublicKey(sshPublicKey string) *AzureMachinePool { - return hardcodedAzureMachinePoolWithSSHKey(sshPublicKey) -} - -func hardcodedAzureMachinePoolWithSSHKey(sshPublicKey string) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithSSHPublicKey(sshPublicKey string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SSHPublicKey: sshPublicKey, OSDisk: infrav1.OSDisk{ CachingType: "None", diff --git a/exp/api/v1beta1/azuremachinepool_webhook.go b/internal/exp/webhooks/azuremachinepool_webhook.go similarity index 73% rename from exp/api/v1beta1/azuremachinepool_webhook.go rename to internal/exp/webhooks/azuremachinepool_webhook.go index f444ff09372..edb076dcb94 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook.go +++ b/internal/exp/webhooks/azuremachinepool_webhook.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" @@ -33,62 +33,63 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" + apiinternalexp "sigs.k8s.io/cluster-api-provider-azure/internal/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/internal/webhooks" azureutil "sigs.k8s.io/cluster-api-provider-azure/util/azure" ) -// SetupAzureMachinePoolWebhookWithManager sets up and registers the webhook with the manager. -func SetupAzureMachinePoolWebhookWithManager(mgr ctrl.Manager) error { - ampw := &azureMachinePoolWebhook{Client: mgr.GetClient()} - return ctrl.NewWebhookManagedBy(mgr, &AzureMachinePool{}). - WithDefaulter(ampw). - WithValidator(ampw). +// SetupWebhookWithManager sets up and registers the webhook with the manager. +func (mw *AzureMachinePoolWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { + mw.Client = mgr.GetClient() + return ctrl.NewWebhookManagedBy(mgr, &infrav1exp.AzureMachinePool{}). + WithDefaulter(mw). + WithValidator(mw). Complete() } // +kubebuilder:webhook:path=/mutate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=true,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,verbs=create;update,versions=v1beta1,name=default.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 +// +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,versions=v1beta1,name=validation.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -// azureMachinePoolWebhook implements a validating and defaulting webhook for AzureMachinePool. -type azureMachinePoolWebhook struct { +// AzureMachinePoolWebhook implements a validating and defaulting webhook for AzureMachinePool. +type AzureMachinePoolWebhook struct { Client client.Client } // Default implements webhook.Defaulter so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) Default(_ context.Context, amp *AzureMachinePool) error { - return amp.SetDefaults(ampw.Client) +func (mw *AzureMachinePoolWebhook) Default(_ context.Context, amp *infrav1exp.AzureMachinePool) error { + return apiinternalexp.SetDefaults(amp, mw.Client) } -// +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepool,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepools,versions=v1beta1,name=validation.azuremachinepool.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 - // ValidateCreate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateCreate(_ context.Context, amp *AzureMachinePool) (admission.Warnings, error) { - return nil, amp.Validate(nil, ampw.Client) +func (mw *AzureMachinePoolWebhook) ValidateCreate(_ context.Context, amp *infrav1exp.AzureMachinePool) (admission.Warnings, error) { + return nil, ValidateAzureMachinePool(nil, amp, mw.Client) } // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, amp *AzureMachinePool) (admission.Warnings, error) { - return nil, amp.Validate(oldObj, ampw.Client) +func (mw *AzureMachinePoolWebhook) ValidateUpdate(_ context.Context, oldObj, amp *infrav1exp.AzureMachinePool) (admission.Warnings, error) { + return nil, ValidateAzureMachinePool(oldObj, amp, mw.Client) } // ValidateDelete implements webhook.Validator so a webhook will be registered for the type. -func (ampw *azureMachinePoolWebhook) ValidateDelete(_ context.Context, _ *AzureMachinePool) (admission.Warnings, error) { +func (mw *AzureMachinePoolWebhook) ValidateDelete(_ context.Context, _ *infrav1exp.AzureMachinePool) (admission.Warnings, error) { return nil, nil } -// Validate the Azure Machine Pool and return an aggregate error. -func (amp *AzureMachinePool) Validate(old runtime.Object, client client.Client) error { +// ValidateAzureMachinePool runs the Azure Machine Pool validators and returns an aggregate error. +func ValidateAzureMachinePool(old runtime.Object, amp *infrav1exp.AzureMachinePool, c client.Client) error { validators := []func() error{ - amp.ValidateImage, - amp.ValidateTerminateNotificationTimeout, - amp.ValidateSSHKey, - amp.ValidateUserAssignedIdentity, - amp.ValidateDiagnostics, - amp.ValidateOrchestrationMode(client), - amp.ValidateStrategy(), - amp.ValidateSystemAssignedIdentity(old), - amp.ValidateSystemAssignedIdentityRole, - amp.ValidateNetwork, - amp.ValidateOSDisk, + func() error { return validateImage(amp) }, + func() error { return validateTerminateNotificationTimeout(amp) }, + func() error { return validateSSHKey(amp) }, + func() error { return validateUserAssignedIdentity(amp) }, + func() error { return validateDiagnostics(amp) }, + validateOrchestrationMode(amp, c), + validateStrategy(amp), + validateSystemAssignedIdentity(amp, old), + func() error { return validateSystemAssignedIdentityRole(amp) }, + func() error { return validateNetwork(amp) }, + func() error { return validateOSDisk(amp) }, } var errs []error @@ -101,36 +102,31 @@ func (amp *AzureMachinePool) Validate(old runtime.Object, client client.Client) return kerrors.NewAggregate(errs) } -// ValidateNetwork of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateNetwork() error { - if (amp.Spec.Template.NetworkInterfaces != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 && amp.Spec.Template.SubnetName != "" { +func validateNetwork(amp *infrav1exp.AzureMachinePool) error { + if (amp.Spec.Template.NetworkInterfaces != nil) && len(amp.Spec.Template.NetworkInterfaces) > 0 && amp.Spec.Template.SubnetName != "" { //nolint:staticcheck return errors.New("cannot set both NetworkInterfaces and machine SubnetName") } return nil } -// ValidateOSDisk of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateOSDisk() error { +func validateOSDisk(amp *infrav1exp.AzureMachinePool) error { if errs := webhooks.ValidateOSDisk(amp.Spec.Template.OSDisk, field.NewPath("osDisk")); len(errs) > 0 { return errs.ToAggregate() } return nil } -// ValidateImage of an AzureMachinePool. -func (amp *AzureMachinePool) ValidateImage() error { +func validateImage(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.Image != nil { image := amp.Spec.Template.Image if errs := webhooks.ValidateImage(image, field.NewPath("image")); len(errs) > 0 { return errs.ToAggregate() } } - return nil } -// ValidateTerminateNotificationTimeout termination notification timeout to be between 5 and 15. -func (amp *AzureMachinePool) ValidateTerminateNotificationTimeout() error { +func validateTerminateNotificationTimeout(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.TerminateNotificationTimeout == nil { return nil } @@ -145,21 +141,18 @@ func (amp *AzureMachinePool) ValidateTerminateNotificationTimeout() error { return nil } -// ValidateSSHKey validates an SSHKey. -func (amp *AzureMachinePool) ValidateSSHKey() error { +func validateSSHKey(amp *infrav1exp.AzureMachinePool) error { if amp.Spec.Template.SSHPublicKey != "" { sshKey := amp.Spec.Template.SSHPublicKey if errs := webhooks.ValidateSSHKey(sshKey, field.NewPath("sshKey")); len(errs) > 0 { - agg := kerrors.NewAggregate(errs.ToAggregate().Errors()) - return agg + return kerrors.NewAggregate(errs.ToAggregate().Errors()) } } return nil } -// ValidateUserAssignedIdentity validates the user-assigned identities list. -func (amp *AzureMachinePool) ValidateUserAssignedIdentity() error { +func validateUserAssignedIdentity(amp *infrav1exp.AzureMachinePool) error { fldPath := field.NewPath("userAssignedIdentities") if errs := webhooks.ValidateUserAssignedIdentity(amp.Spec.Identity, amp.Spec.UserAssignedIdentities, fldPath); len(errs) > 0 { return kerrors.NewAggregate(errs.ToAggregate().Errors()) @@ -168,10 +161,9 @@ func (amp *AzureMachinePool) ValidateUserAssignedIdentity() error { return nil } -// ValidateStrategy validates the strategy. -func (amp *AzureMachinePool) ValidateStrategy() func() error { +func validateStrategy(amp *infrav1exp.AzureMachinePool) func() error { return func() error { - if amp.Spec.Strategy.Type == RollingUpdateAzureMachinePoolDeploymentStrategyType && amp.Spec.Strategy.RollingUpdate != nil { + if amp.Spec.Strategy.Type == infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType && amp.Spec.Strategy.RollingUpdate != nil { rollingUpdateStrategy := amp.Spec.Strategy.RollingUpdate maxSurge := rollingUpdateStrategy.MaxSurge maxUnavailable := rollingUpdateStrategy.MaxUnavailable @@ -185,12 +177,11 @@ func (amp *AzureMachinePool) ValidateStrategy() func() error { } } -// ValidateSystemAssignedIdentity validates system-assigned identity role. -func (amp *AzureMachinePool) ValidateSystemAssignedIdentity(old runtime.Object) func() error { +func validateSystemAssignedIdentity(amp *infrav1exp.AzureMachinePool, old runtime.Object) func() error { return func() error { var oldRole string if old != nil { - oldMachinePool, ok := old.(*AzureMachinePool) + oldMachinePool, ok := old.(*infrav1exp.AzureMachinePool) if !ok { return fmt.Errorf("unexpected type for old azure machine pool object. Expected: %q, Got: %q", "AzureMachinePool", reflect.TypeOf(old)) @@ -214,10 +205,9 @@ func (amp *AzureMachinePool) ValidateSystemAssignedIdentity(old runtime.Object) } } -// ValidateSystemAssignedIdentityRole validates the scope and roleDefinitionID for the system-assigned identity. -func (amp *AzureMachinePool) ValidateSystemAssignedIdentityRole() error { +func validateSystemAssignedIdentityRole(amp *infrav1exp.AzureMachinePool) error { var allErrs field.ErrorList - if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { + if amp.Spec.RoleAssignmentName != "" && amp.Spec.SystemAssignedIdentityRole != nil && amp.Spec.SystemAssignedIdentityRole.Name != "" { //nolint:staticcheck allErrs = append(allErrs, field.Invalid(field.NewPath("systemAssignedIdentityRole"), amp.Spec.SystemAssignedIdentityRole.Name, "cannot set both roleAssignmentName and systemAssignedIdentityRole.name")) } if amp.Spec.Identity == infrav1.VMIdentitySystemAssigned { @@ -239,8 +229,7 @@ func (amp *AzureMachinePool) ValidateSystemAssignedIdentityRole() error { return nil } -// ValidateDiagnostics validates the Diagnostic spec. -func (amp *AzureMachinePool) ValidateDiagnostics() error { +func validateDiagnostics(amp *infrav1exp.AzureMachinePool) error { var allErrs field.ErrorList fieldPath := field.NewPath("diagnostics") @@ -280,8 +269,7 @@ func (amp *AzureMachinePool) ValidateDiagnostics() error { return nil } -// ValidateOrchestrationMode validates requirements for the VMSS orchestration mode. -func (amp *AzureMachinePool) ValidateOrchestrationMode(c client.Client) func() error { +func validateOrchestrationMode(amp *infrav1exp.AzureMachinePool, c client.Client) func() error { return func() error { // Only Flexible orchestration mode requires validation. if amp.Spec.OrchestrationMode == infrav1.OrchestrationModeType(armcompute.OrchestrationModeFlexible) { diff --git a/exp/api/v1beta1/azuremachinepool_webhook_test.go b/internal/exp/webhooks/azuremachinepool_webhook_test.go similarity index 78% rename from exp/api/v1beta1/azuremachinepool_webhook_test.go rename to internal/exp/webhooks/azuremachinepool_webhook_test.go index 53dc0b2c720..4fa3c88e5c4 100644 --- a/exp/api/v1beta1/azuremachinepool_webhook_test.go +++ b/internal/exp/webhooks/azuremachinepool_webhook_test.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" @@ -35,6 +35,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" infrav1 "sigs.k8s.io/cluster-api-provider-azure/api/v1beta1" + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" "sigs.k8s.io/cluster-api-provider-azure/feature" apiinternal "sigs.k8s.io/cluster-api-provider-azure/internal/api/v1beta1" apifixtures "sigs.k8s.io/cluster-api-provider-azure/internal/test/apifixtures" @@ -52,12 +53,12 @@ type mockClient struct { ReturnError bool } -func (m mockClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { +func (m mockClient) Get(_ context.Context, _ client.ObjectKey, obj client.Object, _ ...client.GetOption) error { obj.(*clusterv1.MachinePool).Spec.Template.Spec.Version = m.Version return nil } -func (m mockClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { +func (m mockClient) List(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { if m.ReturnError { return errors.New("MachinePool.cluster.x-k8s.io \"mock-machinepool-mp-0\" not found") } @@ -71,7 +72,7 @@ func (m mockClient) List(ctx context.Context, list client.ObjectList, opts ...cl func TestAzureMachinePool_ValidateCreate(t *testing.T) { tests := []struct { name string - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool version string ownerNotFound bool wantErr bool @@ -176,9 +177,9 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { }, { name: "azuremachinepool with invalid MaxSurge and MaxUnavailable rolling upgrade configuration", - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &zero, }, @@ -187,9 +188,9 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { }, { name: "azuremachinepool with valid MaxSurge and MaxUnavailable rolling upgrade configuration", - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, @@ -248,11 +249,11 @@ func TestAzureMachinePool_ValidateCreate(t *testing.T) { } for _, tc := range tests { - client := mockClient{Version: tc.version, ReturnError: tc.ownerNotFound} + c := mockClient{Version: tc.version, ReturnError: tc.ownerNotFound} t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - ampw := &azureMachinePoolWebhook{ - Client: client, + ampw := &AzureMachinePoolWebhook{ + Client: c, } _, err := ampw.ValidateCreate(t.Context(), tc.amp) if tc.wantErr { @@ -273,7 +274,7 @@ type mockDefaultClient struct { ReturnError bool } -func (m mockDefaultClient) Get(ctx context.Context, key client.ObjectKey, obj client.Object, opts ...client.GetOption) error { +func (m mockDefaultClient) Get(_ context.Context, _ client.ObjectKey, obj client.Object, _ ...client.GetOption) error { switch obj := obj.(type) { case *infrav1.AzureCluster: obj.Spec.SubscriptionID = m.SubscriptionID @@ -288,7 +289,7 @@ func (m mockDefaultClient) Get(ctx context.Context, key client.ObjectKey, obj cl return nil } -func (m mockDefaultClient) List(ctx context.Context, list client.ObjectList, opts ...client.ListOption) error { +func (m mockDefaultClient) List(_ context.Context, list client.ObjectList, _ ...client.ListOption) error { list.(*clusterv1.MachinePoolList).Items = []clusterv1.MachinePool{ { Spec: clusterv1.MachinePoolSpec{ @@ -315,8 +316,8 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { tests := []struct { name string - oldAMP *AzureMachinePool - amp *AzureMachinePool + oldAMP *infrav1exp.AzureMachinePool + amp *infrav1exp.AzureMachinePool wantErr bool }{ { @@ -345,10 +346,10 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { }, { name: "azuremachinepool with invalid MaxSurge and MaxUnavailable rolling upgrade configuration", - oldAMP: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{}), - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + oldAMP: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{}), + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &zero, }, @@ -357,10 +358,10 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { }, { name: "azuremachinepool with valid MaxSurge and MaxUnavailable rolling upgrade configuration", - oldAMP: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{}), - amp: createMachinePoolWithStrategy(AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + oldAMP: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{}), + amp: createMachinePoolWithStrategy(infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, @@ -389,7 +390,7 @@ func TestAzureMachinePool_ValidateUpdate(t *testing.T) { for _, tc := range tests { t.Run(tc.name, func(t *testing.T) { g := NewWithT(t) - ampw := &azureMachinePoolWebhook{} + ampw := &AzureMachinePoolWebhook{} _, err := ampw.ValidateUpdate(t.Context(), tc.oldAMP, tc.amp) if tc.wantErr { g.Expect(err).To(HaveOccurred()) @@ -404,7 +405,7 @@ func TestAzureMachinePool_Default(t *testing.T) { g := NewWithT(t) type test struct { - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool } existingPublicKey := validSSHPublicKey @@ -416,10 +417,10 @@ func TestAzureMachinePool_Default(t *testing.T) { fakeSubscriptionID := guuid.New().String() fakeClusterName := "testcluster" fakeMachinePoolName := "testmachinepool" - mockClient := mockDefaultClient{Name: fakeMachinePoolName, ClusterName: fakeClusterName, SubscriptionID: fakeSubscriptionID} + c := mockDefaultClient{Name: fakeMachinePoolName, ClusterName: fakeClusterName, SubscriptionID: fakeSubscriptionID} - roleAssignmentExistTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + roleAssignmentExistTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: existingRoleAssignmentName, @@ -432,8 +433,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - emptyTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + emptyTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{}, }, @@ -442,8 +443,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - systemAssignedIdentityRoleExistTest := test{amp: &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + systemAssignedIdentityRoleExistTest := test{amp: &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: "SystemAssigned", SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ DefinitionID: "testroledefinitionid", @@ -455,8 +456,8 @@ func TestAzureMachinePool_Default(t *testing.T) { }, }} - ampw := &azureMachinePoolWebhook{ - Client: mockClient, + ampw := &AzureMachinePoolWebhook{ + Client: c, } err := ampw.Default(t.Context(), roleAssignmentExistTest.amp) @@ -485,7 +486,7 @@ func TestAzureMachinePool_Default(t *testing.T) { g.Expect(emptyTest.amp.Spec.SystemAssignedIdentityRole.DefinitionID).To(Equal(fmt.Sprintf("/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/%s", fakeSubscriptionID, apiinternal.ContributorRoleID))) } -func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ Marketplace: &infrav1.AzureMarketplaceImage{ ImagePlan: infrav1.ImagePlan{ @@ -497,9 +498,9 @@ func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -512,7 +513,7 @@ func createMachinePoolWithMarketPlaceImage(publisher, offer, sku, version string } } -func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, gallery, version string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, gallery, version string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ SharedGallery: &infrav1.AzureSharedGalleryImage{ SubscriptionID: subscriptionID, @@ -523,9 +524,9 @@ func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, galle }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -538,10 +539,10 @@ func createMachinePoolWithSharedImage(subscriptionID, resourceGroup, name, galle } } -func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1.NetworkInterface) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1.NetworkInterface) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ SubnetName: subnetName, NetworkInterfaces: interfaces, OSDisk: infrav1.OSDisk{ @@ -553,14 +554,14 @@ func createMachinePoolWithNetworkConfig(subnetName string, interfaces []infrav1. } } -func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout *int) *AzureMachinePool { +func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout *int) *infrav1exp.AzureMachinePool { image := infrav1.Image{ ID: &imageID, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: terminateNotificationTimeout, @@ -573,16 +574,33 @@ func createMachinePoolWithImageByID(imageID string, terminateNotificationTimeout } } -func createMachinePoolWithSystemAssignedIdentity(role string) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithSSHPublicKey(sshPublicKey string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ + SSHPublicKey: sshPublicKey, + OSDisk: infrav1.OSDisk{ + CachingType: "None", + OSType: "Linux", + }, + }, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "testmachinepool", + }, + } +} + +func createMachinePoolWithSystemAssignedIdentity(role string) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentitySystemAssigned, SystemAssignedIdentityRole: &infrav1.SystemAssignedIdentityRole{ Name: role, Scope: "scope", DefinitionID: "definitionID", }, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -592,7 +610,7 @@ func createMachinePoolWithSystemAssignedIdentity(role string) *AzureMachinePool } } -func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsStorageAccountType, userManaged *infrav1.UserManagedBootDiagnostics) *AzureMachinePool { +func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsStorageAccountType, userManaged *infrav1.UserManagedBootDiagnostics) *infrav1exp.AzureMachinePool { var diagnostics *infrav1.Diagnostics if diagnosticsType != "" { @@ -607,9 +625,9 @@ func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsSto diagnostics.Boot.UserManaged = userManaged } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Diagnostics: diagnostics, OSDisk: infrav1.OSDisk{ CachingType: "None", @@ -620,7 +638,7 @@ func createMachinePoolWithDiagnostics(diagnosticsType infrav1.BootDiagnosticsSto } } -func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachinePool { +func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *infrav1exp.AzureMachinePool { userAssignedIdentities := make([]infrav1.UserAssignedIdentity, len(providerIDs)) for _, providerID := range providerIDs { @@ -629,11 +647,11 @@ func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachi }) } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Identity: infrav1.VMIdentityUserAssigned, UserAssignedIdentities: userAssignedIdentities, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -643,11 +661,11 @@ func createMachinePoolWithUserAssignedIdentity(providerIDs []string) *AzureMachi } } -func createMachinePoolWithStrategy(strategy AzureMachinePoolDeploymentStrategy) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithStrategy(strategy infrav1exp.AzureMachinePoolDeploymentStrategy) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ Strategy: strategy, - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -657,11 +675,11 @@ func createMachinePoolWithStrategy(strategy AzureMachinePoolDeploymentStrategy) } } -func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ +func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ OrchestrationMode: infrav1.OrchestrationModeType(mode), - Template: AzureMachinePoolMachineTemplate{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ CachingType: "None", OSType: "Linux", @@ -671,10 +689,10 @@ func createMachinePoolWithOrchestrationMode(mode armcompute.OrchestrationMode) * } } -func createMachinePoolWithDiffDiskSettings(settings infrav1.DiffDiskSettings) *AzureMachinePool { - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ +func createMachinePoolWithDiffDiskSettings(settings infrav1.DiffDiskSettings) *infrav1exp.AzureMachinePool { + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ OSDisk: infrav1.OSDisk{ DiffDiskSettings: &settings, }, @@ -688,7 +706,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { tests := []struct { name string - amp *AzureMachinePool + amp *infrav1exp.AzureMachinePool featureGateEnabled *bool expectError bool }{ @@ -704,7 +722,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { if tc.featureGateEnabled != nil { utilfeature.SetFeatureGateDuringTest(t, feature.Gates, capifeature.MachinePool, *tc.featureGateEnabled) } - ampw := &azureMachinePoolWebhook{} + ampw := &AzureMachinePoolWebhook{} _, err := ampw.ValidateCreate(t.Context(), tc.amp) if tc.expectError { g.Expect(err).To(HaveOccurred()) @@ -715,7 +733,7 @@ func TestAzureMachinePool_ValidateCreateFailure(t *testing.T) { } } -func getKnownValidAzureMachinePool() *AzureMachinePool { +func getKnownValidAzureMachinePool() *infrav1exp.AzureMachinePool { image := infrav1.Image{ Marketplace: &infrav1.AzureMarketplaceImage{ ImagePlan: infrav1.ImagePlan{ @@ -726,9 +744,9 @@ func getKnownValidAzureMachinePool() *AzureMachinePool { Version: "1.0.0", }, } - return &AzureMachinePool{ - Spec: AzureMachinePoolSpec{ - Template: AzureMachinePoolMachineTemplate{ + return &infrav1exp.AzureMachinePool{ + Spec: infrav1exp.AzureMachinePoolSpec{ + Template: infrav1exp.AzureMachinePoolMachineTemplate{ Image: &image, SSHPublicKey: validSSHPublicKey, TerminateNotificationTimeout: ptr.To(10), @@ -743,9 +761,9 @@ func getKnownValidAzureMachinePool() *AzureMachinePool { Scope: "scope", DefinitionID: "definitionID", }, - Strategy: AzureMachinePoolDeploymentStrategy{ - Type: RollingUpdateAzureMachinePoolDeploymentStrategyType, - RollingUpdate: &MachineRollingUpdateDeployment{ + Strategy: infrav1exp.AzureMachinePoolDeploymentStrategy{ + Type: infrav1exp.RollingUpdateAzureMachinePoolDeploymentStrategyType, + RollingUpdate: &infrav1exp.MachineRollingUpdateDeployment{ MaxSurge: &zero, MaxUnavailable: &one, }, diff --git a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go b/internal/exp/webhooks/azuremachinepoolmachine_webhook.go similarity index 62% rename from exp/api/v1beta1/azuremachinepoolmachine_webhook.go rename to internal/exp/webhooks/azuremachinepoolmachine_webhook.go index 9ce6f003f14..6d6ece39517 100644 --- a/exp/api/v1beta1/azuremachinepoolmachine_webhook.go +++ b/internal/exp/webhooks/azuremachinepoolmachine_webhook.go @@ -1,5 +1,5 @@ /* -Copyright 2021 The Kubernetes Authors. +Copyright The Kubernetes Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1beta1 +package webhooks import ( "context" @@ -22,29 +22,31 @@ import ( "github.com/pkg/errors" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" ) // SetupWebhookWithManager sets up and registers the webhook with the manager. -func (ampm *AzureMachinePoolMachine) SetupWebhookWithManager(mgr ctrl.Manager) error { - w := new(azureMachinePoolMachineWebhook) - return ctrl.NewWebhookManagedBy(mgr, ampm). +func (w *AzureMachinePoolMachineWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr, &infrav1exp.AzureMachinePoolMachine{}). WithValidator(w). Complete() } // +kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1beta1-azuremachinepoolmachine,mutating=false,failurePolicy=fail,groups=infrastructure.cluster.x-k8s.io,resources=azuremachinepoolmachines,versions=v1beta1,name=azuremachinepoolmachine.kb.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 -type azureMachinePoolMachineWebhook struct{} +// AzureMachinePoolMachineWebhook implements a validating webhook for AzureMachinePoolMachine. +type AzureMachinePoolMachineWebhook struct{} -var _ admission.Validator[*AzureMachinePoolMachine] = &azureMachinePoolMachineWebhook{} +var _ admission.Validator[*infrav1exp.AzureMachinePoolMachine] = &AzureMachinePoolMachineWebhook{} // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ *AzureMachinePoolMachine) (admission.Warnings, error) { +func (*AzureMachinePoolMachineWebhook) ValidateCreate(_ context.Context, _ *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldMachine, ampm *AzureMachinePoolMachine) (admission.Warnings, error) { +func (*AzureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldMachine, ampm *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { if oldMachine.Spec.ProviderID != "" && ampm.Spec.ProviderID != oldMachine.Spec.ProviderID { return nil, errors.New("providerID is immutable") } @@ -53,6 +55,6 @@ func (*azureMachinePoolMachineWebhook) ValidateUpdate(_ context.Context, oldMach } // ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type. -func (*azureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ *AzureMachinePoolMachine) (admission.Warnings, error) { +func (*AzureMachinePoolMachineWebhook) ValidateDelete(_ context.Context, _ *infrav1exp.AzureMachinePoolMachine) (admission.Warnings, error) { return nil, nil } diff --git a/main.go b/main.go index 8daad0cd88d..2cefa89bd38 100644 --- a/main.go +++ b/main.go @@ -61,6 +61,7 @@ import ( infrav1exp "sigs.k8s.io/cluster-api-provider-azure/exp/api/v1beta1" infrav1controllersexp "sigs.k8s.io/cluster-api-provider-azure/exp/controllers" "sigs.k8s.io/cluster-api-provider-azure/feature" + expwebhooks "sigs.k8s.io/cluster-api-provider-azure/internal/exp/webhooks" "sigs.k8s.io/cluster-api-provider-azure/internal/webhooks" "sigs.k8s.io/cluster-api-provider-azure/pkg/coalescing" "sigs.k8s.io/cluster-api-provider-azure/pkg/ot" @@ -663,12 +664,12 @@ func registerWebhooks(mgr manager.Manager) { } if feature.Gates.Enabled(capifeature.MachinePool) { - if err := infrav1exp.SetupAzureMachinePoolWebhookWithManager(mgr); err != nil { + if err := (&expwebhooks.AzureMachinePoolWebhook{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePool") os.Exit(1) } - if err := (&infrav1exp.AzureMachinePoolMachine{}).SetupWebhookWithManager(mgr); err != nil { + if err := (&expwebhooks.AzureMachinePoolMachineWebhook{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "AzureMachinePoolMachine") os.Exit(1) } From 724ac1b29eb4d23c44bda49b620734e532ffed87 Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 6 May 2026 08:41:36 -0600 Subject: [PATCH 56/61] Strip OpenAPI description fields from vendored ASO CRDs --- Makefile | 5 + config/aso/crds.yaml | 23850 ----------------------------------------- 2 files changed, 5 insertions(+), 23850 deletions(-) diff --git a/Makefile b/Makefile index 6371c2f0cee..027991eceaa 100644 --- a/Makefile +++ b/Makefile @@ -575,6 +575,10 @@ generate-addons: fetch-calico-manifests $(ENVSUBST) .PHONY: generate-aso-crds # The yq command filters the list of all ASO CRDs to just the ones specified by ASO_CRDS. +# The second yq command strips OpenAPI `description` fields from the schemas to keep +# the resulting CRDs small enough for API servers (e.g. EKS) that have tighter +# request-size or streaming-timeout budgets than kind/AKS. `description` is metadata +# only, so removing it does not affect validation. # The sed command changes '$$' to '$$$$' so once the CRDs get run through # envsubst, '$$$$' changes back to '$$' so ASO will not detect a diff and try to # update the CRDs for which we don't give it permission. @@ -582,6 +586,7 @@ generate-aso-crds: $(YQ) $(YQ) e -i '.resources[] |= sub("^(https://github\.com/Azure/azure-service-operator/releases/download/)[^/]+(/.*_).*(\.yaml)$$", "$${1}$(ASO_VERSION)$${2}$(ASO_VERSION)$${3}")' $(ROOT_DIR)/config/aso/kustomization.yaml curl -fSsL "https://github.com/Azure/azure-service-operator/releases/download/$(ASO_VERSION)/azureserviceoperator_customresourcedefinitions_$(ASO_VERSION).yaml" | \ $(YQ) e '. | select($(foreach name,$(ASO_CRDS),.metadata.name == "$(name)" or )false)' - | \ + $(YQ) e 'del(.. | select(has("description")).description)' - | \ sed 's/\$$\$$/$$$$$$$$/g' \ > $(ASO_CRDS_PATH) diff --git a/config/aso/crds.yaml b/config/aso/crds.yaml index 919afdecc63..f7533436137 100644 --- a/config/aso/crds.yaml +++ b/config/aso/crds.yaml @@ -48,112 +48,66 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: name: - description: 'Name: Name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateIPAllocationMethod: - description: 'PrivateIPAllocationMethod: Private IP allocation method.' enum: - Dynamic - Static type: string publicIPAddress: - description: 'PublicIPAddress: Reference of the PublicIP resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: 'Subnet: Reference of the subnet resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -163,37 +117,17 @@ spec: type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -201,29 +135,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -232,28 +150,20 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' maximum: 50 minimum: 2 type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of this Bastion Host.' enum: - Basic - Standard @@ -262,50 +172,30 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Bastion Host resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -315,65 +205,46 @@ spec: type: object type: array disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the bastion host resource.' type: string scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of this Bastion Host.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -397,43 +268,20 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.BastionHost - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.BastionHost_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: type: boolean @@ -449,84 +297,50 @@ spec: type: boolean ipConfigurations: items: - description: |- - Storage version of v1api20220701.BastionHostIPConfiguration - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string privateIPAllocationMethod: type: string publicIPAddress: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -535,40 +349,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20220701.BastionHostOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -577,27 +370,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -608,31 +386,20 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: type: integer sku: - description: |- - Storage version of v1api20220701.Sku - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -645,52 +412,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.BastionHost_STATUS - Bastion Host resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -717,16 +461,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20220701.BastionHostIPConfiguration_STATUS - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -741,16 +479,10 @@ spec: scaleUnits: type: integer sku: - description: |- - Storage version of v1api20220701.Sku_STATUS - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -783,118 +515,70 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableKerberos: - description: 'EnableKerberos: Enable/Disable Kerberos feature of the Bastion Host resource.' type: boolean enableSessionRecording: - description: 'EnableSessionRecording: Enable/Disable Session Recording feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: name: - description: 'Name: Name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateIPAllocationMethod: - description: 'PrivateIPAllocationMethod: Private IP allocation method.' enum: - Dynamic - Static type: string publicIPAddress: - description: 'PublicIPAddress: Reference of the PublicIP resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: 'Subnet: Reference of the subnet resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -904,49 +588,27 @@ spec: type: object type: array location: - description: 'Location: Resource location.' type: string networkAcls: properties: ipRules: - description: 'IpRules: Sets the IP ACL rules for Developer Bastion Host.' items: properties: addressPrefix: - description: 'AddressPrefix: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.' type: string type: object type: array type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -954,29 +616,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -985,28 +631,20 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' maximum: 50 minimum: 2 type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of the sku of this Bastion Host.' enum: - Basic - Developer @@ -1017,34 +655,23 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object virtualNetwork: - description: 'VirtualNetwork: Reference to an existing virtual network required for Developer Bastion Host only.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object zones: - description: 'Zones: A list of availability zones denoting where the resource needs to come from.' items: type: string type: array @@ -1052,44 +679,25 @@ spec: - owner type: object status: - description: Bastion Host resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -1099,93 +707,67 @@ spec: type: object type: array disableCopyPaste: - description: 'DisableCopyPaste: Enable/Disable Copy/Paste feature of the Bastion Host resource.' type: boolean dnsName: - description: 'DnsName: FQDN for the endpoint on which bastion host is accessible.' type: string enableFileCopy: - description: 'EnableFileCopy: Enable/Disable File Copy feature of the Bastion Host resource.' type: boolean enableIpConnect: - description: 'EnableIpConnect: Enable/Disable IP Connect feature of the Bastion Host resource.' type: boolean enableKerberos: - description: 'EnableKerberos: Enable/Disable Kerberos feature of the Bastion Host resource.' type: boolean enableSessionRecording: - description: 'EnableSessionRecording: Enable/Disable Session Recording feature of the Bastion Host resource.' type: boolean enableShareableLink: - description: 'EnableShareableLink: Enable/Disable Shareable Link of the Bastion Host resource.' type: boolean enableTunneling: - description: 'EnableTunneling: Enable/Disable Tunneling feature of the Bastion Host resource.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: 'IpConfigurations: IP configuration of the Bastion Host resource.' items: - description: IP configuration of an Bastion Host. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string networkAcls: properties: ipRules: - description: 'IpRules: Sets the IP ACL rules for Developer Bastion Host.' items: properties: addressPrefix: - description: 'AddressPrefix: Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.' type: string type: object type: array type: object provisioningState: - description: 'ProvisioningState: The provisioning state of the bastion host resource.' type: string scaleUnits: - description: 'ScaleUnits: The scale units for the Bastion Host resource.' type: integer sku: - description: 'Sku: The sku of this Bastion Host.' properties: name: - description: 'Name: The name of the sku of this Bastion Host.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string virtualNetwork: - description: 'VirtualNetwork: Reference to an existing virtual network required for Developer Bastion Host only.' properties: id: - description: 'Id: Resource ID.' type: string type: object zones: - description: 'Zones: A list of availability zones denoting where the resource needs to come from.' items: type: string type: array @@ -1211,43 +793,20 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.BastionHost - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/bastionHost.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/bastionHosts/{bastionHostName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.BastionHost_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableCopyPaste: type: boolean @@ -1267,84 +826,50 @@ spec: type: boolean ipConfigurations: items: - description: |- - Storage version of v1api20240301.BastionHostIPConfiguration - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string privateIPAllocationMethod: type: string publicIPAddress: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object subnet: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -1353,25 +878,17 @@ spec: location: type: string networkAcls: - description: Storage version of v1api20240301.BastionHostPropertiesFormat_NetworkAcls properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipRules: items: - description: Storage version of v1api20240301.IPRule properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -1379,40 +896,19 @@ spec: type: array type: object operatorSpec: - description: |- - Storage version of v1api20240301.BastionHostOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1421,27 +917,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1452,31 +933,20 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object scaleUnits: type: integer sku: - description: |- - Storage version of v1api20240301.Sku - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -1486,35 +956,21 @@ spec: type: string type: object virtualNetwork: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -1526,52 +982,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.BastionHost_STATUS - Bastion Host resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -1602,16 +1035,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20240301.BastionHostIPConfiguration_STATUS - IP configuration of an Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -1622,25 +1049,17 @@ spec: name: type: string networkAcls: - description: Storage version of v1api20240301.BastionHostPropertiesFormat_NetworkAcls_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipRules: items: - description: Storage version of v1api20240301.IPRule_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -1652,16 +1071,10 @@ spec: scaleUnits: type: integer sku: - description: |- - Storage version of v1api20240301.Sku_STATUS - The sku of this Bastion Host. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -1673,16 +1086,10 @@ spec: type: type: string virtualNetwork: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -1748,57 +1155,30 @@ spec: name: v1api20230501 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned - UserAssigned type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -1806,51 +1186,26 @@ spec: configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string identity: - description: 'Identity: Identity of the Extension resource' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned type: string type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1858,18 +1213,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -1877,29 +1226,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -1908,44 +1241,28 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string required: - name @@ -1953,45 +1270,27 @@ spec: - publisher type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' enum: - Application - Key @@ -1999,13 +1298,10 @@ spec: - User type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' enum: - Application - Key @@ -2014,68 +1310,41 @@ spec: type: string type: object version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string required: - owner type: object status: - description: The Extension object. properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -2087,217 +1356,141 @@ spec: configurationProtectedSettings: additionalProperties: type: string - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. type: object configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object currentVersion: - description: 'CurrentVersion: Currently installed version of the extension.' type: string customLocationSettings: additionalProperties: type: string - description: 'CustomLocationSettings: Custom Location settings properties.' type: object errorInfo: - description: 'ErrorInfo: Error information from the Agent - e.g. errors during installation.' properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string identity: - description: 'Identity: Identity of the Extension resource' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object isSystemExtension: - description: 'IsSystemExtension: Flag to note if this extension is a system extension' type: boolean name: - description: 'Name: The name of the resource' type: string packageUri: - description: 'PackageUri: Uri of the Helm package' type: string plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string type: object provisioningState: - description: 'ProvisioningState: Status of installation of this extension.' type: string releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object statuses: - description: 'Statuses: Status from this extension.' items: - description: Status from the extension. properties: code: - description: 'Code: Status code provided by the Extension' type: string displayStatus: - description: 'DisplayStatus: Short description of status of the extension.' type: string level: - description: 'Level: Level of the status.' type: string message: - description: 'Message: Detailed message of the status from the Extension.' type: string time: - description: 'Time: DateLiteral (per ISO8601) noting the time of installation status.' type: string type: object type: array systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string type: object type: object @@ -2321,48 +1514,24 @@ spec: name: v1api20230501storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230501.Extension - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/stable/2023-05-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230501.Extension_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string @@ -2370,19 +1539,10 @@ spec: autoUpgradeMinorVersion: type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - SecretMapReference is a reference to a Kubernetes secret in the same namespace as - the resource it is on. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -2394,55 +1554,28 @@ spec: extensionType: type: string identity: - description: |- - Storage version of v1api20230501.Identity - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string type: object operatorSpec: - description: |- - Storage version of v1api20230501.ExtensionOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -2450,28 +1583,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20230501.ExtensionOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -2480,27 +1601,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -2511,36 +1617,22 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: |- - Storage version of v1api20230501.Plan - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -2556,59 +1648,35 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20230501.Scope - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20230501.ScopeCluster - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20230501.ScopeNamespace - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string type: object type: object systemData: - description: |- - Storage version of v1api20230501.SystemData - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -2629,26 +1697,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20230501.Extension_STATUS - The Extension object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20230501.Extension_Properties_AksAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -2661,39 +1719,22 @@ spec: type: boolean conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -2717,29 +1758,17 @@ spec: type: string type: object errorInfo: - description: |- - Storage version of v1api20230501.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20230501.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -2753,27 +1782,17 @@ spec: type: string details: items: - description: Storage version of v1api20230501.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20230501.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -2801,16 +1820,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20230501.Identity_STATUS - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -2826,16 +1839,10 @@ spec: packageUri: type: string plan: - description: |- - Storage version of v1api20230501.Plan_STATUS - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -2853,43 +1860,25 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20230501.Scope_STATUS - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20230501.ScopeCluster_STATUS - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20230501.ScopeNamespace_STATUS - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string @@ -2897,16 +1886,10 @@ spec: type: object statuses: items: - description: |- - Storage version of v1api20230501.ExtensionStatus_STATUS - Status from the extension. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -2921,16 +1904,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20230501.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -2971,57 +1948,30 @@ spec: name: v1api20241101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/extensions/stable/2024-11-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned - UserAssigned type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -3029,51 +1979,26 @@ spec: configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string identity: - description: 'Identity: Identity of the Extension resource' properties: type: - description: 'Type: The identity type.' enum: - SystemAssigned type: string type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3081,18 +2006,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -3100,29 +2019,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3131,44 +2034,28 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string required: - name @@ -3176,45 +2063,27 @@ spec: - publisher type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' enum: - Application - Key @@ -3222,13 +2091,10 @@ spec: - User type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' enum: - Application - Key @@ -3237,68 +2103,41 @@ spec: type: string type: object version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string required: - owner type: object status: - description: The Extension object. properties: aksAssignedIdentity: - description: 'AksAssignedIdentity: Identity of the Extension resource in an AKS cluster' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object autoUpgradeMinorVersion: - description: 'AutoUpgradeMinorVersion: Flag to note if this extension participates in auto upgrade of minor version, or not.' type: boolean conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -3310,214 +2149,139 @@ spec: configurationProtectedSettings: additionalProperties: type: string - description: |- - ConfigurationProtectedSettings: Configuration settings that are sensitive, as name-value pairs for configuring this - extension. type: object configurationSettings: additionalProperties: type: string - description: 'ConfigurationSettings: Configuration settings, as name-value pairs for configuring this extension.' type: object currentVersion: - description: 'CurrentVersion: Currently installed version of the extension.' type: string customLocationSettings: additionalProperties: type: string - description: 'CustomLocationSettings: Custom Location settings properties.' type: object errorInfo: - description: 'ErrorInfo: Error information from the Agent - e.g. errors during installation.' properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object extensionType: - description: |- - ExtensionType: Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types - registered with Microsoft.KubernetesConfiguration by the Extension publisher. type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string identity: - description: 'Identity: Identity of the Extension resource' properties: principalId: - description: 'PrincipalId: The principal ID of resource identity.' type: string tenantId: - description: 'TenantId: The tenant ID of resource.' type: string type: - description: 'Type: The identity type.' type: string type: object isSystemExtension: - description: 'IsSystemExtension: Flag to note if this extension is a system extension' type: boolean name: - description: 'Name: The name of the resource' type: string packageUri: - description: 'PackageUri: Uri of the Helm package' type: string plan: - description: 'Plan: The plan information.' properties: name: - description: 'Name: A user defined name of the 3rd Party Artifact that is being procured.' type: string product: - description: |- - Product: The 3rd Party artifact that is being procured. E.g. NewRelic. Product maps to the OfferID specified for the - artifact at the time of Data Market onboarding. type: string promotionCode: - description: 'PromotionCode: A publisher provided promotion code as provisioned in Data Market for the said product/artifact.' type: string publisher: - description: 'Publisher: The publisher of the 3rd Party Artifact that is being bought. E.g. NewRelic' type: string version: - description: 'Version: The version of the desired product/artifact.' type: string type: object releaseTrain: - description: |- - ReleaseTrain: ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if - autoUpgradeMinorVersion is 'true'. type: string scope: - description: 'Scope: Scope at which the extension is installed.' properties: cluster: - description: 'Cluster: Specifies that the scope of the extension is Cluster' properties: releaseNamespace: - description: |- - ReleaseNamespace: Namespace where the extension Release must be placed, for a Cluster scoped extension. If this - namespace does not exist, it will be created type: string type: object namespace: - description: 'Namespace: Specifies that the scope of the extension is Namespace' properties: targetNamespace: - description: |- - TargetNamespace: Namespace where the extension will be created for an Namespace scoped extension. If this namespace - does not exist, it will be created type: string type: object type: object statuses: - description: 'Statuses: Status from this extension.' items: - description: Status from the extension. properties: code: - description: 'Code: Status code provided by the Extension' type: string displayStatus: - description: 'DisplayStatus: Short description of status of the extension.' type: string level: - description: 'Level: Level of the status.' type: string message: - description: 'Message: Detailed message of the status from the Extension.' type: string time: - description: 'Time: DateLiteral (per ISO8601) noting the time of installation status.' type: string type: object type: array systemData: - description: |- - SystemData: Top level metadata - https://github.com/Azure/azure-resource-manager-rpc/blob/master/v1.0/common-api-contracts.md#system-metadata-for-all-azure-resources properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string version: - description: |- - Version: User-specified version of the extension for this extension to 'pin'. To use 'version', autoUpgradeMinorVersion - must be 'false'. type: string type: object type: object @@ -3541,48 +2305,24 @@ spec: name: v1api20241101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20241101.Extension - Generator information: - - Generated from: /kubernetesconfiguration/resource-manager/Microsoft.KubernetesConfiguration/extensions/stable/2024-11-01/extensions.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{clusterRp}/{clusterResourceName}/{clusterName}/providers/Microsoft.KubernetesConfiguration/extensions/{extensionName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20241101.Extension_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20241101.Extension_Properties_AksAssignedIdentity_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string @@ -3590,19 +2330,10 @@ spec: autoUpgradeMinorVersion: type: boolean azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string configurationProtectedSettings: - description: |- - SecretMapReference is a reference to a Kubernetes secret in the same namespace as - the resource it is on. properties: name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - name @@ -3614,55 +2345,28 @@ spec: extensionType: type: string identity: - description: |- - Storage version of v1api20241101.Identity - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string type: object operatorSpec: - description: |- - Storage version of v1api20241101.ExtensionOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3670,28 +2374,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20241101.ExtensionOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -3700,27 +2392,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -3731,36 +2408,22 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an - extension resource, which means that any other Azure resource can be its owner. properties: armId: - description: Ownership across namespaces is not supported. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object plan: - description: |- - Storage version of v1api20241101.Plan - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -3776,59 +2439,35 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20241101.Scope - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20241101.ScopeCluster - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20241101.ScopeNamespace - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string type: object type: object systemData: - description: |- - Storage version of v1api20241101.SystemData - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -3849,26 +2488,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20241101.Extension_STATUS - The Extension object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aksAssignedIdentity: - description: Storage version of v1api20241101.Extension_Properties_AksAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -3881,39 +2510,22 @@ spec: type: boolean conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -3937,29 +2549,17 @@ spec: type: string type: object errorInfo: - description: |- - Storage version of v1api20241101.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20241101.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -3973,27 +2573,17 @@ spec: type: string details: items: - description: Storage version of v1api20241101.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20241101.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -4021,16 +2611,10 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20241101.Identity_STATUS - Identity for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -4046,16 +2630,10 @@ spec: packageUri: type: string plan: - description: |- - Storage version of v1api20241101.Plan_STATUS - Plan for the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -4071,43 +2649,25 @@ spec: releaseTrain: type: string scope: - description: |- - Storage version of v1api20241101.Scope_STATUS - Scope of the extension. It can be either Cluster or Namespace; but not both. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object cluster: - description: |- - Storage version of v1api20241101.ScopeCluster_STATUS - Specifies that the scope of the extension is Cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object releaseNamespace: type: string type: object namespace: - description: |- - Storage version of v1api20241101.ScopeNamespace_STATUS - Specifies that the scope of the extension is Namespace properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object targetNamespace: type: string @@ -4115,16 +2675,10 @@ spec: type: object statuses: items: - description: |- - Storage version of v1api20241101.ExtensionStatus_STATUS - Status from the extension. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -4139,16 +2693,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20241101.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -4224,96 +2772,47 @@ spec: name: v1api20230315preview schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: - description: 'Group: The group this member belongs to for multi-cluster update management.' maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4321,29 +2820,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4352,16 +2835,11 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -4371,46 +2849,25 @@ spec: status: properties: clusterResourceId: - description: |- - ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -4420,50 +2877,31 @@ spec: type: object type: array eTag: - description: |- - ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. - Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in - the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header - fields. type: string group: - description: 'Group: The group this member belongs to for multi-cluster update management.' type: string id: - description: |- - Id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} type: string name: - description: 'Name: The name of the resource' type: string provisioningState: - description: 'ProvisioningState: The status of the last operation.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string type: object type: object @@ -4487,104 +2925,49 @@ spec: name: v1api20230315previewstorage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230315preview.FleetsMember - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/preview/2023-03-15-preview/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230315preview.FleetsMember_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: type: string operatorSpec: - description: |- - Storage version of v1api20230315preview.FleetsMemberOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4593,27 +2976,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4624,16 +2992,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -4641,52 +3004,31 @@ spec: - owner type: object status: - description: Storage version of v1api20230315preview.FleetsMember_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clusterResourceId: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -4706,16 +3048,10 @@ spec: provisioningState: type: string systemData: - description: |- - Storage version of v1api20230315preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -4754,96 +3090,47 @@ spec: name: v1api20250301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/stable/2025-03-01/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: - description: 'Group: The group this member belongs to for multi-cluster update management.' maxLength: 50 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4851,29 +3138,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -4882,16 +3153,11 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -4901,46 +3167,25 @@ spec: status: properties: clusterResourceId: - description: |- - ClusterResourceId: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -4950,115 +3195,78 @@ spec: type: object type: array eTag: - description: |- - ETag: If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. - Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in - the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header - fields. type: string group: - description: 'Group: The group this member belongs to for multi-cluster update management.' type: string id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string name: - description: 'Name: The name of the resource' type: string provisioningState: - description: 'ProvisioningState: The status of the last operation.' type: string status: - description: 'Status: Status information of the last operation for fleet member.' properties: lastOperationError: - description: 'LastOperationError: The last operation error of the fleet member' properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object lastOperationId: - description: 'LastOperationId: The last operation ID for the fleet member' type: string type: object systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string type: object type: object @@ -5082,104 +3290,49 @@ spec: name: v1api20250301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20250301.FleetsMember - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/fleet/stable/2025-03-01/fleets.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/fleets/{fleetName}/members/{fleetMemberName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20250301.FleetsMember_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string clusterResourceReference: - description: |- - ClusterResourceReference: The ARM resource id of the cluster that joins the Fleet. Must be a valid Azure resource id. - e.g.: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{clusterName}'. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object group: type: string operatorSpec: - description: |- - Storage version of v1api20250301.FleetsMemberOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -5188,27 +3341,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -5219,16 +3357,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/Fleet resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object required: @@ -5236,52 +3369,31 @@ spec: - owner type: object status: - description: Storage version of v1api20250301.FleetsMember_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clusterResourceId: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -5301,41 +3413,23 @@ spec: provisioningState: type: string status: - description: |- - Storage version of v1api20250301.FleetMemberStatus_STATUS - Status information for the fleet member properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object lastOperationError: - description: |- - Storage version of v1api20250301.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250301.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -5349,27 +3443,17 @@ spec: type: string details: items: - description: Storage version of v1api20250301.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250301.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -5396,16 +3480,10 @@ spec: type: string type: object systemData: - description: |- - Storage version of v1api20250301.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -5479,56 +3557,29 @@ spec: name: v1api20240901 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string maintenanceWindow: - description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' properties: durationHours: - description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' maximum: 24 minimum: 4 type: integer notAllowedDates: - description: |- - NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with - 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 - 22:00' to '2023-01-03 22:00' in UTC time. items: - description: For example, between '2022-12-23' and '2023-01-05'. properties: end: - description: 'End: The end date of the date span.' type: string start: - description: 'Start: The start date of the date span.' type: string required: - end @@ -5536,18 +3587,14 @@ spec: type: object type: array schedule: - description: 'Schedule: Recurrence schedule for the maintenance window.' properties: absoluteMonthly: - description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' properties: dayOfMonth: - description: 'DayOfMonth: The date of the month.' maximum: 31 minimum: 1 type: integer intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' maximum: 6 minimum: 1 type: integer @@ -5556,10 +3603,8 @@ spec: - intervalMonths type: object daily: - description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' properties: intervalDays: - description: 'IntervalDays: Specifies the number of days between each set of occurrences.' maximum: 7 minimum: 1 type: integer @@ -5567,10 +3612,8 @@ spec: - intervalDays type: object relativeMonthly: - description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' enum: - Friday - Monday @@ -5581,12 +3624,10 @@ spec: - Wednesday type: string intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' maximum: 6 minimum: 1 type: integer weekIndex: - description: 'WeekIndex: Specifies on which week of the month the dayOfWeek applies.' enum: - First - Fourth @@ -5600,10 +3641,8 @@ spec: - weekIndex type: object weekly: - description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' enum: - Friday - Monday @@ -5614,7 +3653,6 @@ spec: - Wednesday type: string intervalWeeks: - description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' maximum: 4 minimum: 1 type: integer @@ -5624,20 +3662,11 @@ spec: type: object type: object startDate: - description: |- - StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is - inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. type: string startTime: - description: |- - StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to - this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. pattern: ^\d{2}:\d{2}$ type: string utcOffset: - description: |- - UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the - default is '+00:00'. pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ type: string required: @@ -5646,47 +3675,24 @@ spec: - startTime type: object notAllowedTime: - description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' items: - description: For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: end: - description: 'End: The end of a time span' type: string start: - description: 'Start: The start of a time span' type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -5694,29 +3700,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -5725,27 +3715,17 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object timeInWeek: - description: |- - TimeInWeek: If two array entries specify the same day of the week, the applied configuration is the union of times in - both entries. items: - description: Time in a week. properties: day: - description: 'Day: The day of the week.' enum: - Friday - Monday @@ -5756,10 +3736,6 @@ spec: - Wednesday type: string hourSlots: - description: |- - HourSlots: Each integer hour represents a time range beginning at 0m after the hour ending at the next hour - (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC - time range. items: maximum: 23 minimum: 0 @@ -5773,41 +3749,23 @@ spec: status: properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -5817,150 +3775,96 @@ spec: type: object type: array id: - description: 'Id: Resource ID.' type: string maintenanceWindow: - description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' properties: durationHours: - description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' type: integer notAllowedDates: - description: |- - NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with - 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 - 22:00' to '2023-01-03 22:00' in UTC time. items: - description: For example, between '2022-12-23' and '2023-01-05'. properties: end: - description: 'End: The end date of the date span.' type: string start: - description: 'Start: The start date of the date span.' type: string type: object type: array schedule: - description: 'Schedule: Recurrence schedule for the maintenance window.' properties: absoluteMonthly: - description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' properties: dayOfMonth: - description: 'DayOfMonth: The date of the month.' type: integer intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' type: integer type: object daily: - description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' properties: intervalDays: - description: 'IntervalDays: Specifies the number of days between each set of occurrences.' type: integer type: object relativeMonthly: - description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' type: string intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' type: integer weekIndex: - description: 'WeekIndex: Specifies on which week of the month the dayOfWeek applies.' type: string type: object weekly: - description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' type: string intervalWeeks: - description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' type: integer type: object type: object startDate: - description: |- - StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is - inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. type: string startTime: - description: |- - StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to - this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. type: string utcOffset: - description: |- - UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the - default is '+00:00'. type: string type: object name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string notAllowedTime: - description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' items: - description: For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: end: - description: 'End: The end of a time span' type: string start: - description: 'Start: The start of a time span' type: string type: object type: array systemData: - description: 'SystemData: The system metadata relating to this resource.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object timeInWeek: - description: |- - TimeInWeek: If two array entries specify the same day of the week, the applied configuration is the union of times in - both entries. items: - description: Time in a week. properties: day: - description: 'Day: The day of the week.' type: string hourSlots: - description: |- - HourSlots: Each integer hour represents a time range beginning at 0m after the hour ending at the next hour - (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC - time range. items: type: integer type: array type: object type: array type: - description: 'Type: Resource type' type: string type: object type: object @@ -5984,70 +3888,35 @@ spec: name: v1api20240901storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240901.MaintenanceConfiguration - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240901.MaintenanceConfiguration_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string maintenanceWindow: - description: |- - Storage version of v1api20240901.MaintenanceWindow - Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object durationHours: type: integer notAllowedDates: items: - description: |- - Storage version of v1api20240901.DateSpan - For example, between '2022-12-23' and '2023-01-05'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -6056,29 +3925,16 @@ spec: type: object type: array schedule: - description: |- - Storage version of v1api20240901.Schedule - One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or - 'relativeMonthly' for your maintenance schedule. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object absoluteMonthly: - description: |- - Storage version of v1api20240901.AbsoluteMonthlySchedule - For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfMonth: type: integer @@ -6086,31 +3942,19 @@ spec: type: integer type: object daily: - description: |- - Storage version of v1api20240901.DailySchedule - For schedules like: 'recur every day' or 'recur every 3 days'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object intervalDays: type: integer type: object relativeMonthly: - description: |- - Storage version of v1api20240901.RelativeMonthlySchedule - For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -6120,16 +3964,10 @@ spec: type: string type: object weekly: - description: |- - Storage version of v1api20240901.WeeklySchedule - For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -6146,16 +3984,10 @@ spec: type: object notAllowedTime: items: - description: |- - Storage version of v1api20240901.TimeSpan - For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -6164,40 +3996,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20240901.MaintenanceConfigurationOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -6206,27 +4017,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -6237,30 +4033,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object timeInWeek: items: - description: |- - Storage version of v1api20240901.TimeInWeek - Time in a week. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object day: type: string @@ -6274,50 +4059,29 @@ spec: - owner type: object status: - description: Storage version of v1api20240901.MaintenanceConfiguration_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -6329,31 +4093,19 @@ spec: id: type: string maintenanceWindow: - description: |- - Storage version of v1api20240901.MaintenanceWindow_STATUS - Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object durationHours: type: integer notAllowedDates: items: - description: |- - Storage version of v1api20240901.DateSpan_STATUS - For example, between '2022-12-23' and '2023-01-05'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -6362,29 +4114,16 @@ spec: type: object type: array schedule: - description: |- - Storage version of v1api20240901.Schedule_STATUS - One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or - 'relativeMonthly' for your maintenance schedule. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object absoluteMonthly: - description: |- - Storage version of v1api20240901.AbsoluteMonthlySchedule_STATUS - For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfMonth: type: integer @@ -6392,31 +4131,19 @@ spec: type: integer type: object daily: - description: |- - Storage version of v1api20240901.DailySchedule_STATUS - For schedules like: 'recur every day' or 'recur every 3 days'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object intervalDays: type: integer type: object relativeMonthly: - description: |- - Storage version of v1api20240901.RelativeMonthlySchedule_STATUS - For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -6426,16 +4153,10 @@ spec: type: string type: object weekly: - description: |- - Storage version of v1api20240901.WeeklySchedule_STATUS - For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -6454,16 +4175,10 @@ spec: type: string notAllowedTime: items: - description: |- - Storage version of v1api20240901.TimeSpan_STATUS - For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -6472,16 +4187,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20240901.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -6498,16 +4207,10 @@ spec: type: object timeInWeek: items: - description: |- - Storage version of v1api20240901.TimeInWeek_STATUS - Time in a week. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object day: type: string @@ -6541,56 +4244,29 @@ spec: name: v1api20250801 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string maintenanceWindow: - description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' properties: durationHours: - description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' maximum: 24 minimum: 4 type: integer notAllowedDates: - description: |- - NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with - 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 - 22:00' to '2023-01-03 22:00' in UTC time. items: - description: A date range. For example, between '2022-12-23' and '2023-01-05'. properties: end: - description: 'End: The end date of the date span.' type: string start: - description: 'Start: The start date of the date span.' type: string required: - end @@ -6598,18 +4274,14 @@ spec: type: object type: array schedule: - description: 'Schedule: Recurrence schedule for the maintenance window.' properties: absoluteMonthly: - description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' properties: dayOfMonth: - description: 'DayOfMonth: The date of the month.' maximum: 31 minimum: 1 type: integer intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' maximum: 6 minimum: 1 type: integer @@ -6618,10 +4290,8 @@ spec: - intervalMonths type: object daily: - description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' properties: intervalDays: - description: 'IntervalDays: Specifies the number of days between each set of occurrences.' maximum: 7 minimum: 1 type: integer @@ -6629,10 +4299,8 @@ spec: - intervalDays type: object relativeMonthly: - description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' enum: - Friday - Monday @@ -6643,12 +4311,10 @@ spec: - Wednesday type: string intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' maximum: 6 minimum: 1 type: integer weekIndex: - description: 'WeekIndex: The week index. Specifies on which week of the month the dayOfWeek applies.' enum: - First - Fourth @@ -6662,10 +4328,8 @@ spec: - weekIndex type: object weekly: - description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' enum: - Friday - Monday @@ -6676,7 +4340,6 @@ spec: - Wednesday type: string intervalWeeks: - description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' maximum: 4 minimum: 1 type: integer @@ -6686,20 +4349,11 @@ spec: type: object type: object startDate: - description: |- - StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is - inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. type: string startTime: - description: |- - StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to - this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. pattern: ^\d{2}:\d{2}$ type: string utcOffset: - description: |- - UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the - default is '+00:00'. pattern: ^(-|\+)[0-9]{2}:[0-9]{2}$ type: string required: @@ -6708,47 +4362,24 @@ spec: - startTime type: object notAllowedTime: - description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' items: - description: A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: end: - description: 'End: The end of a time span' type: string start: - description: 'Start: The start of a time span' type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -6756,29 +4387,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -6787,27 +4402,17 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object timeInWeek: - description: |- - TimeInWeek: Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the - same day of the week, the applied configuration is the union of times in both entries. items: - description: Time in a week. properties: day: - description: 'Day: The day of the week.' enum: - Friday - Monday @@ -6818,10 +4423,6 @@ spec: - Wednesday type: string hourSlots: - description: |- - HourSlots: A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning - at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. - Specifying [0, 1] means the 00:00 - 02:00 UTC time range. items: maximum: 23 minimum: 0 @@ -6835,41 +4436,23 @@ spec: status: properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -6879,150 +4462,96 @@ spec: type: object type: array id: - description: 'Id: Resource ID.' type: string maintenanceWindow: - description: 'MaintenanceWindow: Maintenance window for the maintenance configuration.' properties: durationHours: - description: 'DurationHours: Length of maintenance window range from 4 to 24 hours.' type: integer notAllowedDates: - description: |- - NotAllowedDates: Date ranges on which upgrade is not allowed. 'utcOffset' applies to this field. For example, with - 'utcOffset: +02:00' and 'dateSpan' being '2022-12-23' to '2023-01-03', maintenance will be blocked from '2022-12-22 - 22:00' to '2023-01-03 22:00' in UTC time. items: - description: A date range. For example, between '2022-12-23' and '2023-01-05'. properties: end: - description: 'End: The end date of the date span.' type: string start: - description: 'Start: The start date of the date span.' type: string type: object type: array schedule: - description: 'Schedule: Recurrence schedule for the maintenance window.' properties: absoluteMonthly: - description: 'AbsoluteMonthly: For schedules like: ''recur every month on the 15th'' or ''recur every 3 months on the 20th''.' properties: dayOfMonth: - description: 'DayOfMonth: The date of the month.' type: integer intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' type: integer type: object daily: - description: 'Daily: For schedules like: ''recur every day'' or ''recur every 3 days''.' properties: intervalDays: - description: 'IntervalDays: Specifies the number of days between each set of occurrences.' type: integer type: object relativeMonthly: - description: 'RelativeMonthly: For schedules like: ''recur every month on the first Monday'' or ''recur every 3 months on last Friday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' type: string intervalMonths: - description: 'IntervalMonths: Specifies the number of months between each set of occurrences.' type: integer weekIndex: - description: 'WeekIndex: The week index. Specifies on which week of the month the dayOfWeek applies.' type: string type: object weekly: - description: 'Weekly: For schedules like: ''recur every Monday'' or ''recur every 3 weeks on Wednesday''.' properties: dayOfWeek: - description: 'DayOfWeek: Specifies on which day of the week the maintenance occurs.' type: string intervalWeeks: - description: 'IntervalWeeks: Specifies the number of weeks between each set of occurrences.' type: integer type: object type: object startDate: - description: |- - StartDate: The date the maintenance window activates. If the current date is before this date, the maintenance window is - inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. type: string startTime: - description: |- - StartTime: The start time of the maintenance window. Accepted values are from '00:00' to '23:59'. 'utcOffset' applies to - this field. For example: '02:00' with 'utcOffset: +02:00' means UTC time '00:00'. type: string utcOffset: - description: |- - UtcOffset: The UTC offset in format +/-HH:mm. For example, '+05:30' for IST and '-07:00' for PST. If not specified, the - default is '+00:00'. type: string type: object name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string notAllowedTime: - description: 'NotAllowedTime: Time slots on which upgrade is not allowed.' items: - description: A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: end: - description: 'End: The end of a time span' type: string start: - description: 'Start: The start of a time span' type: string type: object type: array systemData: - description: 'SystemData: The system metadata relating to this resource.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object timeInWeek: - description: |- - TimeInWeek: Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the - same day of the week, the applied configuration is the union of times in both entries. items: - description: Time in a week. properties: day: - description: 'Day: The day of the week.' type: string hourSlots: - description: |- - HourSlots: A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning - at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. - Specifying [0, 1] means the 00:00 - 02:00 UTC time range. items: type: integer type: array type: object type: array type: - description: 'Type: Resource type' type: string type: object type: object @@ -7046,70 +4575,35 @@ spec: name: v1api20250801storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20250801.MaintenanceConfiguration - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20250801.MaintenanceConfiguration_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string maintenanceWindow: - description: |- - Storage version of v1api20250801.MaintenanceWindow - Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object durationHours: type: integer notAllowedDates: items: - description: |- - Storage version of v1api20250801.DateSpan - A date range. For example, between '2022-12-23' and '2023-01-05'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -7118,29 +4612,16 @@ spec: type: object type: array schedule: - description: |- - Storage version of v1api20250801.Schedule - One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or - 'relativeMonthly' for your maintenance schedule. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object absoluteMonthly: - description: |- - Storage version of v1api20250801.AbsoluteMonthlySchedule - For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfMonth: type: integer @@ -7148,31 +4629,19 @@ spec: type: integer type: object daily: - description: |- - Storage version of v1api20250801.DailySchedule - For schedules like: 'recur every day' or 'recur every 3 days'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object intervalDays: type: integer type: object relativeMonthly: - description: |- - Storage version of v1api20250801.RelativeMonthlySchedule - For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -7182,16 +4651,10 @@ spec: type: string type: object weekly: - description: |- - Storage version of v1api20250801.WeeklySchedule - For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -7208,16 +4671,10 @@ spec: type: object notAllowedTime: items: - description: |- - Storage version of v1api20250801.TimeSpan - A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -7226,40 +4683,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20250801.MaintenanceConfigurationOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -7268,27 +4704,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -7299,30 +4720,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object timeInWeek: items: - description: |- - Storage version of v1api20250801.TimeInWeek - Time in a week. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object day: type: string @@ -7336,50 +4746,29 @@ spec: - owner type: object status: - description: Storage version of v1api20250801.MaintenanceConfiguration_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -7391,31 +4780,19 @@ spec: id: type: string maintenanceWindow: - description: |- - Storage version of v1api20250801.MaintenanceWindow_STATUS - Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object durationHours: type: integer notAllowedDates: items: - description: |- - Storage version of v1api20250801.DateSpan_STATUS - A date range. For example, between '2022-12-23' and '2023-01-05'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -7424,29 +4801,16 @@ spec: type: object type: array schedule: - description: |- - Storage version of v1api20250801.Schedule_STATUS - One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or - 'relativeMonthly' for your maintenance schedule. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object absoluteMonthly: - description: |- - Storage version of v1api20250801.AbsoluteMonthlySchedule_STATUS - For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfMonth: type: integer @@ -7454,31 +4818,19 @@ spec: type: integer type: object daily: - description: |- - Storage version of v1api20250801.DailySchedule_STATUS - For schedules like: 'recur every day' or 'recur every 3 days'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object intervalDays: type: integer type: object relativeMonthly: - description: |- - Storage version of v1api20250801.RelativeMonthlySchedule_STATUS - For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -7488,16 +4840,10 @@ spec: type: string type: object weekly: - description: |- - Storage version of v1api20250801.WeeklySchedule_STATUS - For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dayOfWeek: type: string @@ -7516,16 +4862,10 @@ spec: type: string notAllowedTime: items: - description: |- - Storage version of v1api20250801.TimeSpan_STATUS - A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object end: type: string @@ -7534,16 +4874,10 @@ spec: type: object type: array systemData: - description: |- - Storage version of v1api20250801.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -7560,16 +4894,10 @@ spec: type: object timeInWeek: items: - description: |- - Storage version of v1api20250801.TimeInWeek_STATUS - Time in a week. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object day: type: string @@ -7640,19 +4968,8 @@ spec: openAPIV3Schema: properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7702,23 +5019,15 @@ spec: creationData: properties: sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -7741,23 +5050,15 @@ spec: - MIG7g type: string hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: @@ -7880,23 +5181,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -7927,23 +5220,15 @@ spec: - Windows type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: @@ -7955,23 +5240,15 @@ spec: type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -8008,23 +5285,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -8122,9 +5391,6 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ @@ -8132,23 +5398,15 @@ spec: disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -8193,23 +5451,15 @@ spec: items: properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8221,17 +5471,10 @@ spec: clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -8240,40 +5483,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8330,23 +5558,15 @@ spec: items: properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8374,23 +5594,15 @@ spec: items: properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8402,23 +5614,15 @@ spec: items: properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8436,23 +5640,15 @@ spec: items: properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8525,34 +5721,15 @@ spec: type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -8560,35 +5737,22 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -8596,29 +5760,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -8626,37 +5774,22 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -8665,16 +5798,11 @@ spec: type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: @@ -8693,17 +5821,10 @@ spec: clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -8712,40 +5833,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -8785,23 +5891,15 @@ spec: name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -8831,46 +5929,30 @@ spec: - Public type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: properties: logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: @@ -8897,17 +5979,10 @@ spec: clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -8958,17 +6033,10 @@ spec: windowsProfile: properties: adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -9322,41 +6390,23 @@ spec: azurePortalFQDN: type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -9799,44 +6849,24 @@ spec: name: v1api20230201storage schema: openAPIV3Schema: - description: Storage version of v1api20230201.ManagedCluster properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230201.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -9857,14 +6887,10 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -9876,14 +6902,10 @@ spec: type: object agentPoolProfiles: items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -9892,33 +6914,21 @@ spec: count: type: integer creationData: - description: Storage version of v1api20230201.CreationData properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -9935,34 +6945,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -9992,26 +6990,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -10090,23 +7080,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -10124,56 +7106,36 @@ spec: osType: type: string podSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20230201.PowerState properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -10191,14 +7153,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -10206,23 +7164,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -10230,14 +7180,10 @@ spec: type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -10253,14 +7199,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -10298,49 +7240,33 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object upgradeChannel: type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -10350,30 +7276,19 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -10383,14 +7298,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -10400,14 +7311,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -10421,46 +7328,30 @@ spec: type: string type: object identity: - description: Storage version of v1api20230201.ManagedClusterIdentity properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object type: type: string userAssignedIdentities: items: - description: Storage version of v1api20230201.UserAssignedIdentityDetails properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10468,29 +7359,18 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -10499,40 +7379,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10540,37 +7405,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -10581,14 +7434,10 @@ spec: location: type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServiceIP: type: string @@ -10599,46 +7448,30 @@ spec: type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10648,14 +7481,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -10663,88 +7492,56 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10754,44 +7551,28 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -10799,14 +7580,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -10840,53 +7617,28 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20230201.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -10894,46 +7646,26 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20230201.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -10942,27 +7674,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -10970,46 +7687,26 @@ spec: type: object type: array secrets: - description: Storage version of v1api20230201.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -11020,27 +7717,18 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -11048,41 +7736,26 @@ spec: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: Storage version of v1api20230201.UserAssignedIdentity properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -11091,40 +7764,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -11136,14 +7794,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -11158,37 +7812,25 @@ spec: type: object privateLinkResources: items: - description: Storage version of v1api20230201.PrivateLinkResource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string name: type: string reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -11202,24 +7844,16 @@ spec: publicNetworkAccess: type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -11228,79 +7862,51 @@ spec: keyVaultNetworkAccess: type: string keyVaultResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -11308,43 +7914,28 @@ spec: type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -11352,14 +7943,10 @@ spec: type: object type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -11367,63 +7954,43 @@ spec: type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -11434,27 +8001,16 @@ spec: type: string type: object windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -11465,14 +8021,10 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -11485,24 +8037,16 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -11512,24 +8056,16 @@ spec: - owner type: object status: - description: Storage version of v1api20230201.ManagedCluster_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: Storage version of v1api20230201.ManagedClusterAADProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -11550,14 +8086,10 @@ spec: type: object addonProfiles: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterAddonProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -11566,14 +8098,10 @@ spec: enabled: type: boolean identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -11586,14 +8114,10 @@ spec: type: object agentPoolProfiles: items: - description: Storage version of v1api20230201.ManagedClusterAgentPoolProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -11602,14 +8126,10 @@ spec: count: type: integer creationData: - description: Storage version of v1api20230201.CreationData_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -11631,14 +8151,10 @@ spec: hostGroupID: type: string kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -11668,26 +8184,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -11786,14 +8294,10 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -11817,14 +8321,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -11838,14 +8338,10 @@ spec: type: object type: array apiServerAccessProfile: - description: Storage version of v1api20230201.ManagedClusterAPIServerAccessProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -11861,14 +8357,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -11906,49 +8398,33 @@ spec: type: string type: object autoUpgradeProfile: - description: Storage version of v1api20230201.ManagedClusterAutoUpgradeProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object upgradeChannel: type: string type: object azureMonitorProfile: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileMetrics_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: Storage version of v1api20230201.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -11961,39 +8437,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -12015,14 +8474,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: Storage version of v1api20230201.ExtendedLocation_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -12034,14 +8489,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: Storage version of v1api20230201.ManagedClusterHTTPProxyConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -12057,14 +8508,10 @@ spec: id: type: string identity: - description: Storage version of v1api20230201.ManagedClusterIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object principalId: type: string @@ -12074,14 +8521,10 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20230201.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -12092,14 +8535,10 @@ spec: type: object identityProfile: additionalProperties: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -12112,37 +8551,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: Storage version of v1api20230201.ContainerServiceLinuxProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: Storage version of v1api20230201.ContainerServiceSshConfiguration_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: Storage version of v1api20230201.ContainerServiceSshPublicKey_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -12157,14 +8584,10 @@ spec: name: type: string networkProfile: - description: Storage version of v1api20230201.ContainerServiceNetworkProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServiceIP: type: string @@ -12175,27 +8598,19 @@ spec: type: string type: array loadBalancerProfile: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -12206,14 +8621,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -12221,25 +8632,17 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -12247,25 +8650,17 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20230201.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -12276,25 +8671,17 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: Storage version of v1api20230201.ManagedClusterNATGatewayProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: Storage version of v1api20230201.ResourceReference_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -12303,14 +8690,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: Storage version of v1api20230201.ManagedClusterManagedOutboundIPProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -12344,14 +8727,10 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: Storage version of v1api20230201.ManagedClusterOIDCIssuerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -12359,14 +8738,10 @@ spec: type: string type: object podIdentityProfile: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -12374,26 +8749,18 @@ spec: type: boolean userAssignedIdentities: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: Storage version of v1api20230201.UserAssignedIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -12407,47 +8774,31 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20230201.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningError_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string details: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -12470,14 +8821,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: Storage version of v1api20230201.ManagedClusterPodIdentityException_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -12491,14 +8838,10 @@ spec: type: array type: object powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -12507,14 +8850,10 @@ spec: type: string privateLinkResources: items: - description: Storage version of v1api20230201.PrivateLinkResource_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -12537,24 +8876,16 @@ spec: publicNetworkAccess: type: string securityProfile: - description: Storage version of v1api20230201.ManagedClusterSecurityProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: Storage version of v1api20230201.AzureKeyVaultKms_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -12566,40 +8897,28 @@ spec: type: string type: object defender: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefender_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileImageCleaner_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -12607,41 +8926,29 @@ spec: type: integer type: object workloadIdentity: - description: Storage version of v1api20230201.ManagedClusterSecurityProfileWorkloadIdentity_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object servicePrincipalProfile: - description: Storage version of v1api20230201.ManagedClusterServicePrincipalProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string type: object sku: - description: Storage version of v1api20230201.ManagedClusterSKU_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -12649,77 +8956,53 @@ spec: type: string type: object storageProfile: - description: Storage version of v1api20230201.ManagedClusterStorageProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileBlobCSIDriver_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileDiskCSIDriver_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: Storage version of v1api20230201.ManagedClusterStorageProfileFileCSIDriver_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: Storage version of v1api20230201.ManagedClusterStorageProfileSnapshotController_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object systemData: - description: Storage version of v1api20230201.SystemData_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -12741,28 +9024,20 @@ spec: type: type: string windowsProfile: - description: Storage version of v1api20230201.ManagedClusterWindowsProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: Storage version of v1api20230201.WindowsGmsaProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -12775,24 +9050,16 @@ spec: type: string type: object workloadAutoScalerProfile: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: Storage version of v1api20230201.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -12820,166 +9087,94 @@ spec: name: v1api20231001 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean required: - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -12988,244 +9183,152 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -13233,40 +9336,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -13274,63 +9362,35 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner @@ -13339,154 +9399,92 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -13496,45 +9494,25 @@ spec: type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. enum: - least-waste - most-pods @@ -13542,80 +9520,45 @@ spec: - random type: string max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' enum: - NodeImage - None - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). enum: - node-image - none @@ -13625,36 +9568,16 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object required: @@ -13662,162 +9585,99 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). enum: - None - SystemAssigned - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -13825,96 +9685,58 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string required: - keyData @@ -13928,21 +9750,13 @@ spec: - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: enum: - IPv4 @@ -13950,133 +9764,85 @@ spec: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. maximum: 64000 minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' enum: - NodeIP - NodeIPConfiguration type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. maximum: 100 minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. maximum: 100 minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -14084,98 +9850,68 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. enum: - basic - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. maximum: 16 minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' enum: - azure - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' enum: - bridge - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' enum: - azure - kubenet - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' enum: - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' enum: - azure - calico - cilium type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). enum: - loadBalancer - managedNATGateway @@ -14183,69 +9919,37 @@ spec: - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -14253,35 +9957,22 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: 'PrincipalId: indicates where the PrincipalId config map should be placed. If omitted, no config map will be created.' properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -14289,29 +9980,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -14319,37 +9994,22 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -14358,106 +10018,66 @@ spec: type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string required: - identity @@ -14466,22 +10086,15 @@ spec: type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object required: - name @@ -14491,236 +10104,147 @@ spec: type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' enum: - Disabled - Enabled type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. enum: - Private - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean nodeSelector: additionalProperties: type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' type: object required: - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' enum: - External - Internal @@ -14732,17 +10256,12 @@ spec: type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' enum: - Disabled - Istio @@ -14751,23 +10270,14 @@ spec: - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -14777,17 +10287,12 @@ spec: - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' enum: - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. enum: - Free - Premium @@ -14795,39 +10300,29 @@ spec: type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' enum: - AKSLongTermSupport - KubernetesOfficial @@ -14835,91 +10330,43 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. enum: - None - Windows_Server @@ -14928,22 +10375,17 @@ spec: - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean required: - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean required: - enabled @@ -14954,671 +10396,368 @@ spec: - owner type: object status: - description: Managed cluster. properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. type: string max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -15628,815 +10767,497 @@ spec: type: object type: array currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: error: - description: 'Error: Pod identity assignment error (if any).' properties: error: - description: 'Error: Details about the error.' properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean nodeSelector: additionalProperties: type: string - description: 'NodeSelector: NodeSelector for scheduling the egress gateway.' type: object type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object @@ -16462,50 +11283,24 @@ spec: name: v1api20231001storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20231001.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231001.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -16526,16 +11321,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -16547,73 +11336,45 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -16630,39 +11391,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -16692,30 +11436,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -16790,29 +11522,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -16824,38 +11544,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -16869,25 +11575,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -16905,61 +11601,36 @@ spec: osType: type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20231001.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -16977,16 +11648,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -16996,26 +11661,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -17023,16 +11677,10 @@ spec: type: object type: array apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -17048,14 +11696,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -17093,16 +11737,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -17110,46 +11748,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -17159,32 +11775,19 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -17194,16 +11797,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20231001.ExtendedLocation - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -17213,16 +11810,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -17236,52 +11827,32 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20231001.ManagedClusterIdentity - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: @@ -17292,35 +11863,21 @@ spec: type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17328,31 +11885,18 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -17361,40 +11905,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17402,43 +11931,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -17449,16 +11960,10 @@ spec: location: type: string networkProfile: - description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServiceIP: type: string @@ -17467,16 +11972,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -17484,35 +11983,21 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17522,14 +12007,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -17537,92 +12018,56 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17632,48 +12077,28 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -17681,16 +12106,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -17724,55 +12143,28 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20231001.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -17780,46 +12172,26 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20231001.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key - name type: object principalId: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -17828,27 +12200,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -17856,46 +12213,26 @@ spec: type: object type: array secrets: - description: Storage version of v1api20231001.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -17906,30 +12243,18 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -17937,45 +12262,26 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -17984,40 +12290,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -18029,17 +12320,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -18054,39 +12338,25 @@ spec: type: object privateLinkResources: items: - description: |- - Storage version of v1api20231001.PrivateLinkResource - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -18100,28 +12370,16 @@ spec: publicNetworkAccess: type: string securityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20231001.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18130,91 +12388,51 @@ spec: keyVaultNetworkAccess: type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18222,69 +12440,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20231001.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20231001.IstioServiceMesh - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20231001.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -18293,23 +12480,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -18317,29 +12496,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20231001.IstioComponents - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20231001.IstioEgressGateway - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18351,17 +12518,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20231001.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18379,31 +12539,18 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -18411,16 +12558,10 @@ spec: type: object type: object sku: - description: |- - Storage version of v1api20231001.ManagedClusterSKU - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -18428,73 +12569,43 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18507,28 +12618,16 @@ spec: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20231001.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20231001.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -18537,29 +12636,16 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -18570,16 +12656,10 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20231001.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -18592,43 +12672,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -18638,28 +12700,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20231001.ManagedCluster_STATUS - Managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -18680,16 +12730,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20231001.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -18698,16 +12742,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -18720,16 +12758,10 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20231001.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -18740,16 +12772,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -18771,16 +12797,10 @@ spec: hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -18810,30 +12830,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -18908,29 +12916,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -18946,16 +12942,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -18989,16 +12979,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -19022,16 +13006,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -19047,16 +13025,10 @@ spec: type: object type: array apiServerAccessProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -19072,14 +13044,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20231001.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -19117,16 +13085,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -19134,46 +13096,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20231001.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -19186,39 +13126,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -19240,16 +13163,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20231001.ExtendedLocation_STATUS - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -19261,16 +13178,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20231001.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -19286,29 +13197,17 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20231001.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20231001.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string @@ -19328,14 +13227,10 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20231001.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -19346,16 +13241,10 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -19368,43 +13257,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20231001.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20231001.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20231001.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -19419,16 +13290,10 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServiceIP: type: string @@ -19437,16 +13302,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -19454,16 +13313,10 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -19474,14 +13327,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -19489,27 +13338,17 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -19517,27 +13356,17 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20231001.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -19548,29 +13377,17 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20231001.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20231001.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -19579,16 +13396,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20231001.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -19622,16 +13433,10 @@ spec: nodeResourceGroup: type: string oidcIssuerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -19639,17 +13444,10 @@ spec: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -19657,30 +13455,18 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20231001.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -19694,51 +13480,31 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20231001.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string details: items: - description: Storage version of v1api20231001.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -19761,17 +13527,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20231001.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -19785,16 +13544,10 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -19803,16 +13556,10 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20231001.PrivateLinkResource_STATUS - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -19837,28 +13584,16 @@ spec: resourceUID: type: string securityProfile: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20231001.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -19870,47 +13605,28 @@ spec: type: string type: object defender: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -19918,69 +13634,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20231001.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20231001.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20231001.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20231001.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20231001.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -19995,29 +13680,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20231001.IstioComponents_STATUS - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20231001.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -20029,17 +13702,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20231001.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -20057,31 +13723,19 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20231001.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20231001.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -20089,73 +13743,43 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20231001.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -20164,16 +13788,10 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20231001.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -20195,28 +13813,16 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20231001.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -20225,32 +13831,20 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20231001.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -20263,43 +13857,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20231001.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -20327,197 +13903,108 @@ spec: name: v1api20240402preview schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean required: - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. maximum: 31 minimum: 28 type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -20526,262 +14013,160 @@ spec: - MIG7g type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - Gateway - System - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -20789,114 +14174,65 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. enum: - AzureLinux - CBLMariner @@ -20907,163 +14243,99 @@ spec: - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. enum: - DynamicIndividual - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' enum: - Disabled - LocalUser type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. enum: - Cordon - Schedule @@ -21071,58 +14343,36 @@ spec: type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. items: - description: Specifications on auto-scaling. properties: maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' type: integer minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. items: type: string type: array type: object type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. items: type: string type: array @@ -21131,45 +14381,25 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - KataMshvVmIsolation - OCIContainer @@ -21180,69 +14410,38 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' enum: - least-waste - most-pods @@ -21250,76 +14449,41 @@ spec: - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' enum: - NodeImage - None @@ -21327,9 +14491,6 @@ spec: - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). enum: - node-image - none @@ -21339,115 +14500,61 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' type: boolean type: object openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' type: boolean port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' type: integer type: object openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' type: boolean port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' type: integer type: object type: object containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. properties: disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false type: boolean disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false type: boolean enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' type: boolean logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' type: integer type: object metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' properties: enabled: - description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. type: string type: object required: @@ -21455,226 +14562,136 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' enum: - Cache - Direct type: string containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. type: boolean enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). enum: - None - SystemAssigned - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -21682,133 +14699,82 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' properties: dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only - when Web App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS - zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' type: boolean type: object type: object kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' type: string kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string required: - keyData @@ -21822,228 +14788,144 @@ spec: - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. enum: - IPv4 - IPv6 type: string type: array kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. properties: enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). type: boolean ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' properties: scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' enum: - LeastConnection - RoundRobin type: string tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. type: integer tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' type: integer udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' type: integer type: object mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' enum: - IPTABLES - IPVS type: string type: object loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. maximum: 64000 minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' enum: - NodeIP - NodeIPConfiguration type: string clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' enum: - ServiceNodePort - Shared type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. maximum: 100 minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. maximum: 100 minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -22051,89 +14933,62 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. enum: - basic - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. maximum: 16 minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' enum: - azure - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' enum: - bridge - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' enum: - azure - kubenet - none type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' enum: - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' enum: - azure - calico @@ -22141,9 +14996,6 @@ spec: - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). enum: - loadBalancer - managedNATGateway @@ -22152,106 +15004,63 @@ spec: - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. enum: - IMDS - None type: string serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. properties: enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' enum: - Auto - Manual type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' properties: restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' enum: - ReadOnly - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -22259,20 +15068,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -22280,29 +15081,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -22310,37 +15095,22 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -22349,106 +15119,66 @@ spec: type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string required: - identity @@ -22457,22 +15187,15 @@ spec: type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object required: - name @@ -22482,285 +15205,177 @@ spec: type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' enum: - Disabled - Enabled - SecuredByPerimeter type: string safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' properties: excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' items: type: string type: array level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces enum: - Enforcement - "Off" - Warning type: string version: - description: 'Version: The version of constraints to use' type: string required: - level type: object securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. enum: - Private - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) items: type: string maxItems: 10 minItems: 0 type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. properties: enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' type: boolean type: object nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Node Restriction' type: boolean type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean required: - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' enum: - External - Internal @@ -22772,17 +15387,12 @@ spec: type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' enum: - Disabled - Istio @@ -22791,23 +15401,14 @@ spec: - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -22817,18 +15418,13 @@ spec: - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' enum: - Automatic - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. enum: - Free - Premium @@ -22836,42 +15432,31 @@ spec: type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' type: string type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' enum: - AKSLongTermSupport - KubernetesOfficial @@ -22879,91 +15464,43 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. enum: - None - Windows_Server @@ -22972,13 +15509,10 @@ spec: - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean required: - enabled @@ -22986,13 +15520,11 @@ spec: verticalPodAutoscaler: properties: addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' enum: - Disabled - Enabled type: string enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean required: - enabled @@ -23003,612 +15535,338 @@ spec: - owner type: object status: - description: Managed cluster. properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. type: boolean type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. items: - description: Specifications on auto-scaling. properties: maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' type: integer minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. items: type: string type: array type: object type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. items: type: string type: array @@ -23617,325 +15875,169 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: enabled: - description: 'Enabled: Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: - description: 'EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string subnetId: - description: |- - SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable - apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: 'Expander: Available values are: ''least-waste'', ''most-pods'', ''priority'', ''random''.' type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Prometheus addon profile for the container service cluster' properties: appMonitoring: - description: |- - AppMonitoring: Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics - and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: autoInstrumentation: - description: |- - AutoInstrumentation: Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook - to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the - application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Auto Instrumentation is enabled or not.' type: boolean type: object openTelemetryLogs: - description: |- - OpenTelemetryLogs: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and - Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not.' type: boolean port: - description: 'Port: The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331.' type: integer type: object openTelemetryMetrics: - description: |- - OpenTelemetryMetrics: Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container - Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: enabled: - description: 'Enabled: Indicates if Application Monitoring Open Telemetry Metrics is enabled or not.' type: boolean port: - description: 'Port: The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333.' type: integer type: object type: object containerInsights: - description: |- - ContainerInsights: Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & - stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. properties: disableCustomMetrics: - description: |- - DisableCustomMetrics: Indicates whether custom metrics collection has to be disabled or not. If not specified the - default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is - false type: boolean disablePrometheusMetricsScraping: - description: |- - DisablePrometheusMetricsScraping: Indicates whether prometheus metrics scraping is disabled or not. If not specified the - default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field - is false type: boolean enabled: - description: 'Enabled: Indicates if Azure Monitor Container Insights Logs Addon is enabled or not.' type: boolean logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure - Monitor Container Insights Logs. type: string syslogPort: - description: 'SyslogPort: The syslog host port. If not specified, the default port is 28330.' type: integer type: object metrics: - description: 'Metrics: Metrics profile for the prometheus service addon' properties: enabled: - description: 'Enabled: Whether to enable the Prometheus collector' type: boolean kubeStateMetrics: - description: 'KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster' properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels - metric. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: artifactSource: - description: 'ArtifactSource: The source where the artifacts are downloaded from.' type: string containerRegistryId: - description: |- - ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium - SKU and zone redundancy. type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -23945,1018 +16047,615 @@ spec: type: object type: array creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a - snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentKubernetesVersion: - description: 'CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running.' type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableNamespaceResources: - description: |- - EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed - cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as - a ARM Resource. type: boolean enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: effectiveNoProxy: - description: |- - EffectiveNoProxy: A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a - superset of noProxy and values injected by AKS. items: type: string type: array httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: 'IdentityProfile: Identities associated with the cluster.' type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: 'WebAppRouting: Web App Routing settings for the ingress profile.' properties: dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Web App Routing add-on. Used only when Web - App Routing is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must - be in the same resource group and all private DNS zones must be in the same resource group. items: type: string type: array enabled: - description: 'Enabled: Whether to enable Web App Routing.' type: boolean identity: - description: |- - Identity: Managed identity of the Web Application Routing add-on. This is the identity that should be granted - permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See - [this overview of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more - instructions. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object type: object kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' type: string kubernetesVersion: - description: |- - KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades - must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> - 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced - networking features may incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: - description: To determine if address belongs IPv4 or IPv6 family. type: string type: array kubeProxyConfig: - description: |- - KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy - defaulting behavior. See https://v.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ - where is represented by a - string. Kubernetes version 1.23 would be '1-23'. properties: enabled: - description: |- - Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by - default without these customizations). type: boolean ipvsConfig: - description: 'IpvsConfig: Holds configuration customizations for IPVS. May only be specified if ''mode'' is set to ''IPVS''.' properties: scheduler: - description: 'Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.' type: string tcpFinTimeoutSeconds: - description: |- - TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive - integer value. type: integer tcpTimeoutSeconds: - description: 'TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.' type: integer udpTimeoutSeconds: - description: 'UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.' type: integer type: object mode: - description: 'Mode: Specify which proxy mode to use (''IPTABLES'' or ''IPVS'')' type: string type: object loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string clusterServiceLoadBalancerHealthProbeMode: - description: 'ClusterServiceLoadBalancerHealthProbeMode: The health probing behavior for External Traffic Policy Cluster services.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: Network plugin mode used for building the Kubernetes network.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array podLinkLocalAccess: - description: |- - PodLinkLocalAccess: Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods - with hostNetwork=false. if not specified, the default is 'IMDS'. type: string serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. properties: enabled: - description: 'Enabled: Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: mode: - description: 'Mode: Once the mode it set to Auto, it cannot be changed back to Manual.' type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: The node resource group configuration profile.' properties: restrictionLevel: - description: 'RestrictionLevel: The restriction level applied to the cluster''s node resource group' type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: error: - description: 'Error: Pod identity assignment error (if any).' properties: error: - description: 'Error: Details about the error.' properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string safeguardsProfile: - description: 'SafeguardsProfile: The Safeguards profile holds all the safeguards information for a given cluster' properties: excludedNamespaces: - description: 'ExcludedNamespaces: List of namespaces excluded from Safeguards checks' items: type: string type: array level: - description: |- - Level: The Safeguards level to be used. By default, Safeguards is enabled for all namespaces except those that AKS - excludes via systemExcludedNamespaces type: string systemExcludedNamespaces: - description: 'SystemExcludedNamespaces: List of namespaces specified by AKS to be excluded from Safeguards' items: type: string type: array version: - description: 'Version: The version of constraints to use' type: string type: object securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the - Custom CA Trust feature enabled. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) items: type: string type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object imageIntegrity: - description: |- - ImageIntegrity: Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This - will not have any effect unless Azure Policy is applied to enforce image signatures. See - https://aka.ms/aks/image-integrity for how to use this feature via policy. properties: enabled: - description: 'Enabled: Whether to enable image integrity. The default value is false.' type: boolean type: object nodeRestriction: - description: |- - NodeRestriction: [Node - Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings - for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Node Restriction' type: boolean type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean version: - description: 'Version: The version of AzureDisk CSI Driver. The default value is v1.' type: string type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: properties: addonAutoscaling: - description: 'AddonAutoscaling: Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.' type: string enabled: - description: 'Enabled: Whether to enable VPA add-on in cluster. Default value is false.' type: boolean type: object type: object @@ -24982,50 +16681,24 @@ spec: name: v1api20240402previewstorage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240402preview.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -25046,16 +16719,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -25067,26 +16734,16 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -25096,57 +16753,35 @@ spec: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -25163,16 +16798,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -25180,52 +16809,31 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -25255,30 +16863,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -25355,29 +16951,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -25389,38 +16973,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -25438,25 +17008,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -25476,61 +17036,36 @@ spec: podIPAllocationMode: type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -25540,16 +17075,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -25567,16 +17096,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -25589,16 +17112,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -25607,41 +17124,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoscale: items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxCount: type: integer @@ -25655,16 +17154,10 @@ spec: type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -25679,39 +17172,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -25721,33 +17197,19 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -25767,14 +17229,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -25818,16 +17276,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -25835,61 +17287,31 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile - Prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -25897,18 +17319,10 @@ spec: type: integer type: object openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -25917,17 +17331,10 @@ spec: type: object type: object containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableCustomMetrics: type: boolean @@ -25936,55 +17343,33 @@ spec: enabled: type: boolean logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing - Azure Monitor Container Insights Logs. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object syslogPort: type: integer type: object metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the prometheus service addon properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -25994,102 +17379,59 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile - The bootstrap profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactSource: type: string containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -26101,16 +17443,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -26120,16 +17456,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -26143,52 +17473,32 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: @@ -26199,35 +17509,21 @@ spec: type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -26235,31 +17531,18 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -26268,87 +17551,52 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting - Web App Routing settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array @@ -26361,43 +17609,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -26408,69 +17638,38 @@ spec: location: type: string metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -26483,26 +17682,18 @@ spec: type: string type: array kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scheduler: type: string @@ -26517,16 +17708,10 @@ spec: type: string type: object loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -26536,35 +17721,21 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -26574,14 +17745,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -26589,92 +17756,56 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -26684,48 +17815,28 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -26733,16 +17844,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -26775,30 +17880,20 @@ spec: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile - The Static Egress Gateway addon configuration for the cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object mode: type: string @@ -26806,70 +17901,37 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20240402preview.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -26877,28 +17939,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20240402preview.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -26907,27 +17957,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -26935,46 +17970,26 @@ spec: type: object type: array secrets: - description: Storage version of v1api20240402preview.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -26985,30 +18000,18 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -27016,45 +18019,26 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -27063,40 +18047,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -27108,17 +18077,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -27133,39 +18095,25 @@ spec: type: object privateLinkResources: items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -27179,16 +18127,10 @@ spec: publicNetworkAccess: type: string safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile - The Safeguards profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object excludedNamespaces: items: @@ -27200,28 +18142,16 @@ spec: type: string type: object securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27230,25 +18160,15 @@ spec: keyVaultNetworkAccess: type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -27257,68 +18177,38 @@ spec: type: string type: array defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27326,99 +18216,56 @@ spec: type: integer type: object imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity - Image integrity related settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction - Node Restriction settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -27427,23 +18274,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -27451,29 +18290,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240402preview.IstioComponents - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27481,17 +18308,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27509,31 +18329,18 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -27541,16 +18348,10 @@ spec: type: object type: object sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -27558,43 +18359,25 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27602,31 +18385,19 @@ spec: type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27639,28 +18410,16 @@ spec: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -27669,29 +18428,16 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -27702,16 +18448,10 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -27724,41 +18464,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addonAutoscaling: type: string @@ -27770,28 +18494,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240402preview.ManagedCluster_STATUS - Managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -27812,16 +18524,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240402preview.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -27830,16 +18536,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -27852,26 +18552,16 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -27885,16 +18575,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -27916,16 +18600,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -27933,14 +18611,10 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean @@ -27948,16 +18622,10 @@ spec: hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -27987,30 +18655,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -28087,29 +18743,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -28125,16 +18769,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -28174,16 +18812,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -28199,16 +18831,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -28226,16 +18852,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -28248,16 +18868,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -28266,41 +18880,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoscale: items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxCount: type: integer @@ -28314,16 +18910,10 @@ spec: type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -28340,16 +18930,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -28359,33 +18943,19 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAIToolchainOperatorProfile_STATUS - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -28405,14 +18975,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20240402preview.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -28456,16 +19022,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -28473,61 +19033,31 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfile_STATUS - Prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object appMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoring_STATUS - Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces - through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoInstrumentation: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS - Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument - Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object openTelemetryLogs: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects - OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -28535,18 +19065,10 @@ spec: type: integer type: object openTelemetryMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS - Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects - OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See - aka.ms/AzureMonitorApplicationMonitoring for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -28555,17 +19077,10 @@ spec: type: object type: object containerInsights: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileContainerInsights_STATUS - Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See - aka.ms/AzureMonitorContainerInsights for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableCustomMetrics: type: boolean @@ -28579,30 +19094,18 @@ spec: type: integer type: object metrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the prometheus service addon properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20240402preview.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics for prometheus addon profile for the container service cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -28614,16 +19117,10 @@ spec: azurePortalFQDN: type: string bootstrapProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterBootstrapProfile_STATUS - The bootstrap profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactSource: type: string @@ -28632,39 +19129,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -28674,16 +19154,10 @@ spec: type: object type: array creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -28705,16 +19179,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240402preview.ExtendedLocation_STATUS - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -28726,16 +19194,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240402preview.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveNoProxy: items: @@ -28755,29 +19217,17 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20240402preview.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240402preview.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string @@ -28797,14 +19247,10 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20240402preview.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -28815,16 +19261,10 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -28835,28 +19275,16 @@ spec: type: object type: object ingressProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20240402preview.ManagedClusterIngressProfileWebAppRouting_STATUS - Web App Routing settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceIds: items: @@ -28865,16 +19293,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -28890,43 +19312,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20240402preview.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -28939,28 +19343,16 @@ spec: maxAgentPools: type: integer metricsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20240402preview.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -28969,41 +19361,22 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20240402preview.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability on a cluster. Note that enabling advanced networking features may - incur additional costs. For more information see aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object observability: - description: |- - Storage version of v1api20240402preview.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29016,26 +19389,18 @@ spec: type: string type: array kubeProxyConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean ipvsConfig: - description: Storage version of v1api20240402preview.ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scheduler: type: string @@ -29050,16 +19415,10 @@ spec: type: string type: object loadBalancerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -29069,16 +19428,10 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -29089,14 +19442,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -29104,27 +19453,17 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -29132,27 +19471,17 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20240402preview.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -29163,29 +19492,17 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240402preview.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -29194,16 +19511,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -29236,30 +19547,20 @@ spec: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStaticEgressGatewayProfile_STATUS - The Static Egress Gateway addon configuration for the cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20240402preview.ManagedClusterNodeProvisioningProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object mode: type: string @@ -29267,31 +19568,19 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29299,17 +19588,10 @@ spec: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -29317,30 +19599,18 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240402preview.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -29354,51 +19624,31 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string details: items: - description: Storage version of v1api20240402preview.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -29421,17 +19671,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240402preview.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -29445,16 +19688,10 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -29463,16 +19700,10 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20240402preview.PrivateLinkResource_STATUS - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -29497,16 +19728,10 @@ spec: resourceUID: type: string safeguardsProfile: - description: |- - Storage version of v1api20240402preview.SafeguardsProfile_STATUS - The Safeguards profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object excludedNamespaces: items: @@ -29522,28 +19747,16 @@ spec: type: string type: object securityProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240402preview.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29559,47 +19772,28 @@ spec: type: string type: array defender: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29607,99 +19801,56 @@ spec: type: integer type: object imageIntegrity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileImageIntegrity_STATUS - Image integrity related settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object nodeRestriction: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileNodeRestriction_STATUS - Node Restriction settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object workloadIdentity: - description: |- - Storage version of v1api20240402preview.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240402preview.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20240402preview.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20240402preview.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20240402preview.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -29714,29 +19865,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240402preview.IstioComponents_STATUS - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29744,17 +19883,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20240402preview.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29772,31 +19904,19 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20240402preview.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -29804,43 +19924,25 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29848,31 +19950,19 @@ spec: type: string type: object fileCSIDriver: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240402preview.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -29881,16 +19971,10 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20240402preview.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -29912,28 +19996,16 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20240402preview.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -29942,32 +20014,20 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240402preview.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -29980,41 +20040,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: Storage version of v1api20240402preview.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addonAutoscaling: type: string @@ -30044,166 +20088,94 @@ spec: name: v1api20240901 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean required: - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -30212,244 +20184,152 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -30457,40 +20337,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -30498,63 +20363,35 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner @@ -30563,184 +20400,108 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -30750,57 +20511,29 @@ spec: type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. enum: - least-waste - most-pods @@ -30808,76 +20541,41 @@ spec: - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' enum: - NodeImage - None @@ -30885,9 +20583,6 @@ spec: - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). enum: - node-image - none @@ -30897,36 +20592,16 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object required: @@ -30934,162 +20609,99 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). enum: - None - SystemAssigned - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -31097,138 +20709,80 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only - when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all - public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean type: object type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string required: - keyData @@ -31242,63 +20796,36 @@ spec: - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: enum: - IPv4 @@ -31306,133 +20833,85 @@ spec: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. maximum: 64000 minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' enum: - NodeIP - NodeIPConfiguration type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. maximum: 100 minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. maximum: 100 minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -31440,89 +20919,62 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. enum: - basic - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. maximum: 16 minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' enum: - azure - cilium type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' enum: - bridge - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' enum: - azure - kubenet - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' enum: - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' enum: - azure - calico @@ -31530,9 +20982,6 @@ spec: - none type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). enum: - loadBalancer - managedNATGateway @@ -31540,81 +20989,45 @@ spec: - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' enum: - ReadOnly - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -31622,20 +21035,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -31643,29 +21048,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -31673,37 +21062,22 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -31712,106 +21086,66 @@ spec: type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string required: - identity @@ -31820,22 +21154,15 @@ spec: type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object required: - name @@ -31845,231 +21172,143 @@ spec: type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' enum: - Disabled - Enabled type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. enum: - Private - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean required: - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' enum: - External - Internal @@ -32081,17 +21320,12 @@ spec: type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' enum: - Disabled - Istio @@ -32100,23 +21334,14 @@ spec: - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -32126,17 +21351,12 @@ spec: - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' enum: - Base type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. enum: - Free - Premium @@ -32144,39 +21364,29 @@ spec: type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' enum: - AKSLongTermSupport - KubernetesOfficial @@ -32184,91 +21394,43 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. enum: - None - Windows_Server @@ -32277,22 +21439,17 @@ spec: - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean required: - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean required: - enabled @@ -32303,722 +21460,390 @@ spec: - owner type: object status: - description: Managed cluster. properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: Windows agent pool names must be 6 characters or less.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with - clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API - server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: For more details, see [Creating a private AKS - cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The default is System. For more details see [configure private DNS - zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and - 'none'. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: 'BalanceSimilarNodeGroups: Valid values are ''true'' and ''false''' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the - node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be - deleted without ensuring that daemonset pods are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: If set to true, all daemonset pods on occupied nodes will be evicted before deletion - of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node - will be deleted without ensuring that daemonset pods are deleted or evicted. type: boolean expander: - description: |- - Expander: If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: If set to true, the resources used by daemonset will be taken into account when making - scaling down decisions. type: boolean max-empty-bulk-delete: - description: 'MaxEmptyBulkDelete: The default is 10.' type: string max-graceful-termination-sec: - description: 'MaxGracefulTerminationSec: The default is 600.' type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string max-total-unready-percentage: - description: 'MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.' type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler - could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is - '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: 'OkTotalUnreadyCount: This must be an integer. The default is 3.' type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of - time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other - than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than - minutes (m) is supported. type: string scale-down-utilization-threshold: - description: 'ScaleDownUtilizationThreshold: The default is ''0.5''.' type: string scan-interval: - description: 'ScanInterval: The default is ''10''. Values must be an integer number of seconds.' type: string skip-nodes-with-local-storage: - description: 'SkipNodesWithLocalStorage: The default is true.' type: string skip-nodes-with-system-pods: - description: 'SkipNodesWithSystemPods: The default is true.' type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: - description: |- - UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade - channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some - responses, which Kubernetes APIServer doesn't handle by default. This special FQDN supports CORS, allowing the Azure - Portal to function properly. type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -33028,907 +21853,544 @@ spec: type: object type: array currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: If kubernetesVersion was a fully specified version , this field will be - exactly equal to it. If kubernetesVersion was , this field will contain the full - version being used. type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be - used on Managed Clusters that are AAD enabled. For more details see [disable local - accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: This cannot be updated once the Managed Cluster has been created.' type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enablePodSecurityPolicy: - description: |- - EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was - deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and - https://aka.ms/aks/psp. type: boolean enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: 'FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.' type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when - Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public - DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: type: string type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean identity: - description: |- - Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, - for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview - of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object type: object kubernetesVersion: - description: |- - KubernetesVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All - upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or - 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS - cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The cost analysis configuration for the cluster' properties: enabled: - description: |- - Enabled: The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable this feature. Enabling this will - add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the - default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value - is IPv4. For dual-stack, the expected values are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: 'NetworkMode: This cannot be specified if networkPlugin is anything other than ''azure''.' type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see - [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is - expected for dual-stack networking. They must not overlap with any Subnet IP ranges. items: type: string type: array type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more - details on AAD pod identity integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod - Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: error: - description: 'Error: Pod identity assignment error (if any).' properties: error: - description: 'Error: Details about the error.' properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the - key vault allows public access from all networks. `Private` means the key vault disables public access and enables - private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object @@ -33954,50 +22416,24 @@ spec: name: v1api20240901storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240901.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240901.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -34018,16 +22454,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -34039,73 +22469,45 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -34122,39 +22524,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -34184,30 +22569,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -34282,29 +22655,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -34316,38 +22677,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -34361,25 +22708,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -34397,61 +22734,36 @@ spec: osType: type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240901.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -34461,16 +22773,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -34486,16 +22792,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -34507,39 +22807,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -34549,16 +22832,10 @@ spec: type: object type: array apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -34574,14 +22851,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -34625,16 +22898,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -34642,46 +22909,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -34691,32 +22936,19 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: This is of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -34726,16 +22958,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -34745,16 +22971,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -34768,52 +22988,32 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: @@ -34824,35 +23024,21 @@ spec: type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20240901.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -34860,31 +23046,18 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -34893,87 +23066,52 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting - Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array @@ -34984,43 +23122,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -35031,86 +23151,49 @@ spec: location: type: string metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity - Security profile to enable security features on cilium based cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -35123,16 +23206,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -35140,35 +23217,21 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -35178,14 +23241,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -35193,92 +23252,56 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -35288,48 +23311,28 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -35337,16 +23340,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -35380,70 +23377,37 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20240901.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -35451,28 +23415,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20240901.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -35481,27 +23433,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -35509,46 +23446,26 @@ spec: type: object type: array secrets: - description: Storage version of v1api20240901.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -35559,30 +23476,18 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -35590,45 +23495,26 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -35637,40 +23523,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -35682,17 +23553,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -35707,39 +23571,25 @@ spec: type: object privateLinkResources: items: - description: |- - Storage version of v1api20240901.PrivateLinkResource - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -35753,28 +23603,16 @@ spec: publicNetworkAccess: type: string securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -35783,91 +23621,51 @@ spec: keyVaultNetworkAccess: type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -35875,69 +23673,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -35946,23 +23713,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -35970,29 +23729,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240901.IstioComponents - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20240901.IstioEgressGateway - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -36000,17 +23747,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20240901.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -36028,31 +23768,18 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -36060,16 +23787,10 @@ spec: type: object type: object sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -36077,73 +23798,43 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -36156,28 +23847,16 @@ spec: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -36186,29 +23865,16 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -36219,16 +23885,10 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -36241,43 +23901,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -36287,28 +23929,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240901.ManagedCluster_STATUS - Managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAADProfile_STATUS - For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -36329,16 +23959,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20240901.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -36347,16 +23971,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -36369,16 +23987,10 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20240901.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -36389,16 +24001,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -36422,16 +24028,10 @@ spec: hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -36461,30 +24061,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -36559,29 +24147,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -36597,16 +24173,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -36640,16 +24210,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -36665,16 +24229,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -36690,16 +24248,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -36713,16 +24265,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -36732,16 +24278,10 @@ spec: type: object type: array apiServerAccessProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -36757,14 +24297,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20240901.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -36808,16 +24344,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -36825,46 +24355,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20240901.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -36877,39 +24385,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -36933,16 +24424,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20240901.ExtendedLocation_STATUS - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -36954,16 +24439,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20240901.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -36979,29 +24458,17 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20240901.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20240901.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string @@ -37021,14 +24488,10 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20240901.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -37039,16 +24502,10 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -37059,28 +24516,16 @@ spec: type: object type: object ingressProfile: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20240901.ManagedClusterIngressProfileWebAppRouting_STATUS - Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceIds: items: @@ -37089,16 +24534,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -37112,43 +24551,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20240901.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20240901.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20240901.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -37161,28 +24582,16 @@ spec: maxAgentPools: type: integer metricsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20240901.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37191,58 +24600,33 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240901.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20240901.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean observability: - description: |- - Storage version of v1api20240901.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object security: - description: |- - Storage version of v1api20240901.AdvancedNetworkingSecurity_STATUS - Security profile to enable security features on cilium based cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37255,16 +24639,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -37272,16 +24650,10 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -37292,14 +24664,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -37307,27 +24675,17 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -37335,27 +24693,17 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20240901.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -37366,29 +24714,17 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20240901.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -37397,16 +24733,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20240901.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -37440,31 +24770,19 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20240901.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37472,17 +24790,10 @@ spec: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProfile_STATUS - See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod - identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -37490,30 +24801,18 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20240901.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -37527,51 +24826,31 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20240901.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string details: items: - description: Storage version of v1api20240901.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -37594,17 +24873,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20240901.ManagedClusterPodIdentityException_STATUS - See [disable AAD Pod Identity for a specific - Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -37618,16 +24890,10 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -37636,16 +24902,10 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20240901.PrivateLinkResource_STATUS - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -37670,28 +24930,16 @@ spec: resourceUID: type: string securityProfile: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20240901.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37703,47 +24951,28 @@ spec: type: string type: object defender: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37751,69 +24980,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20240901.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20240901.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20240901.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20240901.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20240901.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -37828,29 +25026,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20240901.IstioComponents_STATUS - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20240901.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37858,17 +25044,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20240901.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37886,31 +25065,19 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20240901.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20240901.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -37918,73 +25085,43 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20240901.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -37993,16 +25130,10 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20240901.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -38024,28 +25155,16 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20240901.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -38054,32 +25173,20 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20240901.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -38092,43 +25199,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20240901.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -38156,183 +25245,101 @@ spec: name: v1api20250801 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean required: - enabled type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM - sizes and in certain Azure regions. For more information, see: - https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to - receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to - make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP - per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). - The default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. maximum: 31 minimum: 28 type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -38341,270 +25348,163 @@ spec: - MIG7g type: string gpuProfile: - description: 'GpuProfile: GPU settings for the Agent Pool.' properties: driver: - description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' enum: - Install - None type: string type: object hostGroupReference: - description: |- - HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used - only in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal - numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', - 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: |- - ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image - garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: |- - ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set - higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages - available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For - more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and - 'never'. The default is 'always'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to - /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified - for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional - information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - Gateway - System - User type: string name: - description: |- - Name: Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool - names must be 6 characters or less. pattern: ^[a-z][a-z0-9]{0,11}$ type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -38612,40 +25512,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -38653,64 +25538,35 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade - all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version - as the control plane. The node pool minor version must be within two minor versions of the control plane version. The - node pool version cannot be greater than the control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it - and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after - creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - AzureLinux3 @@ -38721,174 +25577,101 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with - podSubnetId. The default is 'DynamicIndividual'. enum: - DynamicIndividual - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned - on the node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. - The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not - accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: |- - ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler - behavior. If not specified, it defaults to Delete. enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the - scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' enum: - Disabled - LocalUser type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal - value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value - greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, - see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and - graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is - exceeded, the upgrade fails. If not specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer - (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size - at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For - more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string maxUnavailable: - description: |- - MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This - can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the - percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If - not specified, the default is 0. For more information, including best practices, see: - https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node - and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. enum: - Cordon - Schedule @@ -38896,80 +25679,48 @@ spec: type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: |- - Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or - 'Standard_D16s_v5'. type: string type: object type: array type: object type: object vmSize: - description: |- - VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute - resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is - not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and - pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only - be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -38979,96 +25730,48 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: enabled: - description: 'Enabled: Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR - format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters - that are using a Basic Load Balancer. For more information see [API server authorized IP - ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: Whether to create the cluster as a private cluster or not. For more details, see [Creating a - private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: - description: |- - EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not. See - aka.ms/AksVnetIntegration for more details. type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The private DNS zone mode for the cluster. The default is System. For more details see [configure - private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are - 'system' and 'none'. type: string subnetReference: - description: |- - SubnetReference: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new - cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: |- - BalanceSimilarNodeGroups: Detects similar node pools and balances the number of nodes between them. Valid values are - 'true' and 'false' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all - daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted - another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods - are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, - all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted - another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods - are deleted or evicted. type: boolean expander: - description: |- - Expander: The expander to use when scaling up. If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. enum: - least-waste - most-pods @@ -39076,93 +25779,41 @@ spec: - random type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If - set to true, the resources used by daemonset will be taken into account when making scaling down decisions. type: boolean max-empty-bulk-delete: - description: |- - MaxEmptyBulkDelete: The maximum number of empty nodes that can be deleted at the same time. This must be a positive - integer. The default is 10. type: string max-graceful-termination-sec: - description: |- - MaxGracefulTerminationSec: The maximum number of seconds the cluster autoscaler waits for pod termination when trying to - scale down a node. The default is 600. type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values - must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string max-total-unready-percentage: - description: |- - MaxTotalUnreadyPercentage: The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, - cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you - don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled - pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, - 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: |- - OkTotalUnreadyCount: The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an - integer. The default is 3. type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: How long after scale up that scale down evaluation resumes. The default is '10m'. Values must be - an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: How long after node deletion that scale down evaluation resumes. The default is the - scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: How long after scale down failure that scale down evaluation resumes. The default is '3m'. - Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: How long a node should be unneeded before it is eligible for scale down. The default is '10m'. - Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: How long an unready node should be unneeded before it is eligible for scale down. The default is - '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-utilization-threshold: - description: |- - ScaleDownUtilizationThreshold: Node utilization level, defined as sum of requested resources divided by capacity, below - which a node can be considered for scale down. The default is '0.5'. type: string scan-interval: - description: |- - ScanInterval: How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer - number of seconds. type: string skip-nodes-with-local-storage: - description: |- - SkipNodesWithLocalStorage: If cluster autoscaler will skip deleting nodes with pods with local storage, for example, - EmptyDir or HostPath. The default is true. type: string skip-nodes-with-system-pods: - description: |- - SkipNodesWithSystemPods: If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet - or mirror pods). The default is true. type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.' enum: - NodeImage - None @@ -39170,9 +25821,6 @@ spec: - Unmanaged type: string upgradeChannel: - description: |- - UpgradeChannel: The upgrade channel for auto upgrade. The default is 'none'. For more information see [setting the AKS - cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). enum: - node-image - none @@ -39182,36 +25830,16 @@ spec: type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object required: @@ -39219,192 +25847,117 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9]$|^[a-zA-Z0-9][-_a-zA-Z0-9]{0,61}[a-zA-Z0-9]$ type: string bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: artifactSource: - description: 'ArtifactSource: The artifact source. The source where the artifacts are downloaded from.' enum: - Cache - Direct type: string containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: - description: |- - DisableLocalAccounts: If local accounts should be disabled on the Managed Cluster. If set to true, getting static - credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more - details see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is - of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: - description: 'DnsPrefix: The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.' type: string enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object fqdnSubdomain: - description: |- - FqdnSubdomain: The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the - Managed Cluster has been created. type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' pattern: ^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$ type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object type: - description: |- - Type: The type of identity used for the managed cluster. For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). enum: - None - SystemAssigned - UserAssigned type: string userAssignedIdentities: - description: |- - UserAssignedIdentities: The user identity associated with the managed cluster. This identity will be used in control - plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. items: - description: Information about the user assigned identity for the resource properties: reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -39412,114 +25965,68 @@ spec: type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: dnsZoneResourceReferences: - description: |- - DnsZoneResourceReferences: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only - when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all - public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean nginx: - description: |- - Nginx: Configuration for the default NginxIngressController. See more at - https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. properties: defaultIngressControllerType: - description: 'DefaultIngressControllerType: Ingress type for the default NginxIngressController custom resource' enum: - AnnotationControlled - External @@ -39530,37 +26037,20 @@ spec: type: object type: object kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' type: string kubernetesVersion: - description: |- - KubernetesVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS - cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version - number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not - allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' pattern: ^[A-Za-z][-A-Za-z0-9_]*$ type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string required: - keyData @@ -39574,75 +26064,42 @@ spec: - ssh type: object location: - description: 'Location: The geo-location where the resource lives' type: string metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The configuration for detailed per-Kubernetes resource cost analysis.' properties: enabled: - description: |- - Enabled: Whether to enable cost analysis. The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable - this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure - portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: advancedNetworkPolicies: - description: |- - AdvancedNetworkPolicies: Enable advanced network policies. This allows users to configure Layer 7 network policies - (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see - https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not - specified, the default value is FQDN if security.enabled is set to true. enum: - FQDN - L7 - None type: string enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ type: string ipFamilies: - description: |- - IpFamilies: The IP families used to specify IP versions available to the cluster. IP families are used to determine - single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values - are IPv4 and IPv6. items: enum: - IPv4 @@ -39650,106 +26107,68 @@ spec: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. maximum: 64000 minimum: 0 type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' enum: - NodeIP - NodeIPConfiguration type: string enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. maximum: 100 minimum: 1 type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. maximum: 100 minimum: 0 type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -39757,64 +26176,45 @@ spec: type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The load balancer sku for the managed cluster. The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. enum: - basic - standard type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. maximum: 120 minimum: 4 type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. maximum: 16 minimum: 1 type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' enum: - azure - cilium type: string networkMode: - description: |- - NetworkMode: The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other - than 'azure'. enum: - bridge - transparent type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' enum: - azure - kubenet - none type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' enum: - overlay type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' enum: - azure - calico @@ -39822,9 +26222,6 @@ spec: - none type: string outboundType: - description: |- - OutboundType: The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed - later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). enum: - loadBalancer - managedNATGateway @@ -39833,112 +26230,63 @@ spec: - userDefinedRouting type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string podCidrs: - description: |- - PodCidrs: The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack - networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$ type: string serviceCidrs: - description: |- - ServiceCidrs: The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for - single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must - not overlap with any Subnet IP ranges. items: type: string type: array staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. properties: enabled: - description: 'Enabled: Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: defaultNodePools: - description: |- - DefaultNodePools: The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no - effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default - Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly - recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, - the default is Auto. For more information see aka.ms/aks/nap#node-pools. enum: - Auto - None type: string mode: - description: 'Mode: The node provisioning mode. If not specified, the default is Manual.' enum: - Auto - Manual type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' enum: - ReadOnly - Unrestricted type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -39946,20 +26294,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: oidcIssuerProfile: - description: |- - OIDCIssuerProfile: indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be - created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -39967,29 +26307,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -39997,37 +26321,22 @@ spec: type: object type: array secrets: - description: 'Secrets: configures where to place Azure generated secrets.' properties: adminCredentials: - description: |- - AdminCredentials: indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - UserCredentials: indicates where the UserCredentials secret should be placed. If omitted, the secret will not be - retrieved from Azure. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -40036,108 +26345,66 @@ spec: type: object type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: The pod identity profile of the Managed Cluster. See [use AAD pod - identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on AAD pod identity - integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Whether pod identity is allowed to run on clusters with Kubenet networking. Running in - Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See - [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string clientIdFromConfig: - description: 'ClientIdFromConfig: The client ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string objectIdFromConfig: - description: 'ObjectIdFromConfig: The object ID of the user assigned identity.' properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string required: - identity @@ -40146,24 +26413,15 @@ spec: type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) - endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a - specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more - details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object required: - name @@ -40173,241 +26431,149 @@ spec: type: array type: object privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array publicNetworkAccess: - description: 'PublicNetworkAccess: PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS' enum: - Disabled - Enabled type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of the key vault. Network access of key vault. The possible values are `Public` - and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault - disables public access and enables private link. The default value is `Public`. enum: - Private - Public type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in - the cluster. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority). items: type: string maxItems: 10 minItems: 0 type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean required: - enabled type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' enum: - External - Internal @@ -40419,17 +26585,12 @@ spec: type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string maxItems: 2 type: array type: object mode: - description: 'Mode: Mode of the service mesh.' enum: - Disabled - Istio @@ -40438,23 +26599,14 @@ spec: - mode type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string secret: - description: 'Secret: The secret password associated with the service principal in plain text.' properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -40464,18 +26616,13 @@ spec: - clientId type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' enum: - Automatic - Base type: string tier: - description: |- - Tier: The tier of a managed cluster SKU. If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. enum: - Free - Premium @@ -40483,39 +26630,29 @@ spec: type: string type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' enum: - AKSLongTermSupport - KubernetesOfficial @@ -40523,91 +26660,43 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminPassword: - description: |- - AdminPassword: Specifies the password of the administrator account. - Minimum-length: 8 characters - Max-length: 123 characters - Complexity requirements: 3 out of 4 conditions below need to be fulfilled - Has lower characters - Has upper characters - Has a digit - Has a special character (Regex match [\W_]) - Disallowed values: "abc@123", "P@$$$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$$$word", "pass@word1", "Password!", "Password1", - "Password22", "iloveyou!" properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key - name type: object adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: Whether to enable CSI proxy. For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. enum: - None - Windows_Server @@ -40616,22 +26705,17 @@ spec: - adminUsername type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean required: - enabled type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean required: - enabled @@ -40642,937 +26726,495 @@ spec: - owner type: object status: - description: Managed cluster. properties: aadProfile: - description: 'AadProfile: The Azure Active Directory configuration.' properties: adminGroupObjectIDs: - description: 'AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.' items: type: string type: array clientAppID: - description: 'ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string enableAzureRBAC: - description: 'EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.' type: boolean managed: - description: 'Managed: Whether to enable managed AAD.' type: boolean serverAppID: - description: 'ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.' type: string serverAppSecret: - description: 'ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.' type: string tenantID: - description: |- - TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment - subscription. type: string type: object addonProfiles: additionalProperties: - description: A Kubernetes add-on profile for a managed cluster. properties: config: additionalProperties: type: string - description: 'Config: Key-value pairs for configuring an add-on.' type: object enabled: - description: 'Enabled: Whether the add-on is enabled or not.' type: boolean identity: - description: 'Identity: Information of user assigned identity used by this add-on.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object type: object - description: 'AddonProfiles: The profile of managed cluster add-on.' type: object agentPoolProfiles: - description: 'AgentPoolProfiles: The agent pool properties.' items: - description: Profile for the container service agent pool. properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully - specified version , this field will be exactly equal to it. If orchestratorVersion is , - this field will contain the full version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM - sizes and in certain Azure regions. For more information, see: - https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to - receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to - make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP - per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). - The default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: 'GpuProfile: GPU settings for the Agent Pool.' properties: driver: - description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' type: string type: object hostGroupID: - description: |- - HostGroupID: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only - in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal - numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', - 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: |- - ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image - garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: |- - ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set - higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages - available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For - more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and - 'never'. The default is 'always'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to - /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified - for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional - information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: |- - Name: Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool - names must be 6 characters or less. type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade - all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version - as the control plane. The node pool minor version must be within two minor versions of the control plane version. The - node pool version cannot be greater than the control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it - and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after - creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with - podSubnetId. The default is 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the - node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. - The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not - accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: |- - ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler - behavior. If not specified, it defaults to Delete. type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the - scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal - value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value - greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, - see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number status: - description: 'Status: Contains read-only information about the Agent Pool.' properties: provisioningError: - description: |- - ProvisioningError: The error detail information of the agent pool. Preserves the detailed info of failure. If there was - no error, this field is omitted. properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and - graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is - exceeded, the upgrade fails. If not specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer - (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size - at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For - more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string maxUnavailable: - description: |- - MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This - can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the - percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If - not specified, the default is 0. For more information, including best practices, see: - https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node - and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: |- - Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or - 'Standard_D16s_v5'. type: string type: object type: array type: object type: object vmSize: - description: |- - VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute - resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not - specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, - otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only - be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: array aiToolchainOperatorProfile: - description: 'AiToolchainOperatorProfile: AI toolchain operator settings that apply to the whole cluster.' properties: enabled: - description: 'Enabled: Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not.' type: boolean type: object apiServerAccessProfile: - description: 'ApiServerAccessProfile: The access profile for managed cluster API server.' properties: authorizedIPRanges: - description: |- - AuthorizedIPRanges: The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR - format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters - that are using a Basic Load Balancer. For more information see [API server authorized IP - ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges). items: type: string type: array disableRunCommand: - description: 'DisableRunCommand: Whether to disable run command for the cluster or not.' type: boolean enablePrivateCluster: - description: |- - EnablePrivateCluster: Whether to create the cluster as a private cluster or not. For more details, see [Creating a - private AKS cluster](https://docs.microsoft.com/azure/aks/private-clusters). type: boolean enablePrivateClusterPublicFQDN: - description: 'EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.' type: boolean enableVnetIntegration: - description: |- - EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not. See - aka.ms/AksVnetIntegration for more details. type: boolean privateDNSZone: - description: |- - PrivateDNSZone: The private DNS zone mode for the cluster. The default is System. For more details see [configure - private DNS zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are - 'system' and 'none'. type: string subnetId: - description: |- - SubnetId: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new cluster - with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. type: string type: object autoScalerProfile: - description: 'AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled' properties: balance-similar-node-groups: - description: |- - BalanceSimilarNodeGroups: Detects similar node pools and balances the number of nodes between them. Valid values are - 'true' and 'false' type: string daemonset-eviction-for-empty-nodes: - description: |- - DaemonsetEvictionForEmptyNodes: DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all - daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted - another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods - are deleted or evicted. type: boolean daemonset-eviction-for-occupied-nodes: - description: |- - DaemonsetEvictionForOccupiedNodes: DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, - all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted - another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods - are deleted or evicted. type: boolean expander: - description: |- - Expander: The expander to use when scaling up. If not specified, the default is 'random'. See - [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more - information. type: string ignore-daemonsets-utilization: - description: |- - IgnoreDaemonsetsUtilization: Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If - set to true, the resources used by daemonset will be taken into account when making scaling down decisions. type: boolean max-empty-bulk-delete: - description: |- - MaxEmptyBulkDelete: The maximum number of empty nodes that can be deleted at the same time. This must be a positive - integer. The default is 10. type: string max-graceful-termination-sec: - description: |- - MaxGracefulTerminationSec: The maximum number of seconds the cluster autoscaler waits for pod termination when trying to - scale down a node. The default is 600. type: string max-node-provision-time: - description: |- - MaxNodeProvisionTime: The maximum time the autoscaler waits for a node to be provisioned. The default is '15m'. Values - must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string max-total-unready-percentage: - description: |- - MaxTotalUnreadyPercentage: The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, - cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. type: string new-pod-scale-up-delay: - description: |- - NewPodScaleUpDelay: Ignore unscheduled pods before they're a certain age. For scenarios like burst/batch scale where you - don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled - pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, - 'm' for minutes, 'h' for hours, etc). type: string ok-total-unready-count: - description: |- - OkTotalUnreadyCount: The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an - integer. The default is 3. type: string scale-down-delay-after-add: - description: |- - ScaleDownDelayAfterAdd: How long after scale up that scale down evaluation resumes. The default is '10m'. Values must be - an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-delete: - description: |- - ScaleDownDelayAfterDelete: How long after node deletion that scale down evaluation resumes. The default is the - scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-delay-after-failure: - description: |- - ScaleDownDelayAfterFailure: How long after scale down failure that scale down evaluation resumes. The default is '3m'. - Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unneeded-time: - description: |- - ScaleDownUnneededTime: How long a node should be unneeded before it is eligible for scale down. The default is '10m'. - Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-unready-time: - description: |- - ScaleDownUnreadyTime: How long an unready node should be unneeded before it is eligible for scale down. The default is - '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported. type: string scale-down-utilization-threshold: - description: |- - ScaleDownUtilizationThreshold: Node utilization level, defined as sum of requested resources divided by capacity, below - which a node can be considered for scale down. The default is '0.5'. type: string scan-interval: - description: |- - ScanInterval: How often cluster is reevaluated for scale up or down. The default is '10'. Values must be an integer - number of seconds. type: string skip-nodes-with-local-storage: - description: |- - SkipNodesWithLocalStorage: If cluster autoscaler will skip deleting nodes with pods with local storage, for example, - EmptyDir or HostPath. The default is true. type: string skip-nodes-with-system-pods: - description: |- - SkipNodesWithSystemPods: If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet - or mirror pods). The default is true. type: string type: object autoUpgradeProfile: - description: 'AutoUpgradeProfile: The auto upgrade configuration.' properties: nodeOSUpgradeChannel: - description: 'NodeOSUpgradeChannel: Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.' type: string upgradeChannel: - description: |- - UpgradeChannel: The upgrade channel for auto upgrade. The default is 'none'. For more information see [setting the AKS - cluster auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel). type: string type: object azureMonitorProfile: - description: 'AzureMonitorProfile: Azure Monitor addon profiles for monitoring the managed cluster.' properties: metrics: - description: |- - Metrics: Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: enabled: - description: |- - Enabled: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See - aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. type: boolean kubeStateMetrics: - description: |- - KubeStateMetrics: Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: metricAnnotationsAllowList: - description: |- - MetricAnnotationsAllowList: Comma-separated list of Kubernetes annotation keys that will be used in the resource's - labels metric (Example: 'namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...'). By default the metric - contains only resource name and namespace labels. type: string metricLabelsAllowlist: - description: |- - MetricLabelsAllowlist: Comma-separated list of additional Kubernetes label keys that will be used in the resource's - labels metric (Example: 'namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...'). By default the metric contains only - resource name and namespace labels. type: string type: object type: object type: object azurePortalFQDN: - description: |- - AzurePortalFQDN: The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by - the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource - Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn't handle by default. This special - FQDN supports CORS, allowing the Azure Portal to function properly. type: string bootstrapProfile: - description: 'BootstrapProfile: Profile of the cluster bootstrap configuration.' properties: artifactSource: - description: 'ArtifactSource: The artifact source. The source where the artifacts are downloaded from.' type: string containerRegistryId: - description: |- - ContainerRegistryId: The resource Id of Azure Container Registry. The registry must have private network access, premium - SKU and zone redundancy. type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -41582,1028 +27224,612 @@ spec: type: object type: array currentKubernetesVersion: - description: |- - CurrentKubernetesVersion: The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully - specified version , this field will be exactly equal to it. If kubernetesVersion was , - this field will contain the full version being used. type: string disableLocalAccounts: - description: |- - DisableLocalAccounts: If local accounts should be disabled on the Managed Cluster. If set to true, getting static - credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more - details see [disable local accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview). type: boolean diskEncryptionSetID: - description: |- - DiskEncryptionSetID: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the - form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' type: string dnsPrefix: - description: 'DnsPrefix: The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created.' type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableRBAC: - description: 'EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the Virtual Machine.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object fqdn: - description: 'Fqdn: The FQDN of the master pool.' type: string fqdnSubdomain: - description: |- - FqdnSubdomain: The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the - Managed Cluster has been created. type: string httpProxyConfig: - description: 'HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.' properties: httpProxy: - description: 'HttpProxy: The HTTP proxy server endpoint to use.' type: string httpsProxy: - description: 'HttpsProxy: The HTTPS proxy server endpoint to use.' type: string noProxy: - description: 'NoProxy: The endpoints that should not go through proxy.' items: type: string type: array trustedCa: - description: 'TrustedCa: Alternative CA cert to use for connecting to proxy servers.' type: string type: object id: - description: |- - Id: Fully qualified resource ID for the resource. E.g. - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" type: string identity: - description: 'Identity: The identity of the managed cluster, if configured.' properties: delegatedResources: additionalProperties: - description: Delegated resource properties - internal use only. properties: location: - description: 'Location: The source resource location - internal use only.' type: string referralResource: - description: 'ReferralResource: The delegation id of the referral delegation (optional) - internal use only.' type: string resourceId: - description: 'ResourceId: The ARM resource id of the delegated resource - internal use only.' type: string tenantId: - description: 'TenantId: The tenant id of the delegated resource - internal use only.' type: string type: object - description: |- - DelegatedResources: The delegated identity resources assigned to this managed cluster. This can only be set by another - Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. type: object principalId: - description: 'PrincipalId: The principal id of the system assigned identity which is used by master components.' type: string tenantId: - description: 'TenantId: The tenant id of the system assigned identity which is used by master components.' type: string type: - description: |- - Type: The type of identity used for the managed cluster. For more information see [use managed identities in - AKS](https://docs.microsoft.com/azure/aks/use-managed-identity). type: string userAssignedIdentities: additionalProperties: properties: clientId: - description: 'ClientId: The client id of user assigned identity.' type: string principalId: - description: 'PrincipalId: The principal id of user assigned identity.' type: string type: object - description: |- - UserAssignedIdentities: The user identity associated with the managed cluster. This identity will be used in control - plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. type: object type: object identityProfile: additionalProperties: - description: Details about a user assigned identity. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object - description: |- - IdentityProfile: The user identity associated with the managed cluster. This identity will be used by the kubelet. Only - one user assigned identity is allowed. The only accepted key is "kubeletidentity", with value of "resourceId": - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}". type: object ingressProfile: - description: 'IngressProfile: Ingress profile for the managed cluster.' properties: webAppRouting: - description: |- - WebAppRouting: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this - feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. properties: dnsZoneResourceIds: - description: |- - DnsZoneResourceIds: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when - Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public - DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. items: type: string type: array enabled: - description: 'Enabled: Whether to enable the Application Routing add-on.' type: boolean identity: - description: |- - Identity: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, - for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See [this overview - of the add-on](https://learn.microsoft.com/en-us/azure/aks/web-app-routing?tabs=with-osm) for more instructions. properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object nginx: - description: |- - Nginx: Configuration for the default NginxIngressController. See more at - https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. properties: defaultIngressControllerType: - description: 'DefaultIngressControllerType: Ingress type for the default NginxIngressController custom resource' type: string type: object type: object type: object kind: - description: 'Kind: This is primarily used to expose different UI experiences in the portal for different kinds' type: string kubernetesVersion: - description: |- - KubernetesVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS - cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version - number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not - allowed. See [upgrading an AKS cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details. type: string linuxProfile: - description: 'LinuxProfile: The profile for Linux VMs in the Managed Cluster.' properties: adminUsername: - description: 'AdminUsername: The administrator username to use for Linux VMs.' type: string ssh: - description: 'Ssh: The SSH configuration for Linux-based VMs running on Azure.' properties: publicKeys: - description: 'PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.' items: - description: Contains information about SSH certificate public key data. properties: keyData: - description: |- - KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or - without headers. type: string type: object type: array type: object type: object location: - description: 'Location: The geo-location where the resource lives' type: string maxAgentPools: - description: 'MaxAgentPools: The max number of agent pools for the managed cluster.' type: integer metricsProfile: - description: 'MetricsProfile: Optional cluster metrics configuration.' properties: costAnalysis: - description: 'CostAnalysis: The configuration for detailed per-Kubernetes resource cost analysis.' properties: enabled: - description: |- - Enabled: Whether to enable cost analysis. The Managed Cluster sku.tier must be set to 'Standard' or 'Premium' to enable - this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure - portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. type: boolean type: object type: object name: - description: 'Name: The name of the resource' type: string networkProfile: - description: 'NetworkProfile: The network configuration profile.' properties: advancedNetworking: - description: |- - AdvancedNetworking: Advanced Networking profile for enabling observability and security feature suite on a cluster. For - more information see aka.ms/aksadvancednetworking. properties: enabled: - description: |- - Enabled: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. - When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If - not specified, the default is false. type: boolean observability: - description: 'Observability: Observability profile to enable advanced network metrics and flow logs with historical contexts.' properties: enabled: - description: 'Enabled: Indicates the enablement of Advanced Networking observability functionalities on clusters.' type: boolean type: object security: - description: 'Security: Security profile to enable security features on cilium based cluster.' properties: advancedNetworkPolicies: - description: |- - AdvancedNetworkPolicies: Enable advanced network policies. This allows users to configure Layer 7 network policies - (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see - https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not - specified, the default value is FQDN if security.enabled is set to true. type: string enabled: - description: |- - Enabled: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on - cilium based clusters. If not specified, the default is false. type: boolean type: object type: object dnsServiceIP: - description: |- - DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address - range specified in serviceCidr. type: string ipFamilies: - description: |- - IpFamilies: The IP families used to specify IP versions available to the cluster. IP families are used to determine - single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values - are IPv4 and IPv6. items: type: string type: array loadBalancerProfile: - description: 'LoadBalancerProfile: Profile of the cluster load balancer.' properties: allocatedOutboundPorts: - description: |- - AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 - (inclusive). The default value is 0 which results in Azure dynamically allocating ports. type: integer backendPoolType: - description: 'BackendPoolType: The type of the managed inbound Load Balancer BackendPool.' type: string effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array enableMultipleStandardLoadBalancers: - description: 'EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.' type: boolean idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 30 minutes. type: integer managedOutboundIPs: - description: 'ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.' properties: count: - description: |- - Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values - must be in the range of 1 to 100 (inclusive). The default value is 1. type: integer countIPv6: - description: |- - CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed - values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. type: integer type: object outboundIPPrefixes: - description: 'OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.' properties: publicIPPrefixes: - description: 'PublicIPPrefixes: A list of public IP prefix resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object outboundIPs: - description: 'OutboundIPs: Desired outbound IP resources for the cluster load balancer.' properties: publicIPs: - description: 'PublicIPs: A list of public IP resources.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array type: object type: object loadBalancerSku: - description: |- - LoadBalancerSku: The load balancer sku for the managed cluster. The default is 'standard'. See [Azure Load Balancer - SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load - balancer SKUs. type: string natGatewayProfile: - description: 'NatGatewayProfile: Profile of the cluster NAT gateway.' properties: effectiveOutboundIPs: - description: 'EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.' items: - description: A reference to an Azure resource. properties: id: - description: 'Id: The fully qualified Azure resource id.' type: string type: object type: array idleTimeoutInMinutes: - description: |- - IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 - (inclusive). The default value is 4 minutes. type: integer managedOutboundIPProfile: - description: 'ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.' properties: count: - description: |- - Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 - (inclusive). The default value is 1. type: integer type: object type: object networkDataplane: - description: 'NetworkDataplane: Network dataplane used in the Kubernetes cluster.' type: string networkMode: - description: |- - NetworkMode: The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other - than 'azure'. type: string networkPlugin: - description: 'NetworkPlugin: Network plugin used for building the Kubernetes network.' type: string networkPluginMode: - description: 'NetworkPluginMode: The mode the network plugin should use.' type: string networkPolicy: - description: 'NetworkPolicy: Network policy used for building the Kubernetes network.' type: string outboundType: - description: |- - OutboundType: The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed - later. For more information see [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype). type: string podCidr: - description: 'PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.' type: string podCidrs: - description: |- - PodCidrs: The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack - networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. items: type: string type: array serviceCidr: - description: |- - ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP - ranges. type: string serviceCidrs: - description: |- - ServiceCidrs: The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for - single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must - not overlap with any Subnet IP ranges. items: type: string type: array staticEgressGatewayProfile: - description: |- - StaticEgressGatewayProfile: The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, - see https://aka.ms/aks/static-egress-gateway. properties: enabled: - description: 'Enabled: Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not.' type: boolean type: object type: object nodeProvisioningProfile: - description: 'NodeProvisioningProfile: Node provisioning settings that apply to the whole cluster.' properties: defaultNodePools: - description: |- - DefaultNodePools: The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no - effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default - Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly - recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, - the default is Auto. For more information see aka.ms/aks/nap#node-pools. type: string mode: - description: 'Mode: The node provisioning mode. If not specified, the default is Manual.' type: string type: object nodeResourceGroup: - description: 'NodeResourceGroup: The name of the resource group containing agent pool nodes.' type: string nodeResourceGroupProfile: - description: 'NodeResourceGroupProfile: Profile of the node resource group configuration.' properties: restrictionLevel: - description: |- - RestrictionLevel: The restriction level applied to the cluster's node resource group. If not specified, the default is - 'Unrestricted' type: string type: object oidcIssuerProfile: - description: 'OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.' properties: enabled: - description: 'Enabled: Whether the OIDC issuer is enabled.' type: boolean issuerURL: - description: 'IssuerURL: The OIDC issuer url of the Managed Cluster.' type: string type: object podIdentityProfile: - description: |- - PodIdentityProfile: The pod identity profile of the Managed Cluster. See [use AAD pod - identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on AAD pod identity - integration. properties: allowNetworkPluginKubenet: - description: |- - AllowNetworkPluginKubenet: Whether pod identity is allowed to run on clusters with Kubenet networking. Running in - Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See - [using Kubenet network plugin with AAD Pod - Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities) - for more information. type: boolean enabled: - description: 'Enabled: Whether the pod identity addon is enabled.' type: boolean userAssignedIdentities: - description: 'UserAssignedIdentities: The pod identities to use in the cluster.' items: - description: Details about the pod identity assigned to the Managed Cluster. properties: bindingSelector: - description: 'BindingSelector: The binding selector to use for the AzureIdentityBinding resource.' type: string identity: - description: 'Identity: The user assigned identity details.' properties: clientId: - description: 'ClientId: The client ID of the user assigned identity.' type: string objectId: - description: 'ObjectId: The object ID of the user assigned identity.' type: string resourceId: - description: 'ResourceId: The resource ID of the user assigned identity.' type: string type: object name: - description: 'Name: The name of the pod identity.' type: string namespace: - description: 'Namespace: The namespace of the pod identity.' type: string provisioningInfo: properties: error: - description: 'Error: Pod identity assignment error (if any).' properties: error: - description: 'Error: Details about the error.' properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string details: - description: 'Details: A list of additional details about the error.' items: properties: code: - description: 'Code: An identifier for the error. Codes are invariant and are intended to be consumed programmatically.' type: string message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: array message: - description: 'Message: A message describing the error, intended to be suitable for display in a user interface.' type: string target: - description: 'Target: The target of the particular error. For example, the name of the property in error.' type: string type: object type: object type: object provisioningState: - description: 'ProvisioningState: The current provisioning state of the pod identity.' type: string type: object type: array userAssignedIdentityExceptions: - description: 'UserAssignedIdentityExceptions: The pod identity exceptions to allow.' items: - description: |- - A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) - endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a - specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more - details. properties: name: - description: 'Name: The name of the pod identity exception.' type: string namespace: - description: 'Namespace: The namespace of the pod identity exception.' type: string podLabels: additionalProperties: type: string - description: 'PodLabels: The pod labels to match.' type: object type: object type: array type: object powerState: - description: 'PowerState: The Power State of the cluster.' properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object privateFQDN: - description: 'PrivateFQDN: The FQDN of private cluster.' type: string privateLinkResources: - description: 'PrivateLinkResources: Private link resources associated with the cluster.' items: - description: A private link resource properties: groupId: - description: 'GroupId: The group ID of the resource.' type: string id: - description: 'Id: The ID of the private link resource.' type: string name: - description: 'Name: The name of the private link resource.' type: string privateLinkServiceID: - description: 'PrivateLinkServiceID: The private link service ID of the resource, this field is exposed only to NRP internally.' type: string requiredMembers: - description: 'RequiredMembers: The RequiredMembers of the resource' items: type: string type: array type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The current provisioning state.' type: string publicNetworkAccess: - description: 'PublicNetworkAccess: PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS' type: string resourceUID: - description: |- - ResourceUID: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create - sequence) type: string securityProfile: - description: 'SecurityProfile: Security profile for the managed cluster.' properties: azureKeyVaultKms: - description: |- - AzureKeyVaultKms: Azure Key Vault [key management - service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile. properties: enabled: - description: 'Enabled: Whether to enable Azure Key Vault key management service. The default is false.' type: boolean keyId: - description: |- - KeyId: Identifier of Azure Key Vault key. See [key identifier - format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) - for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key - identifier. When Azure Key Vault key management service is disabled, leave the field empty. type: string keyVaultNetworkAccess: - description: |- - KeyVaultNetworkAccess: Network access of the key vault. Network access of key vault. The possible values are `Public` - and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault - disables public access and enables private link. The default value is `Public`. type: string keyVaultResourceId: - description: |- - KeyVaultResourceId: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must - be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. type: string type: object customCATrustCertificates: - description: |- - CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in - the cluster. For more information see [Custom CA Trust - Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority). items: type: string type: array defender: - description: 'Defender: Microsoft Defender settings for the security profile.' properties: logAnalyticsWorkspaceResourceId: - description: |- - LogAnalyticsWorkspaceResourceId: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. - When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft - Defender is disabled, leave the field empty. type: string securityMonitoring: - description: 'SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Defender threat detection' type: boolean type: object type: object imageCleaner: - description: 'ImageCleaner: Image Cleaner settings for the security profile.' properties: enabled: - description: 'Enabled: Whether to enable Image Cleaner on AKS cluster.' type: boolean intervalHours: - description: 'IntervalHours: Image Cleaner scanning interval in hours.' type: integer type: object workloadIdentity: - description: |- - WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications - to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. properties: enabled: - description: 'Enabled: Whether to enable workload identity.' type: boolean type: object type: object serviceMeshProfile: - description: 'ServiceMeshProfile: Service mesh profile for a managed cluster.' properties: istio: - description: 'Istio: Istio service mesh configuration.' properties: certificateAuthority: - description: |- - CertificateAuthority: Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin - certificates as described here https://aka.ms/asm-plugin-ca properties: plugin: - description: 'Plugin: Plugin certificates information for Service Mesh.' properties: certChainObjectName: - description: 'CertChainObjectName: Certificate chain object name in Azure Key Vault.' type: string certObjectName: - description: 'CertObjectName: Intermediate certificate object name in Azure Key Vault.' type: string keyObjectName: - description: 'KeyObjectName: Intermediate certificate private key object name in Azure Key Vault.' type: string keyVaultId: - description: 'KeyVaultId: The resource ID of the Key Vault.' type: string rootCertObjectName: - description: 'RootCertObjectName: Root certificate object name in Azure Key Vault.' type: string type: object type: object components: - description: 'Components: Istio components configuration.' properties: egressGateways: - description: 'EgressGateways: Istio egress gateways.' items: - description: Istio egress gateway configuration. properties: enabled: - description: 'Enabled: Whether to enable the egress gateway.' type: boolean type: object type: array ingressGateways: - description: 'IngressGateways: Istio ingress gateways.' items: - description: |- - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: enabled: - description: 'Enabled: Whether to enable the ingress gateway.' type: boolean mode: - description: 'Mode: Mode of an ingress gateway.' type: string type: object type: array type: object revisions: - description: |- - Revisions: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. - When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: - https://learn.microsoft.com/en-us/azure/aks/istio-upgrade items: type: string type: array type: object mode: - description: 'Mode: Mode of the service mesh.' type: string type: object servicePrincipalProfile: - description: |- - ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure - APIs. properties: clientId: - description: 'ClientId: The ID for the service principal.' type: string type: object sku: - description: 'Sku: The managed cluster SKU.' properties: name: - description: 'Name: The name of a managed cluster SKU.' type: string tier: - description: |- - Tier: The tier of a managed cluster SKU. If not specified, the default is 'Free'. See [AKS Pricing - Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details. type: string type: object status: - description: 'Status: Contains read-only information about the Managed Cluster.' properties: provisioningError: - description: |- - ProvisioningError: The error details information of the managed cluster. Preserves the detailed info of failure. If - there was no error, this field is omitted. properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: object storageProfile: - description: 'StorageProfile: Storage profile for the managed cluster.' properties: blobCSIDriver: - description: 'BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.' type: boolean type: object diskCSIDriver: - description: 'DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.' type: boolean type: object fileCSIDriver: - description: 'FileCSIDriver: AzureFile CSI Driver settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable AzureFile CSI Driver. The default value is true.' type: boolean type: object snapshotController: - description: 'SnapshotController: Snapshot Controller settings for the storage profile.' properties: enabled: - description: 'Enabled: Whether to enable Snapshot Controller. The default value is true.' type: boolean type: object type: object supportPlan: - description: 'SupportPlan: The support plan for the Managed Cluster. If unspecified, the default is ''KubernetesOfficial''.' type: string systemData: - description: 'SystemData: Azure Resource Manager metadata containing createdBy and modifiedBy information.' properties: createdAt: - description: 'CreatedAt: The timestamp of resource creation (UTC).' type: string createdBy: - description: 'CreatedBy: The identity that created the resource.' type: string createdByType: - description: 'CreatedByType: The type of identity that created the resource.' type: string lastModifiedAt: - description: 'LastModifiedAt: The timestamp of resource last modification (UTC)' type: string lastModifiedBy: - description: 'LastModifiedBy: The identity that last modified the resource.' type: string lastModifiedByType: - description: 'LastModifiedByType: The type of identity that last modified the resource.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading a cluster.' properties: overrideSettings: - description: 'OverrideSettings: Settings for overrides.' properties: forceUpgrade: - description: |- - ForceUpgrade: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade - protections such as checking for deprecated API usage. Enable this option only with caution. type: boolean until: - description: |- - Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the - effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set - by default. It must be set for the overrides to take effect. type: string type: object type: object windowsProfile: - description: 'WindowsProfile: The profile for Windows VMs in the Managed Cluster.' properties: adminUsername: - description: |- - AdminUsername: Specifies the name of the administrator account. - Restriction: Cannot end in "." - Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123", - "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server", - "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5". - Minimum-length: 1 character - Max-length: 20 characters type: string enableCSIProxy: - description: |- - EnableCSIProxy: Whether to enable CSI proxy. For more details on CSI proxy, see the [CSI proxy GitHub - repo](https://github.com/kubernetes-csi/csi-proxy). type: boolean gmsaProfile: - description: 'GmsaProfile: The Windows gMSA Profile in the Managed Cluster.' properties: dnsServer: - description: |- - DnsServer: Specifies the DNS server for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string enabled: - description: 'Enabled: Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster.' type: boolean rootDomainName: - description: |- - RootDomainName: Specifies the root domain name for Windows gMSA. - Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. type: string type: object licenseType: - description: |- - LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User - Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details. type: string type: object workloadAutoScalerProfile: - description: 'WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.' properties: keda: - description: 'Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable KEDA.' type: boolean type: object verticalPodAutoscaler: - description: 'VerticalPodAutoscaler: VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.' properties: enabled: - description: 'Enabled: Whether to enable VPA. Default value is false.' type: boolean type: object type: object @@ -42629,51 +27855,24 @@ spec: name: v1api20250801storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20250801.ManagedCluster - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20250801.ManagedCluster_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAADProfile - AADProfile specifies attributes for Azure Active Directory integration. For more details see [managed AAD on - AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -42694,16 +27893,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20250801.ManagedClusterAddonProfile - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -42715,73 +27908,45 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20250801.ManagedClusterAgentPoolProfile - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20250801.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -42796,16 +27961,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20250801.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -42813,56 +27972,31 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: |- - Storage version of v1api20250801.GPUProfile - GPU settings for the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object driver: type: string type: object hostGroupReference: - description: |- - HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used - only in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20250801.KubeletConfig - Kubelet configurations of agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -42892,31 +28026,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20250801.LinuxOSConfig - OS configurations of Linux agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20250801.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -42993,29 +28114,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20250801.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20250801.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -43027,38 +28136,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20250801.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -43072,25 +28167,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -43110,61 +28195,36 @@ spec: podIPAllocationMode: type: string podSubnetReference: - description: |- - PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned - on the node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20250801.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -43174,16 +28234,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20250801.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -43201,16 +28255,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20250801.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -43225,16 +28273,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20250801.VirtualMachineNodes - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -43243,41 +28285,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20250801.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20250801.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object manual: items: - description: |- - Storage version of v1api20250801.ManualScaleProfile - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -43290,40 +28314,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is - not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and - pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20250801.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -43333,33 +28339,19 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAIToolchainOperatorProfile - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAPIServerAccessProfile - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -43376,37 +28368,23 @@ spec: privateDNSZone: type: string subnetReference: - description: |- - SubnetReference: The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new - cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object autoScalerProfile: - description: Storage version of v1api20250801.ManagedClusterProperties_AutoScalerProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -43450,16 +28428,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAutoUpgradeProfile - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -43467,46 +28439,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfile - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfileMetrics - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfileKubeStateMetrics - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -43516,70 +28466,40 @@ spec: type: object type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bootstrapProfile: - description: |- - Storage version of v1api20250801.ManagedClusterBootstrapProfile - The bootstrap profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactSource: type: string containerRegistryReference: - description: |- - ContainerRegistryReference: The resource Id of Azure Container Registry. The registry must have private network access, - premium SKU and zone redundancy. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object disableLocalAccounts: type: boolean diskEncryptionSetReference: - description: |- - DiskEncryptionSetReference: The Resource ID of the disk encryption set to use for enabling encryption at rest. This is - of the form: - '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object dnsPrefix: @@ -43587,16 +28507,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20250801.ExtendedLocation - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -43606,16 +28520,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20250801.ManagedClusterHTTPProxyConfig - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -43629,52 +28537,32 @@ spec: type: string type: object identity: - description: |- - Storage version of v1api20250801.ManagedClusterIdentity - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20250801.DelegatedResource - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string referralResource: type: string resourceReference: - description: 'ResourceReference: The ARM resource id of the delegated resource - internal use only.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object tenantId: @@ -43685,35 +28573,21 @@ spec: type: string userAssignedIdentities: items: - description: |- - Storage version of v1api20250801.UserAssignedIdentityDetails - Information about the user assigned identity for the resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -43721,31 +28595,18 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20250801.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -43754,101 +28615,62 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: object ingressProfile: - description: |- - Storage version of v1api20250801.ManagedClusterIngressProfile - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20250801.ManagedClusterIngressProfileWebAppRouting - Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array enabled: type: boolean nginx: - description: Storage version of v1api20250801.ManagedClusterIngressProfileNginx properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object defaultIngressControllerType: type: string @@ -43860,43 +28682,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20250801.ContainerServiceLinuxProfile - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20250801.ContainerServiceSshConfiguration - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20250801.ContainerServiceSshPublicKey - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -43907,86 +28711,49 @@ spec: location: type: string metricsProfile: - description: |- - Storage version of v1api20250801.ManagedClusterMetricsProfile - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20250801.ManagedClusterCostAnalysis - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object networkProfile: - description: |- - Storage version of v1api20250801.ContainerServiceNetworkProfile - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20250801.AdvancedNetworking - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean observability: - description: |- - Storage version of v1api20250801.AdvancedNetworkingObservability - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object security: - description: |- - Storage version of v1api20250801.AdvancedNetworkingSecurity - Security profile to enable security features on cilium based cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworkPolicies: type: string @@ -44001,16 +28768,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterLoadBalancerProfile - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -44021,14 +28782,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -44036,92 +28793,56 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20250801.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array type: object outboundIPs: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPs properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20250801.ResourceReference - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: The fully qualified Azure resource id.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -44131,30 +28852,18 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20250801.ManagedClusterNATGatewayProfile - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20250801.ManagedClusterManagedOutboundIPProfile - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -44185,30 +28894,20 @@ spec: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20250801.ManagedClusterStaticEgressGatewayProfile - The Static Egress Gateway addon configuration for the cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20250801.ManagedClusterNodeProvisioningProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object defaultNodePools: type: string @@ -44218,70 +28917,37 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20250801.ManagedClusterNodeResourceGroupProfile - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterOIDCIssuerProfile - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object operatorSpec: - description: |- - Storage version of v1api20250801.ManagedClusterOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -44289,28 +28955,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20250801.ManagedClusterOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object oidcIssuerProfile: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -44319,27 +28973,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -44347,46 +28986,26 @@ spec: type: object type: array secrets: - description: Storage version of v1api20250801.ManagedClusterOperatorSecrets properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key - name type: object userCredentials: - description: |- - SecretDestination describes the location to store a single secret value. - Note: This is similar to: ConfigMapDestination in configmaps.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the Kubernetes secret being referenced. type: string name: - description: |- - Name is the name of the Kubernetes secret to write to. - The secret will be created in the same namespace as the resource. type: string required: - key @@ -44397,30 +29016,18 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityProfile - The pod identity profile of the Managed Cluster. See [use AAD pod - identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -44428,45 +29035,26 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentity - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20250801.UserAssignedIdentity - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string clientIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key @@ -44475,40 +29063,25 @@ spec: objectId: type: string objectIdFromConfig: - description: |- - ConfigMapReference is a reference to a Kubernetes configmap and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes configmap being referenced type: string name: - description: |- - Name is the name of the Kubernetes configmap being referenced. - The configmap must be in the same namespace as the resource type: string required: - key - name type: object resourceReference: - description: 'ResourceReference: The resource ID of the user assigned identity.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -44520,19 +29093,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityException - A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) - endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a - specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -44547,39 +29111,25 @@ spec: type: object privateLinkResources: items: - description: |- - Storage version of v1api20250801.PrivateLinkResource - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string name: type: string reference: - description: 'Reference: The ID of the private link resource.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requiredMembers: @@ -44593,28 +29143,16 @@ spec: publicNetworkAccess: type: string securityProfile: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfile - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20250801.AzureKeyVaultKms - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -44623,25 +29161,15 @@ spec: keyVaultNetworkAccess: type: string keyVaultResourceReference: - description: |- - KeyVaultResourceReference: Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and - must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -44650,68 +29178,38 @@ spec: type: string type: array defender: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileDefender - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceReference: - description: |- - LogAnalyticsWorkspaceResourceReference: Resource ID of the Log Analytics workspace to be associated with Microsoft - Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When - Microsoft Defender is disabled, leave the field empty. properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object securityMonitoring: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileDefenderSecurityMonitoring - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileImageCleaner - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -44719,69 +29217,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileWorkloadIdentity - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20250801.ServiceMeshProfile - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20250801.IstioServiceMesh - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20250801.IstioCertificateAuthority - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20250801.IstioPluginCertificateAuthority - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -44790,23 +29257,15 @@ spec: keyObjectName: type: string keyVaultReference: - description: 'KeyVaultReference: The resource ID of the Key Vault.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object rootCertObjectName: @@ -44814,29 +29273,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20250801.IstioComponents - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20250801.IstioEgressGateway - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -44844,17 +29291,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20250801.IstioIngressGateway - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -44872,31 +29312,18 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20250801.ManagedClusterServicePrincipalProfile - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string secret: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -44904,16 +29331,10 @@ spec: type: object type: object sku: - description: |- - Storage version of v1api20250801.ManagedClusterSKU - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -44921,73 +29342,43 @@ spec: type: string type: object storageProfile: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfile - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileBlobCSIDriver - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileDiskCSIDriver - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileFileCSIDriver - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileSnapshotController - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -45000,28 +29391,16 @@ spec: type: string type: object upgradeSettings: - description: |- - Storage version of v1api20250801.ClusterUpgradeSettings - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20250801.UpgradeOverrideSettings - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -45030,29 +29409,16 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20250801.ManagedClusterWindowsProfile - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminPassword: - description: |- - SecretReference is a reference to a Kubernetes secret and key in the same namespace as - the resource it is on. properties: key: - description: Key is the key in the Kubernetes secret being referenced type: string name: - description: |- - Name is the name of the Kubernetes secret being referenced. - The secret must be in the same namespace as the resource type: string required: - key @@ -45063,16 +29429,10 @@ spec: enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20250801.WindowsGmsaProfile - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -45085,43 +29445,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfile - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileKeda - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -45131,29 +29473,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20250801.ManagedCluster_STATUS - Managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object aadProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAADProfile_STATUS - AADProfile specifies attributes for Azure Active Directory integration. For more details see [managed AAD on - AKS](https://docs.microsoft.com/azure/aks/managed-aad). properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminGroupObjectIDs: items: @@ -45174,16 +29503,10 @@ spec: type: object addonProfiles: additionalProperties: - description: |- - Storage version of v1api20250801.ManagedClusterAddonProfile_STATUS - A Kubernetes add-on profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object config: additionalProperties: @@ -45192,16 +29515,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20250801.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -45214,16 +29531,10 @@ spec: type: object agentPoolProfiles: items: - description: |- - Storage version of v1api20250801.ManagedClusterAgentPoolProfile_STATUS - Profile for the container service agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -45234,16 +29545,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20250801.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -45263,16 +29568,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20250801.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -45280,16 +29579,10 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: |- - Storage version of v1api20250801.GPUProfile_STATUS - GPU settings for the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object driver: type: string @@ -45297,17 +29590,10 @@ spec: hostGroupID: type: string kubeletConfig: - description: |- - Storage version of v1api20250801.KubeletConfig_STATUS - Kubelet configurations of agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -45337,31 +29623,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20250801.LinuxOSConfig_STATUS - OS configurations of Linux agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20250801.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -45438,29 +29711,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20250801.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20250801.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -45476,16 +29737,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20250801.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -45521,16 +29776,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20250801.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -45546,16 +29795,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20250801.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -45567,41 +29810,23 @@ spec: spotMaxPrice: type: number status: - description: |- - Storage version of v1api20250801.AgentPoolStatus_STATUS - Contains read-only information about the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object provisioningError: - description: |- - Storage version of v1api20250801.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -45615,27 +29840,17 @@ spec: type: string details: items: - description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -45666,16 +29881,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20250801.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -45690,16 +29899,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20250801.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -45708,41 +29911,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20250801.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20250801.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object manual: items: - description: |- - Storage version of v1api20250801.ManualScaleProfile_STATUS - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -45757,16 +29942,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20250801.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -45776,33 +29955,19 @@ spec: type: object type: array aiToolchainOperatorProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAIToolchainOperatorProfile_STATUS - When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator - automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and - enables distributed inference against them. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object apiServerAccessProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAPIServerAccessProfile_STATUS - Access profile for managed cluster API server. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object authorizedIPRanges: items: @@ -45822,14 +29987,10 @@ spec: type: string type: object autoScalerProfile: - description: Storage version of v1api20250801.ManagedClusterProperties_AutoScalerProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object balance-similar-node-groups: type: string @@ -45873,16 +30034,10 @@ spec: type: string type: object autoUpgradeProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAutoUpgradeProfile_STATUS - Auto upgrade profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object nodeOSUpgradeChannel: type: string @@ -45890,46 +30045,24 @@ spec: type: string type: object azureMonitorProfile: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfile_STATUS - Azure Monitor addon profiles for monitoring the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metrics: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfileMetrics_STATUS - Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes - infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See - aka.ms/AzureManagedPrometheus for an overview. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean kubeStateMetrics: - description: |- - Storage version of v1api20250801.ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS - Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the - kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object metricAnnotationsAllowList: type: string @@ -45941,16 +30074,10 @@ spec: azurePortalFQDN: type: string bootstrapProfile: - description: |- - Storage version of v1api20250801.ManagedClusterBootstrapProfile_STATUS - The bootstrap profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactSource: type: string @@ -45959,39 +30086,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -46013,16 +30123,10 @@ spec: enableRBAC: type: boolean extendedLocation: - description: |- - Storage version of v1api20250801.ExtendedLocation_STATUS - The complex type of the extended location. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -46034,16 +30138,10 @@ spec: fqdnSubdomain: type: string httpProxyConfig: - description: |- - Storage version of v1api20250801.ManagedClusterHTTPProxyConfig_STATUS - Cluster HTTP proxy configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object httpProxy: type: string @@ -46059,29 +30157,17 @@ spec: id: type: string identity: - description: |- - Storage version of v1api20250801.ManagedClusterIdentity_STATUS - Identity for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object delegatedResources: additionalProperties: - description: |- - Storage version of v1api20250801.DelegatedResource_STATUS - Delegated resource properties - internal use only. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object location: type: string @@ -46101,14 +30187,10 @@ spec: type: string userAssignedIdentities: additionalProperties: - description: Storage version of v1api20250801.ManagedClusterIdentity_UserAssignedIdentities_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -46119,16 +30201,10 @@ spec: type: object identityProfile: additionalProperties: - description: |- - Storage version of v1api20250801.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -46139,28 +30215,16 @@ spec: type: object type: object ingressProfile: - description: |- - Storage version of v1api20250801.ManagedClusterIngressProfile_STATUS - Ingress profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object webAppRouting: - description: |- - Storage version of v1api20250801.ManagedClusterIngressProfileWebAppRouting_STATUS - Application Routing add-on settings for the ingress profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsZoneResourceIds: items: @@ -46169,16 +30233,10 @@ spec: enabled: type: boolean identity: - description: |- - Storage version of v1api20250801.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -46188,14 +30246,10 @@ spec: type: string type: object nginx: - description: Storage version of v1api20250801.ManagedClusterIngressProfileNginx_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object defaultIngressControllerType: type: string @@ -46207,43 +30261,25 @@ spec: kubernetesVersion: type: string linuxProfile: - description: |- - Storage version of v1api20250801.ContainerServiceLinuxProfile_STATUS - Profile for Linux VMs in the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string ssh: - description: |- - Storage version of v1api20250801.ContainerServiceSshConfiguration_STATUS - SSH configuration for Linux-based VMs running on Azure. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicKeys: items: - description: |- - Storage version of v1api20250801.ContainerServiceSshPublicKey_STATUS - Contains information about SSH certificate public key data. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keyData: type: string @@ -46256,28 +30292,16 @@ spec: maxAgentPools: type: integer metricsProfile: - description: |- - Storage version of v1api20250801.ManagedClusterMetricsProfile_STATUS - The metrics profile for the ManagedCluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object costAnalysis: - description: |- - Storage version of v1api20250801.ManagedClusterCostAnalysis_STATUS - The cost analysis configuration for the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -46286,58 +30310,33 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20250801.ContainerServiceNetworkProfile_STATUS - Profile of network configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworking: - description: |- - Storage version of v1api20250801.AdvancedNetworking_STATUS - Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see - aka.ms/aksadvancednetworking. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean observability: - description: |- - Storage version of v1api20250801.AdvancedNetworkingObservability_STATUS - Observability profile to enable advanced network metrics and flow logs with historical contexts. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object security: - description: |- - Storage version of v1api20250801.AdvancedNetworkingSecurity_STATUS - Security profile to enable security features on cilium based cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object advancedNetworkPolicies: type: string @@ -46352,16 +30351,10 @@ spec: type: string type: array loadBalancerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_STATUS - Profile of the managed cluster load balancer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allocatedOutboundPorts: type: integer @@ -46369,16 +30362,10 @@ spec: type: string effectiveOutboundIPs: items: - description: |- - Storage version of v1api20250801.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -46389,14 +30376,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPs: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -46404,27 +30387,17 @@ spec: type: integer type: object outboundIPPrefixes: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixes: items: - description: |- - Storage version of v1api20250801.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -46432,27 +30405,17 @@ spec: type: array type: object outboundIPs: - description: Storage version of v1api20250801.ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPs: items: - description: |- - Storage version of v1api20250801.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -46463,29 +30426,17 @@ spec: loadBalancerSku: type: string natGatewayProfile: - description: |- - Storage version of v1api20250801.ManagedClusterNATGatewayProfile_STATUS - Profile of the managed cluster NAT gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object effectiveOutboundIPs: items: - description: |- - Storage version of v1api20250801.ResourceReference_STATUS - A reference to an Azure resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -46494,16 +30445,10 @@ spec: idleTimeoutInMinutes: type: integer managedOutboundIPProfile: - description: |- - Storage version of v1api20250801.ManagedClusterManagedOutboundIPProfile_STATUS - Profile of the managed outbound IP resources of the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -46534,30 +30479,20 @@ spec: type: string type: array staticEgressGatewayProfile: - description: |- - Storage version of v1api20250801.ManagedClusterStaticEgressGatewayProfile_STATUS - The Static Egress Gateway addon configuration for the cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object nodeProvisioningProfile: - description: Storage version of v1api20250801.ManagedClusterNodeProvisioningProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object defaultNodePools: type: string @@ -46567,31 +30502,19 @@ spec: nodeResourceGroup: type: string nodeResourceGroupProfile: - description: |- - Storage version of v1api20250801.ManagedClusterNodeResourceGroupProfile_STATUS - Node resource group lockdown profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object restrictionLevel: type: string type: object oidcIssuerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterOIDCIssuerProfile_STATUS - The OIDC issuer profile of the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -46599,17 +30522,10 @@ spec: type: string type: object podIdentityProfile: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityProfile_STATUS - The pod identity profile of the Managed Cluster. See [use AAD pod - identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod identity integration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowNetworkPluginKubenet: type: boolean @@ -46617,30 +30533,18 @@ spec: type: boolean userAssignedIdentities: items: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentity_STATUS - Details about the pod identity assigned to the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object bindingSelector: type: string identity: - description: |- - Storage version of v1api20250801.UserAssignedIdentity_STATUS - Details about a user assigned identity. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string @@ -46654,51 +30558,31 @@ spec: namespace: type: string provisioningInfo: - description: Storage version of v1api20250801.ManagedClusterPodIdentity_ProvisioningInfo_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningError_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object error: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningErrorBody_STATUS - An error response from the pod identity provisioning. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string details: items: - description: Storage version of v1api20250801.ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -46721,19 +30605,10 @@ spec: type: array userAssignedIdentityExceptions: items: - description: |- - Storage version of v1api20250801.ManagedClusterPodIdentityException_STATUS - A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) - endpoint without being intercepted by the node-managed identity (NMI) server. See [disable AAD Pod Identity for a - specific Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more - details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -46747,16 +30622,10 @@ spec: type: array type: object powerState: - description: |- - Storage version of v1api20250801.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -46765,16 +30634,10 @@ spec: type: string privateLinkResources: items: - description: |- - Storage version of v1api20250801.PrivateLinkResource_STATUS - A private link resource properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -46799,28 +30662,16 @@ spec: resourceUID: type: string securityProfile: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfile_STATUS - Security profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureKeyVaultKms: - description: |- - Storage version of v1api20250801.AzureKeyVaultKms_STATUS - Azure Key Vault key management service settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -46836,47 +30687,28 @@ spec: type: string type: array defender: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileDefender_STATUS - Microsoft Defender settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object logAnalyticsWorkspaceResourceId: type: string securityMonitoring: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS - Microsoft Defender settings for the security profile threat detection. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object imageCleaner: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileImageCleaner_STATUS - Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here - are settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -46884,69 +30716,38 @@ spec: type: integer type: object workloadIdentity: - description: |- - Storage version of v1api20250801.ManagedClusterSecurityProfileWorkloadIdentity_STATUS - Workload identity settings for the security profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object type: object serviceMeshProfile: - description: |- - Storage version of v1api20250801.ServiceMeshProfile_STATUS - Service mesh profile for a managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object istio: - description: |- - Storage version of v1api20250801.IstioServiceMesh_STATUS - Istio service mesh configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certificateAuthority: - description: |- - Storage version of v1api20250801.IstioCertificateAuthority_STATUS - Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described - here https://aka.ms/asm-plugin-ca properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object plugin: - description: |- - Storage version of v1api20250801.IstioPluginCertificateAuthority_STATUS - Plugin certificates information for Service Mesh. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object certChainObjectName: type: string @@ -46961,29 +30762,17 @@ spec: type: object type: object components: - description: |- - Storage version of v1api20250801.IstioComponents_STATUS - Istio components configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object egressGateways: items: - description: |- - Storage version of v1api20250801.IstioEgressGateway_STATUS - Istio egress gateway configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -46991,17 +30780,10 @@ spec: type: array ingressGateways: items: - description: |- - Storage version of v1api20250801.IstioIngressGateway_STATUS - Istio ingress gateway configuration. For now, we support up to one external ingress gateway named - `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -47019,31 +30801,19 @@ spec: type: string type: object servicePrincipalProfile: - description: |- - Storage version of v1api20250801.ManagedClusterServicePrincipalProfile_STATUS - Information about a service principal identity for the cluster to use for manipulating Azure APIs. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object clientId: type: string type: object sku: - description: |- - Storage version of v1api20250801.ManagedClusterSKU_STATUS - The SKU of a Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -47051,41 +30821,23 @@ spec: type: string type: object status: - description: |- - Storage version of v1api20250801.ManagedClusterStatus_STATUS - Contains read-only information about the Managed Cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object provisioningError: - description: |- - Storage version of v1api20250801.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -47099,27 +30851,17 @@ spec: type: string details: items: - description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -47144,73 +30886,43 @@ spec: type: object type: object storageProfile: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfile_STATUS - Storage profile for the container service cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object blobCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileBlobCSIDriver_STATUS - AzureBlob CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object diskCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileDiskCSIDriver_STATUS - AzureDisk CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object fileCSIDriver: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileFileCSIDriver_STATUS - AzureFile CSI Driver settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object snapshotController: - description: |- - Storage version of v1api20250801.ManagedClusterStorageProfileSnapshotController_STATUS - Snapshot Controller settings for the storage profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -47219,16 +30931,10 @@ spec: supportPlan: type: string systemData: - description: |- - Storage version of v1api20250801.SystemData_STATUS - Metadata pertaining to creation and last modification of the resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object createdAt: type: string @@ -47250,28 +30956,16 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20250801.ClusterUpgradeSettings_STATUS - Settings for upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object overrideSettings: - description: |- - Storage version of v1api20250801.UpgradeOverrideSettings_STATUS - Settings for overrides when upgrading a cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object forceUpgrade: type: boolean @@ -47280,32 +30974,20 @@ spec: type: object type: object windowsProfile: - description: |- - Storage version of v1api20250801.ManagedClusterWindowsProfile_STATUS - Profile for Windows VMs in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object adminUsername: type: string enableCSIProxy: type: boolean gmsaProfile: - description: |- - Storage version of v1api20250801.WindowsGmsaProfile_STATUS - Windows gMSA Profile in the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServer: type: string @@ -47318,43 +31000,25 @@ spec: type: string type: object workloadAutoScalerProfile: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfile_STATUS - Workload Auto-scaler profile for the managed cluster. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object keda: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileKeda_STATUS - KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean type: object verticalPodAutoscaler: - description: |- - Storage version of v1api20250801.ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS - VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -47417,100 +31081,49 @@ spec: name: v1api20230201 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -47519,30 +31132,18 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -47571,15 +31172,11 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -47648,18 +31245,12 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User @@ -47667,64 +31258,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -47732,29 +31292,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -47763,33 +31307,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - CBLMariner - Ubuntu @@ -47797,52 +31325,31 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: enum: @@ -47851,99 +31358,63 @@ spec: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: maxSurge: type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -47954,48 +31425,27 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -48005,63 +31455,31 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: items: @@ -48089,12 +31507,8 @@ spec: type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: type: integer @@ -48163,136 +31577,74 @@ spec: type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: maxSurge: type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -48316,78 +31668,43 @@ spec: name: v1api20230201storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20230201.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-02-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20230201.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string count: type: integer creationData: - description: Storage version of v1api20230201.CreationData properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -48404,37 +31721,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -48464,26 +31766,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -48560,25 +31854,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -48586,40 +31870,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20230201.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -48628,27 +31891,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -48669,72 +31917,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: Storage version of v1api20230201.PowerState properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -48752,14 +31972,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -48767,26 +31983,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -48795,14 +32000,10 @@ spec: - owner type: object status: - description: Storage version of v1api20230201.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -48810,39 +32011,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -48854,14 +32038,10 @@ spec: count: type: integer creationData: - description: Storage version of v1api20230201.CreationData_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -48885,14 +32065,10 @@ spec: id: type: string kubeletConfig: - description: Storage version of v1api20230201.KubeletConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -48922,26 +32098,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: Storage version of v1api20230201.LinuxOSConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: Storage version of v1api20230201.SysctlConfig_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -49040,14 +32208,10 @@ spec: podSubnetID: type: string powerState: - description: Storage version of v1api20230201.PowerState_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -49073,14 +32237,10 @@ spec: type: type: string upgradeSettings: - description: Storage version of v1api20230201.AgentPoolUpgradeSettings_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxSurge: type: string @@ -49113,123 +32273,64 @@ spec: name: v1api20231001 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -49238,240 +32339,149 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -49479,40 +32489,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -49520,64 +32515,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -49585,29 +32549,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -49616,33 +32564,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner @@ -49651,167 +32583,100 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -49822,51 +32687,29 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -49876,408 +32719,225 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -50301,100 +32961,55 @@ spec: name: v1api20231001storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20231001.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2023-10-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20231001.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -50411,39 +33026,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -50473,30 +33071,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -50569,29 +33155,17 @@ spec: mode: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -50603,38 +33177,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -50648,25 +33208,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -50674,40 +33224,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20231001.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -50716,27 +33245,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -50757,74 +33271,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20231001.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -50842,16 +33326,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -50861,26 +33339,15 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object workloadRuntime: @@ -50889,14 +33356,10 @@ spec: - owner type: object status: - description: Storage version of v1api20231001.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -50906,39 +33369,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -50950,16 +33396,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20231001.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -50983,16 +33423,10 @@ spec: id: type: string kubeletConfig: - description: |- - Storage version of v1api20231001.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -51022,30 +33456,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20231001.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20231001.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -51120,29 +33542,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20231001.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20231001.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -51158,16 +33568,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20231001.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -51201,16 +33605,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20231001.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -51236,16 +33634,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20231001.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -51280,154 +33672,78 @@ spec: name: v1api20240402preview schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. maximum: 31 minimum: 28 type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -51436,258 +33752,157 @@ spec: - MIG7g type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - Gateway - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -51695,115 +33910,63 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -51811,29 +33974,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -51842,33 +33989,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. enum: - AzureLinux - CBLMariner @@ -51879,176 +34010,107 @@ spec: - WindowsAnnual type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. enum: - DynamicIndividual - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' enum: - Disabled - LocalUser type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. enum: - Cordon - Schedule @@ -52056,58 +34118,36 @@ spec: type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. items: - description: Specifications on auto-scaling. properties: maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' type: integer minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. items: type: string type: array type: object type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. items: type: string type: array @@ -52116,45 +34156,25 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - KataMshvVmIsolation - OCIContainer @@ -52166,60 +34186,34 @@ spec: status: properties: artifactStreamingProfile: - description: 'ArtifactStreamingProfile: Configuration for using artifact streaming on AKS.' properties: enabled: - description: |- - Enabled: Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use - this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. type: boolean type: object availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -52229,534 +34223,287 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion was a fully specified version , this field will be - exactly equal to it. If orchestratorVersion was , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableCustomCATrust: - description: |- - EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a - daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded - certificates into node trust stores. Defaults to false. type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: 'GpuProfile: The GPU settings of an agent pool.' properties: installGPUDriver: - description: |- - InstallGPUDriver: The default value is true when the vmSize of the agent pool contains a GPU, false otherwise. GPU - Driver Installation can only be set true when VM has an associated GPU resource. Setting this field to false prevents - automatic GPU driver installation. In that case, in order for the GPU to be usable, the user must perform GPU driver - installation themselves. type: boolean type: object hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of - the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., - will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeInitializationTaints: - description: |- - NodeInitializationTaints: These taints will not be reconciled by AKS and can be removed with a kubectl call. This field - can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that - requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the - node is ready to accept workloads, for example 'key1=value1:NoSchedule' that then can be removed with `kubectl taint - nodes node1 key1=value1:NoSchedule-` items: type: string type: array nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version and are supported. When is - specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same - once it has been created will not trigger an upgrade, even if a newer patch version is available. As a - best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version - must have the same major version as the control plane. The node pool minor version must be within two minor versions of - the control plane version. The node pool version cannot be greater than the control plane version. For more information - see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or - Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is - deprecated. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is - 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: autoscale: - description: |- - Autoscale: Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. Currently, - at most one AutoScaleProfile is allowed. items: - description: Specifications on auto-scaling. properties: maxCount: - description: 'MaxCount: The maximum number of nodes of the specified sizes.' type: integer minCount: - description: 'MinCount: The minimum number of nodes of the specified sizes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when auto scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS - will use the next size. items: type: string type: array type: object type: array manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer sizes: - description: |- - Sizes: The list of allowed vm sizes e.g. ['Standard_E4s_v3', 'Standard_E16s_v3', 'Standard_D16s_v5']. AKS will use the - first available one when scaling. If a VM size is unavailable (e.g. due to quota or regional capacity reasons), AKS will - use the next size. items: type: string type: array @@ -52765,28 +34512,15 @@ spec: type: object type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -52810,48 +34544,24 @@ spec: name: v1api20240402previewstorage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2024-04-02-preview/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -52861,62 +34571,37 @@ spec: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -52933,16 +34618,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -52950,52 +34629,31 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean type: object hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -53025,30 +34683,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -53123,29 +34769,17 @@ spec: mode: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -53157,38 +34791,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -53206,25 +34826,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -53232,40 +34842,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20240402preview.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -53274,27 +34863,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -53315,76 +34889,46 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIPAllocationMode: type: string podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240402preview.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -53394,16 +34938,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -53421,16 +34959,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -53443,16 +34975,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -53461,41 +34987,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoscale: items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile - Specifications on auto-scaling. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxCount: type: integer @@ -53509,16 +35017,10 @@ spec: type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -53533,39 +35035,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -53576,24 +35061,16 @@ spec: - owner type: object status: - description: Storage version of v1api20240402preview.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object artifactStreamingProfile: - description: Storage version of v1api20240402preview.AgentPoolArtifactStreamingProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -53606,39 +35083,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -53650,16 +35110,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240402preview.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -53681,16 +35135,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -53698,14 +35146,10 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: Storage version of v1api20240402preview.AgentPoolGPUProfile_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object installGPUDriver: type: boolean @@ -53715,16 +35159,10 @@ spec: id: type: string kubeletConfig: - description: |- - Storage version of v1api20240402preview.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -53754,30 +35192,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240402preview.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240402preview.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -53854,29 +35280,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240402preview.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -53892,16 +35306,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240402preview.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -53941,16 +35349,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240402preview.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -53968,16 +35370,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -53995,16 +35391,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240402preview.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -54017,16 +35407,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20240402preview.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -54035,41 +35419,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20240402preview.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20240402preview.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object autoscale: items: - description: |- - Storage version of v1api20240402preview.AutoScaleProfile_STATUS - Specifications on auto-scaling. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object maxCount: type: integer @@ -54083,16 +35449,10 @@ spec: type: array manual: items: - description: |- - Storage version of v1api20240402preview.ManualScaleProfile_STATUS - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -54109,16 +35469,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240402preview.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -54147,123 +35501,64 @@ spec: name: v1api20240901 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -54272,240 +35567,149 @@ spec: - MIG7g type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -54513,40 +35717,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -54554,64 +35743,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -54619,29 +35777,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -54650,33 +35792,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - CBLMariner @@ -54685,197 +35811,116 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -54886,51 +35931,29 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -54940,442 +35963,241 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: If orchestratorVersion is a fully specified version , this field will be - exactly equal to it. If orchestratorVersion is , this field will contain the full - version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information, - see: https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. - A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine - to minimize hops. For more information see [assigning a public IP per - node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The - default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string hostGroupID: - description: |- - HostGroupID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The default is '100ms.' Valid values are a sequence of decimal numbers with an optional fraction and - a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: 'ImageGcHighThreshold: To disable image garbage collection, set to 100. The default is 85%' type: integer imageGcLowThreshold: - description: 'ImageGcLowThreshold: This cannot be set higher than imageGcHighThreshold. The default is 80%' type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is - 'madvise'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Valid values are 'always', 'madvise', and 'never'. The default is 'always'. For more - information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool - restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: Both patch version (e.g. 1.20.13) and (e.g. 1.20) are supported. - When is specified, the latest supported GA patch version is chosen automatically. Updating the cluster - with the same once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer - patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same - Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor - version must be within two minor versions of the control plane version. The node pool version cannot be greater than the - control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested - OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podSubnetID: - description: |- - PodSubnetID: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is - of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this - field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only - be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: 'ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.' type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is - 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean type: object spotMaxPrice: - description: |- - SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any - on-demand price. For more details on spot pricing, see [spot VMs - pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. - This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not - specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: This can either be set to an integer (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it - is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded - up. If not specified, the default is 1. For more information, including best practices, see: - https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The amount of time (in minutes) to wait after draining a node and before reimaging it and - moving on to next node. If not specified, the default is 0 minutes. type: integer type: object vmSize: - description: |- - VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods - might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, - this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT - Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -55399,100 +36221,55 @@ spec: name: v1api20240901storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240901.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240901.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -55509,39 +36286,22 @@ spec: gpuInstanceProfile: type: string hostGroupReference: - description: |- - HostGroupReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -55571,30 +36331,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -55667,29 +36415,17 @@ spec: mode: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -55701,38 +36437,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -55746,25 +36468,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -55772,40 +36484,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20240901.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -55814,27 +36505,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -55855,74 +36531,44 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podSubnetReference: - description: |- - PodSubnetReference: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). - This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20240901.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -55932,16 +36578,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -55957,16 +36597,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -55978,39 +36612,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is - specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -56021,14 +36638,10 @@ spec: - owner type: object status: - description: Storage version of v1api20240901.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -56038,39 +36651,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -56082,16 +36678,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20240901.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -56117,16 +36707,10 @@ spec: id: type: string kubeletConfig: - description: |- - Storage version of v1api20240901.KubeletConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -56156,30 +36740,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20240901.LinuxOSConfig_STATUS - See [AKS custom node configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20240901.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -56254,29 +36826,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20240901.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20240901.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -56292,16 +36852,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20240901.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -56335,16 +36889,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20240901.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -56362,16 +36910,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20240901.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -56387,16 +36929,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20240901.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -56410,16 +36946,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20240901.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -56448,140 +36978,71 @@ spec: name: v1api20250801 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 12 minLength: 1 pattern: ^[a-z][a-z0-9]{0,11}$ type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM - sizes and in certain Azure regions. For more information, see: - https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to - receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to - make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP - per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). - The default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. maximum: 31 minimum: 28 type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' enum: - MIG1g - MIG2g @@ -56590,264 +37051,160 @@ spec: - MIG7g type: string gpuProfile: - description: 'GpuProfile: GPU settings for the Agent Pool.' properties: driver: - description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' enum: - Install - None type: string type: object hostGroupReference: - description: |- - HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used - only in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. minimum: 2 type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal - numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', - 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: |- - ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image - garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: |- - ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set - higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. enum: - OS - Temporary type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' maximum: 90 minimum: 10 type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' maximum: 524288 minimum: 65536 type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' maximum: 2097152 minimum: 131072 type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages - available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For - more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and - 'never'. The default is 'always'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to - /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified - for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional - information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools enum: - Gateway - System - User type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. maximum: 65535 minimum: 1 type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. maximum: 65535 minimum: 1 type: integer protocol: - description: 'Protocol: The network protocol of the port.' enum: - TCP - UDP @@ -56855,40 +37212,25 @@ spec: type: object type: array applicationSecurityGroupsReferences: - description: |- - ApplicationSecurityGroupsReferences: The IDs of the application security groups which agent pool will associate when - created. items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array @@ -56896,64 +37238,33 @@ spec: nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -56961,29 +37272,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -56992,34 +37287,17 @@ spec: type: array type: object orchestratorVersion: - description: |- - OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade - all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version - as the control plane. The node pool minor version must be within two minor versions of the control plane version. The - node pool version cannot be greater than the control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: maximum: 2048 minimum: 0 type: integer osDiskType: - description: |- - OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it - and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after - creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). enum: - Ephemeral - Managed type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. enum: - AzureLinux - AzureLinux3 @@ -57030,187 +37308,109 @@ spec: - Windows2022 type: string osType: - description: 'OsType: The operating system type. The default is Linux.' enum: - Linux - Windows type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIPAllocationMode: - description: |- - PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with - podSubnetId. The default is 'DynamicIndividual'. enum: - DynamicIndividual - StaticBlock type: string podSubnetReference: - description: |- - PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned - on the node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. - The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not - accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' enum: - Running - Stopped type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: - description: |- - ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler - behavior. If not specified, it defaults to Delete. enum: - Deallocate - Delete type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the - scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. enum: - Deallocate - Delete type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' enum: - Regular - Spot type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' enum: - Disabled - LocalUser type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal - value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value - greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, - see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: The type of Agent Pool.' enum: - AvailabilitySet - VirtualMachineScaleSets - VirtualMachines type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and - graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is - exceeded, the upgrade fails. If not specified, the default is 30 minutes. maximum: 1440 minimum: 1 type: integer maxSurge: - description: |- - MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer - (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size - at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For - more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string maxUnavailable: - description: |- - MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This - can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the - percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If - not specified, the default is 0. For more information, including best practices, see: - https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node - and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. maximum: 30 minimum: 0 type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. enum: - Cordon - Schedule @@ -57218,80 +37418,48 @@ spec: type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: |- - Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or - 'Standard_D16s_v5'. type: string type: object type: array type: object type: object vmSize: - description: |- - VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute - resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetReference: - description: |- - VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is - not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and - pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only - be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' enum: - OCIContainer - WasmWasi @@ -57302,51 +37470,29 @@ spec: status: properties: availabilityZones: - description: |- - AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType - property is 'VirtualMachineScaleSets'. items: type: string type: array capacityReservationGroupID: - description: 'CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.' type: string conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -57356,603 +37502,330 @@ spec: type: object type: array count: - description: |- - Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) - for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. type: integer creationData: - description: |- - CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using - a snapshot. properties: sourceResourceId: - description: 'SourceResourceId: This is the ARM ID of the source object to be used to create the target object.' type: string type: object currentOrchestratorVersion: - description: |- - CurrentOrchestratorVersion: The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully - specified version , this field will be exactly equal to it. If orchestratorVersion is , - this field will contain the full version being used. type: string eTag: - description: |- - ETag: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is - updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic - concurrency per the normal etag convention. type: string enableAutoScaling: - description: 'EnableAutoScaling: Whether to enable auto-scaler' type: boolean enableEncryptionAtHost: - description: |- - EnableEncryptionAtHost: Whether to enable host based OS and data drive encryption. This is only supported on certain VM - sizes and in certain Azure regions. For more information, see: - https://docs.microsoft.com/azure/aks/enable-host-encryption type: boolean enableFIPS: - description: |- - EnableFIPS: Whether to use a FIPS-enabled OS. See [Add a FIPS-enabled node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more - details. type: boolean enableNodePublicIP: - description: |- - EnableNodePublicIP: Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to - receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to - make a direct connection to a cloud virtual machine to minimize hops. For more information see [assigning a public IP - per node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). - The default is false. type: boolean enableUltraSSD: - description: 'EnableUltraSSD: Whether to enable UltraSSD' type: boolean gatewayProfile: - description: |- - GatewayProfile: Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is - not Gateway. properties: publicIPPrefixSize: - description: |- - PublicIPPrefixSize: The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide - public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with - one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure - public IPPrefix size limitation, the valid value range is [28, 31] (/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 - nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. type: integer type: object gpuInstanceProfile: - description: 'GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.' type: string gpuProfile: - description: 'GpuProfile: GPU settings for the Agent Pool.' properties: driver: - description: 'Driver: Whether to install GPU drivers. When it''s not specified, default is Install.' type: string type: object hostGroupID: - description: |- - HostGroupID: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only - in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). type: string id: - description: 'Id: Resource ID.' type: string kubeletConfig: - description: 'KubeletConfig: The Kubelet configuration on the agent pool nodes.' properties: allowedUnsafeSysctls: - description: 'AllowedUnsafeSysctls: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).' items: type: string type: array containerLogMaxFiles: - description: |- - ContainerLogMaxFiles: The maximum number of container log files that can be present for a container. The number must be - ≥ 2. type: integer containerLogMaxSizeMB: - description: 'ContainerLogMaxSizeMB: The maximum size (e.g. 10Mi) of container log file before it is rotated.' type: integer cpuCfsQuota: - description: 'CpuCfsQuota: If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true.' type: boolean cpuCfsQuotaPeriod: - description: |- - CpuCfsQuotaPeriod: The CPU CFS quota period value. The default is '100ms.' Valid values are a sequence of decimal - numbers with an optional fraction and a unit suffix. For example: '300ms', '2h45m'. Supported units are 'ns', 'us', - 'ms', 's', 'm', and 'h'. type: string cpuManagerPolicy: - description: |- - CpuManagerPolicy: The CPU Manager policy to use. The default is 'none'. See [Kubernetes CPU management - policies](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#cpu-management-policies) for more - information. Allowed values are 'none' and 'static'. type: string failSwapOn: - description: 'FailSwapOn: If set to true it will make the Kubelet fail to start if swap is enabled on the node.' type: boolean imageGcHighThreshold: - description: |- - ImageGcHighThreshold: The percent of disk usage after which image garbage collection is always run. To disable image - garbage collection, set to 100. The default is 85% type: integer imageGcLowThreshold: - description: |- - ImageGcLowThreshold: The percent of disk usage before which image garbage collection is never run. This cannot be set - higher than imageGcHighThreshold. The default is 80% type: integer podMaxPids: - description: 'PodMaxPids: The maximum number of processes per pod.' type: integer topologyManagerPolicy: - description: |- - TopologyManagerPolicy: The Topology Manager policy to use. For more information see [Kubernetes Topology - Manager](https://kubernetes.io/docs/tasks/administer-cluster/topology-manager). The default is 'none'. Allowed values - are 'none', 'best-effort', 'restricted', and 'single-numa-node'. type: string type: object kubeletDiskType: - description: |- - KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral - storage. type: string linuxOSConfig: - description: 'LinuxOSConfig: The OS configuration of Linux agent nodes.' properties: swapFileSizeMB: - description: 'SwapFileSizeMB: The size in MB of a swap file that will be created on each node.' type: integer sysctls: - description: 'Sysctls: Sysctl settings for Linux agent nodes.' properties: fsAioMaxNr: - description: 'FsAioMaxNr: Sysctl setting fs.aio-max-nr.' type: integer fsFileMax: - description: 'FsFileMax: Sysctl setting fs.file-max.' type: integer fsInotifyMaxUserWatches: - description: 'FsInotifyMaxUserWatches: Sysctl setting fs.inotify.max_user_watches.' type: integer fsNrOpen: - description: 'FsNrOpen: Sysctl setting fs.nr_open.' type: integer kernelThreadsMax: - description: 'KernelThreadsMax: Sysctl setting kernel.threads-max.' type: integer netCoreNetdevMaxBacklog: - description: 'NetCoreNetdevMaxBacklog: Sysctl setting net.core.netdev_max_backlog.' type: integer netCoreOptmemMax: - description: 'NetCoreOptmemMax: Sysctl setting net.core.optmem_max.' type: integer netCoreRmemDefault: - description: 'NetCoreRmemDefault: Sysctl setting net.core.rmem_default.' type: integer netCoreRmemMax: - description: 'NetCoreRmemMax: Sysctl setting net.core.rmem_max.' type: integer netCoreSomaxconn: - description: 'NetCoreSomaxconn: Sysctl setting net.core.somaxconn.' type: integer netCoreWmemDefault: - description: 'NetCoreWmemDefault: Sysctl setting net.core.wmem_default.' type: integer netCoreWmemMax: - description: 'NetCoreWmemMax: Sysctl setting net.core.wmem_max.' type: integer netIpv4IpLocalPortRange: - description: 'NetIpv4IpLocalPortRange: Sysctl setting net.ipv4.ip_local_port_range.' type: string netIpv4NeighDefaultGcThresh1: - description: 'NetIpv4NeighDefaultGcThresh1: Sysctl setting net.ipv4.neigh.default.gc_thresh1.' type: integer netIpv4NeighDefaultGcThresh2: - description: 'NetIpv4NeighDefaultGcThresh2: Sysctl setting net.ipv4.neigh.default.gc_thresh2.' type: integer netIpv4NeighDefaultGcThresh3: - description: 'NetIpv4NeighDefaultGcThresh3: Sysctl setting net.ipv4.neigh.default.gc_thresh3.' type: integer netIpv4TcpFinTimeout: - description: 'NetIpv4TcpFinTimeout: Sysctl setting net.ipv4.tcp_fin_timeout.' type: integer netIpv4TcpKeepaliveProbes: - description: 'NetIpv4TcpKeepaliveProbes: Sysctl setting net.ipv4.tcp_keepalive_probes.' type: integer netIpv4TcpKeepaliveTime: - description: 'NetIpv4TcpKeepaliveTime: Sysctl setting net.ipv4.tcp_keepalive_time.' type: integer netIpv4TcpMaxSynBacklog: - description: 'NetIpv4TcpMaxSynBacklog: Sysctl setting net.ipv4.tcp_max_syn_backlog.' type: integer netIpv4TcpMaxTwBuckets: - description: 'NetIpv4TcpMaxTwBuckets: Sysctl setting net.ipv4.tcp_max_tw_buckets.' type: integer netIpv4TcpTwReuse: - description: 'NetIpv4TcpTwReuse: Sysctl setting net.ipv4.tcp_tw_reuse.' type: boolean netIpv4TcpkeepaliveIntvl: - description: 'NetIpv4TcpkeepaliveIntvl: Sysctl setting net.ipv4.tcp_keepalive_intvl.' type: integer netNetfilterNfConntrackBuckets: - description: 'NetNetfilterNfConntrackBuckets: Sysctl setting net.netfilter.nf_conntrack_buckets.' type: integer netNetfilterNfConntrackMax: - description: 'NetNetfilterNfConntrackMax: Sysctl setting net.netfilter.nf_conntrack_max.' type: integer vmMaxMapCount: - description: 'VmMaxMapCount: Sysctl setting vm.max_map_count.' type: integer vmSwappiness: - description: 'VmSwappiness: Sysctl setting vm.swappiness.' type: integer vmVfsCachePressure: - description: 'VmVfsCachePressure: Sysctl setting vm.vfs_cache_pressure.' type: integer type: object transparentHugePageDefrag: - description: |- - TransparentHugePageDefrag: Whether the kernel should make aggressive use of memory compaction to make more hugepages - available. Valid values are 'always', 'defer', 'defer+madvise', 'madvise' and 'never'. The default is 'madvise'. For - more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string transparentHugePageEnabled: - description: |- - TransparentHugePageEnabled: Whether transparent hugepages are enabled. Valid values are 'always', 'madvise', and - 'never'. The default is 'always'. For more information see [Transparent - Hugepages](https://www.kernel.org/doc/html/latest/admin-guide/mm/transhuge.html#admin-guide-transhuge). type: string type: object maxCount: - description: 'MaxCount: The maximum number of nodes for auto-scaling' type: integer maxPods: - description: 'MaxPods: The maximum number of pods that can run on a node.' type: integer messageOfTheDay: - description: |- - MessageOfTheDay: Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to - /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified - for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). type: string minCount: - description: 'MinCount: The minimum number of nodes for auto-scaling' type: integer mode: - description: |- - Mode: The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional - information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string networkProfile: - description: 'NetworkProfile: Network-related settings of an agent pool.' properties: allowedHostPorts: - description: 'AllowedHostPorts: The port ranges that are allowed to access. The specified ranges are allowed to overlap.' items: - description: The port range. properties: portEnd: - description: |- - PortEnd: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or - equal to portStart. type: integer portStart: - description: |- - PortStart: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or - equal to portEnd. type: integer protocol: - description: 'Protocol: The network protocol of the port.' type: string type: object type: array applicationSecurityGroups: - description: 'ApplicationSecurityGroups: The IDs of the application security groups which agent pool will associate when created.' items: type: string type: array nodePublicIPTags: - description: 'NodePublicIPTags: IPTags of instance-level public IPs.' items: - description: Contains the IPTag associated with the object. properties: ipTagType: - description: 'IpTagType: The IP tag type. Example: RoutingPreference.' type: string tag: - description: 'Tag: The value of the IP tag associated with the public IP. Example: Internet.' type: string type: object type: array type: object nodeImageVersion: - description: 'NodeImageVersion: The version of node image' type: string nodeLabels: additionalProperties: type: string - description: 'NodeLabels: The node labels to be persisted across all nodes in agent pool.' type: object nodePublicIPPrefixID: - description: |- - NodePublicIPPrefixID: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} type: string nodeTaints: - description: 'NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.' items: type: string type: array orchestratorVersion: - description: |- - OrchestratorVersion: The version of Kubernetes specified by the user. Both patch version (e.g. - 1.20.13) and (e.g. 1.20) are supported. When is specified, the latest supported GA patch - version is chosen automatically. Updating the cluster with the same once it has been created (e.g. 1.14.x - -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade - all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version - as the control plane. The node pool minor version must be within two minor versions of the control plane version. The - node pool version cannot be greater than the control plane version. For more information see [upgrading a node - pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). type: string osDiskSizeGB: type: integer osDiskType: - description: |- - OsDiskType: The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it - and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after - creation. For more information see [Ephemeral - OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os). type: string osSKU: - description: |- - OsSKU: Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 - when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. type: string osType: - description: 'OsType: The operating system type. The default is Linux.' type: string podIPAllocationMode: - description: |- - PodIPAllocationMode: Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with - podSubnetId. The default is 'DynamicIndividual'. type: string podSubnetID: - description: |- - PodSubnetID: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the - node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string powerState: - description: |- - PowerState: Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. - The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not - accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded properties: code: - description: 'Code: Tells whether the cluster is Running or Stopped' type: string type: object properties_type: - description: 'PropertiesType: The type of Agent Pool.' type: string provisioningState: - description: 'ProvisioningState: The current deployment or provisioning state.' type: string proximityPlacementGroupID: - description: 'ProximityPlacementGroupID: The ID for Proximity Placement Group.' type: string scaleDownMode: - description: |- - ScaleDownMode: The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler - behavior. If not specified, it defaults to Delete. type: string scaleSetEvictionPolicy: - description: |- - ScaleSetEvictionPolicy: The Virtual Machine Scale Set eviction policy to use. This cannot be specified unless the - scaleSetPriority is 'Spot'. If not specified, the default is 'Delete'. type: string scaleSetPriority: - description: 'ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is ''Regular''.' type: string securityProfile: - description: 'SecurityProfile: The security settings of an agent pool.' properties: enableSecureBoot: - description: |- - EnableSecureBoot: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and - drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean enableVTPM: - description: |- - EnableVTPM: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held - locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. type: boolean sshAccess: - description: 'SshAccess: SSH access method of an agent pool.' type: string type: object spotMaxPrice: - description: |- - SpotMaxPrice: The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal - value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value - greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, - see [spot VMs pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing) type: number status: - description: 'Status: Contains read-only information about the Agent Pool.' properties: provisioningError: - description: |- - ProvisioningError: The error detail information of the agent pool. Preserves the detailed info of failure. If there was - no error, this field is omitted. properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string details: - description: 'Details: The error details.' items: properties: additionalInfo: - description: 'AdditionalInfo: The error additional info.' items: - description: The resource management error additional info. properties: info: additionalProperties: x-kubernetes-preserve-unknown-fields: true - description: 'Info: The additional info.' type: object type: - description: 'Type: The additional info type.' type: string type: object type: array code: - description: 'Code: The error code.' type: string message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: array message: - description: 'Message: The error message.' type: string target: - description: 'Target: The error target.' type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: The tags to be persisted on the agent pool virtual machine scale set.' type: object type: - description: 'Type: Resource type' type: string upgradeSettings: - description: 'UpgradeSettings: Settings for upgrading the agentpool' properties: drainTimeoutInMinutes: - description: |- - DrainTimeoutInMinutes: The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and - graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is - exceeded, the upgrade fails. If not specified, the default is 30 minutes. type: integer maxSurge: - description: |- - MaxSurge: The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer - (e.g. '5') or a percentage (e.g. '50%'). If a percentage is specified, it is the percentage of the total agent pool size - at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For - more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string maxUnavailable: - description: |- - MaxUnavailable: The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This - can either be set to an integer (e.g. '1') or a percentage (e.g. '5%'). If a percentage is specified, it is the - percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If - not specified, the default is 0. For more information, including best practices, see: - https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster type: string nodeSoakDurationInMinutes: - description: |- - NodeSoakDurationInMinutes: The soak duration for a node. The amount of time (in minutes) to wait after draining a node - and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. type: integer undrainableNodeBehavior: - description: |- - UndrainableNodeBehavior: Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable - nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the - remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. type: string type: object virtualMachineNodesStatus: items: - description: Current status on a group of nodes of the same vm size. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: 'Size: The VM size of the agents used to host this group of nodes.' type: string type: object type: array virtualMachinesProfile: - description: 'VirtualMachinesProfile: Specifications on VirtualMachines agent pool.' properties: scale: - description: 'Scale: Specifications on how to scale a VirtualMachines agent pool.' properties: manual: - description: 'Manual: Specifications on how to scale the VirtualMachines agent pool to a fixed size.' items: - description: Specifications on number of machines. properties: count: - description: 'Count: Number of nodes.' type: integer size: - description: |- - Size: VM size that AKS will use when creating and scaling e.g. 'Standard_E4s_v3', 'Standard_E16s_v3' or - 'Standard_D16s_v5'. type: string type: object type: array type: object type: object vmSize: - description: |- - VmSize: The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute - resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: - https://docs.microsoft.com/azure/aks/quotas-skus-regions type: string vnetSubnetID: - description: |- - VnetSubnetID: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not - specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, - otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} type: string windowsProfile: - description: 'WindowsProfile: The Windows agent pool''s specific profile.' properties: disableOutboundNat: - description: |- - DisableOutboundNat: Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only - be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. type: boolean type: object workloadRuntime: - description: 'WorkloadRuntime: Determines the type of workload a node can run.' type: string type: object type: object @@ -57976,100 +37849,55 @@ spec: name: v1api20250801storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20250801.ManagedClustersAgentPool - Generator information: - - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-08-01/managedClusters.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20250801.ManagedClustersAgentPool_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: type: string type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string capacityReservationGroupReference: - description: 'CapacityReservationGroupReference: AKS will associate the specified agent pool with the Capacity Reservation Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object count: type: integer creationData: - description: |- - Storage version of v1api20250801.CreationData - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceReference: - description: 'SourceResourceReference: This is the ARM ID of the source object to be used to create the target object.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -58084,16 +37912,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20250801.AgentPoolGatewayProfile - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -58101,56 +37923,31 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: |- - Storage version of v1api20250801.GPUProfile - GPU settings for the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object driver: type: string type: object hostGroupReference: - description: |- - HostGroupReference: The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used - only in creation scenario and not allowed to changed once set. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. - For more information see [Azure dedicated hosts](https://docs.microsoft.com/azure/virtual-machines/dedicated-hosts). properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object kubeletConfig: - description: |- - Storage version of v1api20250801.KubeletConfig - Kubelet configurations of agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -58180,31 +37977,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20250801.LinuxOSConfig - OS configurations of Linux agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20250801.SysctlConfig - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -58279,29 +38063,17 @@ spec: mode: type: string networkProfile: - description: |- - Storage version of v1api20250801.AgentPoolNetworkProfile - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20250801.PortRange - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -58313,38 +38085,24 @@ spec: type: array applicationSecurityGroupsReferences: items: - description: ResourceReference represents a resource reference, either to a Kubernetes resource or directly to an Azure resource via ARMID properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20250801.IPTag - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -58358,25 +38116,15 @@ spec: type: string type: object nodePublicIPPrefixReference: - description: |- - NodePublicIPPrefixReference: The public IP prefix ID which VM nodes should use IPs from. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object nodeTaints: @@ -58384,40 +38132,19 @@ spec: type: string type: array operatorSpec: - description: |- - Storage version of v1api20250801.ManagedClustersAgentPoolOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -58426,27 +38153,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -58467,76 +38179,46 @@ spec: osType: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a containerservice.azure.com/ManagedCluster resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object podIPAllocationMode: type: string podSubnetReference: - description: |- - PodSubnetReference: The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned - on the node subnet (see vnetSubnetID for more details). This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object powerState: - description: |- - Storage version of v1api20250801.PowerState - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string type: object proximityPlacementGroupReference: - description: 'ProximityPlacementGroupReference: The ID for Proximity Placement Group.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object scaleDownMode: @@ -58546,16 +38228,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20250801.AgentPoolSecurityProfile - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -58573,16 +38249,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20250801.AgentPoolUpgradeSettings - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -58597,16 +38267,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20250801.VirtualMachineNodes - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -58615,41 +38279,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20250801.VirtualMachinesProfile - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20250801.ScaleProfile - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object manual: items: - description: |- - Storage version of v1api20250801.ManualScaleProfile - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -58662,40 +38308,22 @@ spec: vmSize: type: string vnetSubnetReference: - description: |- - VnetSubnetReference: The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is - not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and - pods, otherwise it applies to just nodes. This is of the form: - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object windowsProfile: - description: |- - Storage version of v1api20250801.AgentPoolWindowsProfile - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -58706,14 +38334,10 @@ spec: - owner type: object status: - description: Storage version of v1api20250801.ManagedClustersAgentPool_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object availabilityZones: items: @@ -58723,39 +38347,22 @@ spec: type: string conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -58767,16 +38374,10 @@ spec: count: type: integer creationData: - description: |- - Storage version of v1api20250801.CreationData_STATUS - Data used when creating a target resource from a source resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object sourceResourceId: type: string @@ -58796,16 +38397,10 @@ spec: enableUltraSSD: type: boolean gatewayProfile: - description: |- - Storage version of v1api20250801.AgentPoolGatewayProfile_STATUS - Profile of the managed cluster gateway agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object publicIPPrefixSize: type: integer @@ -58813,16 +38408,10 @@ spec: gpuInstanceProfile: type: string gpuProfile: - description: |- - Storage version of v1api20250801.GPUProfile_STATUS - GPU settings for the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object driver: type: string @@ -58832,17 +38421,10 @@ spec: id: type: string kubeletConfig: - description: |- - Storage version of v1api20250801.KubeletConfig_STATUS - Kubelet configurations of agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedUnsafeSysctls: items: @@ -58872,31 +38454,18 @@ spec: kubeletDiskType: type: string linuxOSConfig: - description: |- - Storage version of v1api20250801.LinuxOSConfig_STATUS - OS configurations of Linux agent nodes. See [AKS custom node - configuration](https://docs.microsoft.com/azure/aks/custom-node-configuration) for more details. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object swapFileSizeMB: type: integer sysctls: - description: |- - Storage version of v1api20250801.SysctlConfig_STATUS - Sysctl settings for Linux agent nodes. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fsAioMaxNr: type: integer @@ -58973,29 +38542,17 @@ spec: name: type: string networkProfile: - description: |- - Storage version of v1api20250801.AgentPoolNetworkProfile_STATUS - Network settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object allowedHostPorts: items: - description: |- - Storage version of v1api20250801.PortRange_STATUS - The port range. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object portEnd: type: integer @@ -59011,16 +38568,10 @@ spec: type: array nodePublicIPTags: items: - description: |- - Storage version of v1api20250801.IPTag_STATUS - Contains the IPTag associated with the object. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object ipTagType: type: string @@ -59056,16 +38607,10 @@ spec: podSubnetID: type: string powerState: - description: |- - Storage version of v1api20250801.PowerState_STATUS - Describes the Power State of the cluster properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object code: type: string @@ -59083,16 +38628,10 @@ spec: scaleSetPriority: type: string securityProfile: - description: |- - Storage version of v1api20250801.AgentPoolSecurityProfile_STATUS - The security settings of an agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enableSecureBoot: type: boolean @@ -59104,41 +38643,23 @@ spec: spotMaxPrice: type: number status: - description: |- - Storage version of v1api20250801.AgentPoolStatus_STATUS - Contains read-only information about the Agent Pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object provisioningError: - description: |- - Storage version of v1api20250801.ErrorDetail_STATUS - The error detail. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -59152,27 +38673,17 @@ spec: type: string details: items: - description: Storage version of v1api20250801.ErrorDetail_STATUS_Unrolled properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object additionalInfo: items: - description: |- - Storage version of v1api20250801.ErrorAdditionalInfo_STATUS - The resource management error additional info. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object info: additionalProperties: @@ -59203,16 +38714,10 @@ spec: type: type: string upgradeSettings: - description: |- - Storage version of v1api20250801.AgentPoolUpgradeSettings_STATUS - Settings for upgrading an agentpool properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object drainTimeoutInMinutes: type: integer @@ -59227,16 +38732,10 @@ spec: type: object virtualMachineNodesStatus: items: - description: |- - Storage version of v1api20250801.VirtualMachineNodes_STATUS - Current status on a group of nodes of the same vm size. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -59245,41 +38744,23 @@ spec: type: object type: array virtualMachinesProfile: - description: |- - Storage version of v1api20250801.VirtualMachinesProfile_STATUS - Specifications on VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object scale: - description: |- - Storage version of v1api20250801.ScaleProfile_STATUS - Specifications on how to scale a VirtualMachines agent pool. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object manual: items: - description: |- - Storage version of v1api20250801.ManualScaleProfile_STATUS - Specifications on number of machines. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object count: type: integer @@ -59294,16 +38775,10 @@ spec: vnetSubnetID: type: string windowsProfile: - description: |- - Storage version of v1api20250801.AgentPoolWindowsProfile_STATUS - The Windows agent pool's specific profile. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object disableOutboundNat: type: boolean @@ -59367,70 +38842,31 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59438,29 +38874,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59469,77 +38889,50 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' enum: - Standard type: string @@ -59547,10 +38940,8 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -59558,44 +38949,25 @@ spec: - owner type: object status: - description: Nat Gateway resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -59605,73 +38977,52 @@ spec: type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the NAT gateway resource.' type: string publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array resourceGuid: - description: 'ResourceGuid: The resource GUID property of the NAT gateway resource.' type: string sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' type: string type: object subnets: - description: 'Subnets: An array of references to the subnets using this nat gateway resource.' items: - description: Reference to another ARM resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -59697,83 +39048,39 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.NatGateway - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.NatGateway_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: type: integer location: type: string operatorSpec: - description: |- - Storage version of v1api20220701.NatGatewayOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59782,27 +39089,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -59813,99 +39105,60 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: items: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20220701.SubResource - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: |- - Storage version of v1api20220701.NatGatewaySku - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -59922,52 +39175,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.NatGateway_STATUS - Nat Gateway resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -59990,16 +39220,10 @@ spec: type: string publicIpAddresses: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60007,16 +39231,10 @@ spec: type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60025,32 +39243,20 @@ spec: resourceGuid: type: string sku: - description: |- - Storage version of v1api20220701.NatGatewaySku_STATUS - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string type: object subnets: items: - description: |- - Storage version of v1api20220701.SubResource_STATUS - Reference to another ARM resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60088,70 +39294,31 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60159,29 +39326,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60190,77 +39341,50 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' enum: - Standard type: string @@ -60268,10 +39392,8 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -60279,44 +39401,25 @@ spec: - owner type: object status: - description: Nat Gateway resource. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -60326,73 +39429,52 @@ spec: type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string idleTimeoutInMinutes: - description: 'IdleTimeoutInMinutes: The idle timeout of the nat gateway.' type: integer location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the NAT gateway resource.' type: string publicIpAddresses: - description: 'PublicIpAddresses: An array of public ip addresses associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array publicIpPrefixes: - description: 'PublicIpPrefixes: An array of public ip prefixes associated with the nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array resourceGuid: - description: 'ResourceGuid: The resource GUID property of the NAT gateway resource.' type: string sku: - description: 'Sku: The nat gateway SKU.' properties: name: - description: 'Name: Name of Nat Gateway SKU.' type: string type: object subnets: - description: 'Subnets: An array of references to the subnets using this nat gateway resource.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string zones: - description: 'Zones: A list of availability zones denoting the zone in which Nat Gateway should be deployed.' items: type: string type: array @@ -60418,83 +39500,39 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.NatGateway - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/natGateway.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/natGateways/{natGatewayName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.NatGateway_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string idleTimeoutInMinutes: type: integer location: type: string operatorSpec: - description: |- - Storage version of v1api20240301.NatGatewayOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60503,27 +39541,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -60534,99 +39557,60 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object publicIpAddresses: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array sku: - description: |- - Storage version of v1api20240301.NatGatewaySku - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -60643,52 +39627,29 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.NatGateway_STATUS - Nat Gateway resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -60711,16 +39672,10 @@ spec: type: string publicIpAddresses: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60728,16 +39683,10 @@ spec: type: array publicIpPrefixes: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60746,32 +39695,20 @@ spec: resourceGuid: type: string sku: - description: |- - Storage version of v1api20240301.NatGatewaySku_STATUS - SKU of nat gateway. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string type: object subnets: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -60844,187 +39781,102 @@ spec: name: v1api20220701 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61032,20 +39884,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: primaryNicPrivateIpAddress: - description: |- - PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no - config map will be created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -61053,29 +39897,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61084,154 +39912,94 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Private endpoint resource. properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -61241,201 +40009,129 @@ spec: type: object type: array customDnsConfigs: - description: 'CustomDnsConfigs: An array of custom dns configurations.' items: - description: Contains custom Dns resolution configuration from customer. properties: fqdn: - description: 'Fqdn: Fqdn that resolves to private endpoint ip address.' type: string ipAddresses: - description: 'IpAddresses: A list of private ip addresses of the private endpoint.' items: type: string type: array type: object type: array customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: - description: 'Type: The resource type.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array name: - description: 'Name: Resource name.' type: string networkInterfaces: - description: 'NetworkInterfaces: An array of references to the network interfaces created for this private endpoint.' items: - description: A network interface in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the private endpoint resource.' type: string subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: id: - description: 'Id: Resource ID.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -61459,92 +40155,49 @@ spec: name: v1api20220701storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20220701.PrivateEndpoint - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2022-07-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20220701.PrivateEndpoint_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20220701.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: type: string extendedLocation: - description: |- - Storage version of v1api20220701.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -61553,16 +40206,10 @@ spec: type: object ipConfigurations: items: - description: |- - Storage version of v1api20220701.PrivateEndpointIPConfiguration - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -61578,16 +40225,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -61596,42 +40237,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -61639,40 +40264,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20220701.PrivateEndpointOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61680,28 +40284,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20220701.PrivateEndpointOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object primaryNicPrivateIpAddress: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -61710,27 +40302,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -61741,30 +40318,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -61773,42 +40339,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -61816,35 +40366,21 @@ spec: type: object type: array subnet: - description: |- - Storage version of v1api20220701.Subnet_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -61856,29 +40392,17 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20220701.PrivateEndpoint_STATUS - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20220701.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -61886,39 +40410,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -61929,16 +40436,10 @@ spec: type: array customDnsConfigs: items: - description: |- - Storage version of v1api20220701.CustomDnsConfigPropertiesFormat_STATUS - Contains custom Dns resolution configuration from customer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fqdn: type: string @@ -61953,16 +40454,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20220701.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -61973,16 +40468,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20220701.PrivateEndpointIPConfiguration_STATUS - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62002,16 +40491,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62024,21 +40507,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -62056,16 +40531,10 @@ spec: type: string networkInterfaces: items: - description: |- - Storage version of v1api20220701.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded - A network interface in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -62073,16 +40542,10 @@ spec: type: array privateLinkServiceConnections: items: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -62095,21 +40558,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20220701.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -62126,16 +40581,10 @@ spec: provisioningState: type: string subnet: - description: |- - Storage version of v1api20220701.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -62168,187 +40617,102 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62356,20 +40720,12 @@ spec: type: object type: array configMaps: - description: 'ConfigMaps: configures where to place operator written ConfigMaps.' properties: primaryNicPrivateIpAddress: - description: |- - PrimaryNicPrivateIpAddress: indicates where the PrimaryNicPrivateIpAddress config map should be placed. If omitted, no - config map will be created. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -62377,29 +40733,13 @@ spec: type: object type: object secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -62408,154 +40748,94 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: object type: array subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Private endpoint resource. properties: applicationSecurityGroups: - description: 'ApplicationSecurityGroups: Application security groups in which the private endpoint IP configuration is included.' items: - description: An application security group in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -62565,201 +40845,129 @@ spec: type: object type: array customDnsConfigs: - description: 'CustomDnsConfigs: An array of custom dns configurations.' items: - description: Contains custom Dns resolution configuration from customer. properties: fqdn: - description: 'Fqdn: Fqdn that resolves to private endpoint ip address.' type: string ipAddresses: - description: 'IpAddresses: A list of private ip addresses of the private endpoint.' items: type: string type: array type: object type: array customNetworkInterfaceName: - description: 'CustomNetworkInterfaceName: The custom name of the network interface attached to the private endpoint.' type: string etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the load balancer.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipConfigurations: - description: |- - IpConfigurations: A list of IP configurations of the private endpoint. This will be used to map to the First Party - Service's endpoints. items: - description: An IP Configuration of the private endpoint. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupId: - description: 'GroupId: The ID of a group obtained from the remote resource that this private endpoint should connect to.' type: string memberName: - description: 'MemberName: The member name of a group obtained from the remote resource that this private endpoint should connect to.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group.' type: string privateIPAddress: - description: 'PrivateIPAddress: A private ip address obtained from the private endpoint''s subnet.' type: string type: - description: 'Type: The resource type.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string manualPrivateLinkServiceConnections: - description: |- - ManualPrivateLinkServiceConnections: A grouping of information about the connection to the remote resource. Used when - the network admin does not have access to approve connections to the remote resource. items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array name: - description: 'Name: Resource name.' type: string networkInterfaces: - description: 'NetworkInterfaces: An array of references to the network interfaces created for this private endpoint.' items: - description: A network interface in a resource group. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceConnections: - description: 'PrivateLinkServiceConnections: A grouping of information about the connection to the remote resource.' items: - description: PrivateLinkServiceConnection resource. properties: etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string groupIds: - description: 'GroupIds: The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.' items: type: string type: array id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string privateLinkServiceConnectionState: - description: |- - PrivateLinkServiceConnectionState: A collection of read-only information about the state of the connection to the remote - resource. properties: actionsRequired: - description: 'ActionsRequired: A message indicating if changes on the service provider require any updates on the consumer.' - type: string - description: - description: 'Description: The reason for approval/rejection of the connection.' type: string status: - description: 'Status: Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.' type: string type: object privateLinkServiceId: - description: 'PrivateLinkServiceId: The resource id of private link service.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the private link service connection resource.' type: string requestMessage: - description: |- - RequestMessage: A message passed to the owner of the remote resource with this connection request. Restricted to 140 - chars. type: string type: - description: 'Type: The resource type.' type: string type: object type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the private endpoint resource.' type: string subnet: - description: 'Subnet: The ID of the subnet from which the private IP will be allocated.' properties: id: - description: 'Id: Resource ID.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -62783,92 +40991,49 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.PrivateEndpoint - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/privateEndpoint.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateEndpoints/{privateEndpointName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.PrivateEndpoint_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20240301.ApplicationSecurityGroupSpec_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string customNetworkInterfaceName: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -62877,16 +41042,10 @@ spec: type: object ipConfigurations: items: - description: |- - Storage version of v1api20240301.PrivateEndpointIPConfiguration - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupId: type: string @@ -62902,16 +41061,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -62920,42 +41073,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -62963,40 +41100,19 @@ spec: type: object type: array operatorSpec: - description: |- - Storage version of v1api20240301.PrivateEndpointOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63004,28 +41120,16 @@ spec: type: object type: array configMaps: - description: Storage version of v1api20240301.PrivateEndpointOperatorConfigMaps properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object primaryNicPrivateIpAddress: - description: |- - ConfigMapDestination describes the location to store a single configmap value - Note: This is similar to: SecretDestination in secrets.go. - Changes to one may need to be made to the others as well. properties: key: - description: Key is the key in the ConfigMap being referenced type: string name: - description: |- - Name is the name of the Kubernetes ConfigMap to write to. - The ConfigMap will be created in the same namespace as the resource. type: string required: - key @@ -63034,27 +41138,12 @@ spec: type: object secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63065,30 +41154,19 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object groupIds: items: @@ -63097,42 +41175,26 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object privateLinkServiceReference: - description: 'PrivateLinkServiceReference: The resource id of private link service.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object requestMessage: @@ -63140,35 +41202,21 @@ spec: type: object type: array subnet: - description: |- - Storage version of v1api20240301.Subnet_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -63180,29 +41228,17 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.PrivateEndpoint_STATUS - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object applicationSecurityGroups: items: - description: |- - Storage version of v1api20240301.ApplicationSecurityGroup_STATUS_PrivateEndpoint_SubResourceEmbedded - An application security group in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -63210,39 +41246,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -63253,16 +41272,10 @@ spec: type: array customDnsConfigs: items: - description: |- - Storage version of v1api20240301.CustomDnsConfigPropertiesFormat_STATUS - Contains custom Dns resolution configuration from customer. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object fqdn: type: string @@ -63277,16 +41290,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -63297,16 +41304,10 @@ spec: type: string ipConfigurations: items: - description: |- - Storage version of v1api20240301.PrivateEndpointIPConfiguration_STATUS - An IP Configuration of the private endpoint. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -63326,16 +41327,10 @@ spec: type: string manualPrivateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -63348,21 +41343,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -63380,16 +41367,10 @@ spec: type: string networkInterfaces: items: - description: |- - Storage version of v1api20240301.NetworkInterface_STATUS_PrivateEndpoint_SubResourceEmbedded - A network interface in a resource group. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -63397,16 +41378,10 @@ spec: type: array privateLinkServiceConnections: items: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnection_STATUS - PrivateLinkServiceConnection resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object etag: type: string @@ -63419,21 +41394,13 @@ spec: name: type: string privateLinkServiceConnectionState: - description: |- - Storage version of v1api20240301.PrivateLinkServiceConnectionState_STATUS - A collection of information about the state of the connection between service consumer and provider. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actionsRequired: type: string - description: - type: string status: type: string type: object @@ -63450,16 +41417,10 @@ spec: provisioningState: type: string subnet: - description: |- - Storage version of v1api20240301.Subnet_STATUS_PrivateEndpoint_SubResourceEmbedded - Subnet in a virtual network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -63527,74 +41488,33 @@ spec: name: v1api20200601 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json - - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. maxLength: 90 minLength: 1 type: string location: - description: |- - Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be - one of the supported Azure locations. type: string managedBy: - description: 'ManagedBy: The ID of the resource that manages this resource group.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63602,29 +41522,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63635,50 +41539,30 @@ spec: tags: additionalProperties: type: string - description: 'Tags: The tags attached to the resource group.' type: object required: - location type: object status: - description: Resource group information. properties: conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -63688,33 +41572,23 @@ spec: type: object type: array id: - description: 'Id: The ID of the resource group.' type: string location: - description: |- - Location: The location of the resource group. It cannot be changed after the resource group has been created. It must be - one of the supported Azure locations. type: string managedBy: - description: 'ManagedBy: The ID of the resource that manages this resource group.' type: string name: - description: 'Name: The name of the resource group.' type: string properties: - description: 'Properties: The resource group properties.' properties: provisioningState: - description: 'ProvisioningState: The provisioning state.' type: string type: object tags: additionalProperties: type: string - description: 'Tags: The tags attached to the resource group.' type: object type: - description: 'Type: The type of the resource group.' type: string type: object type: object @@ -63738,83 +41612,39 @@ spec: name: v1api20200601storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20200601.ResourceGroup - Generator information: - - Generated from: /resources/resource-manager/Microsoft.Resources/stable/2020-06-01/resources.json - - ARM URI: /subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20200601.ResourceGroup_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string location: type: string managedBy: type: string operatorSpec: - description: |- - Storage version of v1api20200601.ResourceGroupOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63823,27 +41653,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -63859,52 +41674,29 @@ spec: type: object type: object status: - description: |- - Storage version of v1api20200601.ResourceGroup_STATUS - Resource group information. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -63922,16 +41714,10 @@ spec: name: type: string properties: - description: |- - Storage version of v1api20200601.ResourceGroupProperties_STATUS - The resource group properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object provisioningState: type: string @@ -63999,102 +41785,62 @@ spec: name: v1api20201101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string required: - virtualNetworkCommunity type: object ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string @@ -64103,64 +41849,34 @@ spec: - type type: object ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64168,29 +41884,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64199,84 +41899,54 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Virtual Network resource. properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: regionalCommunity: - description: 'RegionalCommunity: The BGP community associated with the region of the virtual network.' type: string virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -64286,74 +41956,52 @@ spec: type: object type: array ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: id: - description: 'Id: Resource ID.' type: string type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the virtual network resource.' type: string resourceGuid: - description: 'ResourceGuid: The resourceGuid property of the Virtual Network resource.' type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -64377,50 +42025,24 @@ spec: name: v1api20201101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20201101.VirtualNetwork - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20201101.VirtualNetwork_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20201101.AddressSpace - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -64428,70 +42050,40 @@ spec: type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: |- - Storage version of v1api20201101.VirtualNetworkBgpCommunities - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object virtualNetworkCommunity: type: string type: object ddosProtectionPlan: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: |- - Storage version of v1api20201101.DhcpOptions - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -64503,16 +42095,10 @@ spec: enableVmProtection: type: boolean extendedLocation: - description: |- - Storage version of v1api20201101.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -64521,35 +42107,21 @@ spec: type: object ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -64557,40 +42129,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20201101.VirtualNetworkOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64599,27 +42150,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -64630,16 +42166,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object tags: @@ -64650,28 +42181,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20201101.VirtualNetwork_STATUS - Virtual Network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20201101.AddressSpace_STATUS - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -64679,16 +42198,10 @@ spec: type: array type: object bgpCommunities: - description: |- - Storage version of v1api20201101.VirtualNetworkBgpCommunities_STATUS - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object regionalCommunity: type: string @@ -64697,39 +42210,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -64739,32 +42235,19 @@ spec: type: object type: array ddosProtectionPlan: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object dhcpOptions: - description: |- - Storage version of v1api20201101.DhcpOptions_STATUS - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -64778,16 +42261,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20201101.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -64798,16 +42275,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -64849,106 +42320,62 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string required: - virtualNetworkCommunity type: object ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean encryption: - description: |- - Encryption: Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted - VNet. properties: enabled: - description: 'Enabled: Indicates if encryption is enabled on the virtual network.' type: boolean enforcement: - description: |- - Enforcement: If the encrypted VNet allows VM that does not support encryption. This field is for future support, - AllowUnencrypted is the only supported value at general availability. enum: - AllowUnencrypted - DropUnencrypted @@ -64957,79 +42384,45 @@ spec: - enabled type: object extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' enum: - EdgeZone type: string type: object flowTimeoutInMinutes: - description: 'FlowTimeoutInMinutes: The FlowTimeout value (in minutes) for the Virtual Network' type: integer ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array location: - description: 'Location: Resource location.' type: string operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65037,29 +42430,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65068,20 +42445,14 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointVNetPolicies: - description: 'PrivateEndpointVNetPolicies: Private Endpoint VNet Policies.' enum: - Basic - Disabled @@ -65089,69 +42460,44 @@ spec: tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object required: - owner type: object status: - description: Virtual Network resource. properties: addressSpace: - description: 'AddressSpace: The AddressSpace that contains an array of IP address ranges that can be used by subnets.' properties: addressPrefixes: - description: 'AddressPrefixes: A list of address blocks reserved for this virtual network in CIDR notation.' items: type: string type: array type: object bgpCommunities: - description: 'BgpCommunities: Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET.' properties: regionalCommunity: - description: 'RegionalCommunity: The BGP community associated with the region of the virtual network.' type: string virtualNetworkCommunity: - description: 'VirtualNetworkCommunity: The BGP community associated with the virtual network.' type: string type: object conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -65161,104 +42507,70 @@ spec: type: object type: array ddosProtectionPlan: - description: 'DdosProtectionPlan: The DDoS protection plan associated with the virtual network.' properties: id: - description: 'Id: Resource ID.' type: string type: object dhcpOptions: - description: 'DhcpOptions: The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network.' properties: dnsServers: - description: 'DnsServers: The list of DNS servers IP addresses.' items: type: string type: array type: object enableDdosProtection: - description: |- - EnableDdosProtection: Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It - requires a DDoS protection plan associated with the resource. type: boolean enableVmProtection: - description: 'EnableVmProtection: Indicates if VM protection is enabled for all the subnets in the virtual network.' type: boolean encryption: - description: |- - Encryption: Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted - VNet. properties: enabled: - description: 'Enabled: Indicates if encryption is enabled on the virtual network.' type: boolean enforcement: - description: |- - Enforcement: If the encrypted VNet allows VM that does not support encryption. This field is for future support, - AllowUnencrypted is the only supported value at general availability. type: string type: object etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string extendedLocation: - description: 'ExtendedLocation: The extended location of the virtual network.' properties: name: - description: 'Name: The name of the extended location.' type: string type: - description: 'Type: The type of the extended location.' type: string type: object flowLogs: - description: 'FlowLogs: A collection of references to flow log resources.' items: - description: A flow log resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array flowTimeoutInMinutes: - description: 'FlowTimeoutInMinutes: The FlowTimeout value (in minutes) for the Virtual Network' type: integer id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this VNET.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array location: - description: 'Location: Resource location.' type: string name: - description: 'Name: Resource name.' type: string privateEndpointVNetPolicies: - description: 'PrivateEndpointVNetPolicies: Private Endpoint VNet Policies.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the virtual network resource.' type: string resourceGuid: - description: 'ResourceGuid: The resourceGuid property of the Virtual Network resource.' type: string tags: additionalProperties: type: string - description: 'Tags: Resource tags.' type: object type: - description: 'Type: Resource type.' type: string type: object type: object @@ -65282,50 +42594,24 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.VirtualNetwork - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.VirtualNetwork_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20240301.AddressSpace - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -65333,70 +42619,40 @@ spec: type: array type: object azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string bgpCommunities: - description: |- - Storage version of v1api20240301.VirtualNetworkBgpCommunities - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object virtualNetworkCommunity: type: string type: object ddosProtectionPlan: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object dhcpOptions: - description: |- - Storage version of v1api20240301.DhcpOptions - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -65408,16 +42664,10 @@ spec: enableVmProtection: type: boolean encryption: - description: |- - Storage version of v1api20240301.VirtualNetworkEncryption - Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -65425,16 +42675,10 @@ spec: type: string type: object extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -65445,35 +42689,21 @@ spec: type: integer ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -65481,40 +42711,19 @@ spec: location: type: string operatorSpec: - description: |- - Storage version of v1api20240301.VirtualNetworkOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65523,27 +42732,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -65554,16 +42748,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a resources.azure.com/ResourceGroup resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointVNetPolicies: @@ -65576,28 +42765,16 @@ spec: - owner type: object status: - description: |- - Storage version of v1api20240301.VirtualNetwork_STATUS - Virtual Network resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressSpace: - description: |- - Storage version of v1api20240301.AddressSpace_STATUS - AddressSpace contains an array of IP address ranges that can be used by subnets of the virtual network. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefixes: items: @@ -65605,16 +42782,10 @@ spec: type: array type: object bgpCommunities: - description: |- - Storage version of v1api20240301.VirtualNetworkBgpCommunities_STATUS - Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object regionalCommunity: type: string @@ -65623,39 +42794,22 @@ spec: type: object conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -65665,32 +42819,19 @@ spec: type: object type: array ddosProtectionPlan: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object dhcpOptions: - description: |- - Storage version of v1api20240301.DhcpOptions_STATUS - DhcpOptions contains an array of DNS servers available to VMs deployed in the virtual network. Standard DHCP option for - a subnet overrides VNET DHCP options. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object dnsServers: items: @@ -65702,16 +42843,10 @@ spec: enableVmProtection: type: boolean encryption: - description: |- - Storage version of v1api20240301.VirtualNetworkEncryption_STATUS - Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object enabled: type: boolean @@ -65721,16 +42856,10 @@ spec: etag: type: string extendedLocation: - description: |- - Storage version of v1api20240301.ExtendedLocation_STATUS - ExtendedLocation complex type. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -65739,16 +42868,10 @@ spec: type: object flowLogs: items: - description: |- - Storage version of v1api20240301.FlowLog_STATUS_SubResourceEmbedded - A flow log resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -65760,16 +42883,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -65848,187 +42965,106 @@ spec: name: v1api20201101 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIpConfigurations: - description: 'ApplicationGatewayIpConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: object type: array ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66036,29 +43072,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66067,93 +43087,63 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' enum: - Disabled - Enabled type: string privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' enum: - Disabled - Enabled type: string routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array @@ -66163,59 +43153,36 @@ spec: status: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIpConfigurations: - description: 'ApplicationGatewayIpConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -66225,171 +43192,118 @@ spec: type: object type: array delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: actions: - description: 'Actions: The actions permitted to the service upon delegation.' items: type: string type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the service delegation resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: - description: 'Type: Resource type.' type: string type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurationProfiles: - description: 'IpConfigurationProfiles: Array of IP configuration profiles which reference this subnet.' items: - description: IP configuration profile child resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurations: - description: |- - IpConfigurations: An array of references to the network interface IP configurations using subnet. This field is not - included if there are more than 2000 entries. items: - description: IP configuration. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: id: - description: 'Id: Resource ID.' type: string type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' type: string privateEndpoints: - description: 'PrivateEndpoints: An array of references to private endpoints.' items: - description: Private endpoint resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the subnet resource.' type: string purpose: - description: |- - Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined - properties. type: string resourceNavigationLinks: - description: 'ResourceNavigationLinks: An array of references to the external resources using subnet.' items: - description: ResourceNavigationLink resource. properties: id: - description: 'Id: Resource navigation link identifier.' type: string type: object type: array routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object serviceAssociationLinks: - description: 'ServiceAssociationLinks: An array of references to services injecting into this subnet.' items: - description: ServiceAssociationLink resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array provisioningState: - description: 'ProvisioningState: The provisioning state of the service endpoint resource.' type: string service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array type: - description: 'Type: Resource type.' type: string type: object type: object @@ -66413,38 +43327,18 @@ spec: name: v1api20201101storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20201101.VirtualNetworksSubnet - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2020-11-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20201101.VirtualNetworksSubnet_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -66454,56 +43348,33 @@ spec: type: array applicationGatewayIpConfigurations: items: - description: |- - Storage version of v1api20201101.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string delegations: items: - description: |- - Storage version of v1api20201101.Delegation - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -66513,140 +43384,77 @@ spec: type: array ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: |- - Storage version of v1api20201101.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: |- - Storage version of v1api20201101.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - Storage version of v1api20201101.VirtualNetworksSubnetOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66655,27 +43463,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -66686,16 +43479,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: @@ -66703,85 +43491,51 @@ spec: privateLinkServiceNetworkPolicies: type: string routeTable: - description: |- - Storage version of v1api20201101.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPropertiesFormat - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: @@ -66795,14 +43549,10 @@ spec: - owner type: object status: - description: Storage version of v1api20201101.VirtualNetworksSubnet_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -66812,16 +43562,10 @@ spec: type: array applicationGatewayIpConfigurations: items: - description: |- - Storage version of v1api20201101.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66829,39 +43573,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -66872,16 +43599,10 @@ spec: type: array delegations: items: - description: |- - Storage version of v1api20201101.Delegation_STATUS - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actions: items: @@ -66907,16 +43628,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66924,16 +43639,10 @@ spec: type: array ipConfigurationProfiles: items: - description: |- - Storage version of v1api20201101.IPConfigurationProfile_STATUS - IP configuration profile child resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66941,16 +43650,10 @@ spec: type: array ipConfigurations: items: - description: |- - Storage version of v1api20201101.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66959,31 +43662,19 @@ spec: name: type: string natGateway: - description: |- - Storage version of v1api20201101.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object networkSecurityGroup: - description: |- - Storage version of v1api20201101.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -66992,16 +43683,10 @@ spec: type: string privateEndpoints: items: - description: |- - Storage version of v1api20201101.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67015,48 +43700,30 @@ spec: type: string resourceNavigationLinks: items: - description: |- - Storage version of v1api20201101.ResourceNavigationLink_STATUS - ResourceNavigationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object type: array routeTable: - description: |- - Storage version of v1api20201101.RouteTable_STATUS_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object serviceAssociationLinks: items: - description: |- - Storage version of v1api20201101.ServiceAssociationLink_STATUS - ServiceAssociationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67064,16 +43731,10 @@ spec: type: array serviceEndpointPolicies: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -67081,16 +43742,10 @@ spec: type: array serviceEndpoints: items: - description: |- - Storage version of v1api20201101.ServiceEndpointPropertiesFormat_STATUS - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: @@ -67126,192 +43781,108 @@ spec: name: v1api20240301 schema: openAPIV3Schema: - description: |- - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIPConfigurations: - description: 'ApplicationGatewayIPConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string defaultOutboundAccess: - description: |- - DefaultOutboundAccess: Set this property to false to disable default outbound connectivity for all VMs in the subnet. - This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. type: boolean delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: object type: array ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - OperatorSpec: The specification for configuring operator behavior. This field is interpreted by the operator and not - passed directly to Azure properties: configMapExpressions: - description: 'ConfigMapExpressions: configures where to place operator written dynamic ConfigMaps (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -67319,29 +43890,13 @@ spec: type: object type: array secretExpressions: - description: 'SecretExpressions: configures where to place operator written dynamic secrets (created with CEL expressions).' items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -67350,20 +43905,14 @@ spec: type: array type: object owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' enum: - Disabled - Enabled @@ -67371,105 +43920,69 @@ spec: - RouteTableEnabled type: string privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' enum: - Disabled - Enabled type: string routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array networkIdentifier: - description: 'NetworkIdentifier: SubResource as network identifier.' properties: reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array sharingScope: - description: |- - SharingScope: Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This - property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. enum: - DelegatedServices - Tenant @@ -67480,59 +43993,36 @@ spec: status: properties: addressPrefix: - description: 'AddressPrefix: The address prefix for the subnet.' type: string addressPrefixes: - description: 'AddressPrefixes: List of address prefixes for the subnet.' items: type: string type: array applicationGatewayIPConfigurations: - description: 'ApplicationGatewayIPConfigurations: Application gateway IP configurations of virtual network resource.' items: - description: IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array conditions: - description: 'Conditions: The observed state of the resource' items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -67542,188 +44032,127 @@ spec: type: object type: array defaultOutboundAccess: - description: |- - DefaultOutboundAccess: Set this property to false to disable default outbound connectivity for all VMs in the subnet. - This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. type: boolean delegations: - description: 'Delegations: An array of references to the delegations on the subnet.' items: - description: Details the service to which the subnet is delegated. properties: actions: - description: 'Actions: The actions permitted to the service upon delegation.' items: type: string type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string name: - description: 'Name: The name of the resource that is unique within a subnet. This name can be used to access the resource.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the service delegation resource.' type: string serviceName: - description: 'ServiceName: The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).' type: string type: - description: 'Type: Resource type.' type: string type: object type: array etag: - description: 'Etag: A unique read-only string that changes whenever the resource is updated.' type: string id: - description: 'Id: Resource ID.' type: string ipAllocations: - description: 'IpAllocations: Array of IpAllocation which reference this subnet.' items: - description: Reference to another subresource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurationProfiles: - description: 'IpConfigurationProfiles: Array of IP configuration profiles which reference this subnet.' items: - description: IP configuration profile child resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array ipConfigurations: - description: |- - IpConfigurations: An array of references to the network interface IP configurations using subnet. This field is not - included if there are more than 2000 entries. items: - description: IP configuration. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array name: - description: 'Name: The name of the resource that is unique within a resource group. This name can be used to access the resource.' type: string natGateway: - description: 'NatGateway: Nat gateway associated with this subnet.' properties: id: - description: 'Id: Resource ID.' type: string type: object networkSecurityGroup: - description: 'NetworkSecurityGroup: The reference to the NetworkSecurityGroup resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object privateEndpointNetworkPolicies: - description: 'PrivateEndpointNetworkPolicies: Enable or Disable apply network policies on private end point in the subnet.' type: string privateEndpoints: - description: 'PrivateEndpoints: An array of references to private endpoints.' items: - description: Private endpoint resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array privateLinkServiceNetworkPolicies: - description: 'PrivateLinkServiceNetworkPolicies: Enable or Disable apply network policies on private link service in the subnet.' type: string provisioningState: - description: 'ProvisioningState: The provisioning state of the subnet resource.' type: string purpose: - description: |- - Purpose: A read-only string identifying the intention of use for this subnet based on delegations and other user-defined - properties. type: string resourceNavigationLinks: - description: 'ResourceNavigationLinks: An array of references to the external resources using subnet.' items: - description: ResourceNavigationLink resource. properties: id: - description: 'Id: Resource navigation link identifier.' type: string type: object type: array routeTable: - description: 'RouteTable: The reference to the RouteTable resource.' properties: id: - description: 'Id: Resource ID.' type: string type: object serviceAssociationLinks: - description: 'ServiceAssociationLinks: An array of references to services injecting into this subnet.' items: - description: ServiceAssociationLink resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpointPolicies: - description: 'ServiceEndpointPolicies: An array of service endpoint policies.' items: - description: Service End point policy resource. properties: id: - description: 'Id: Resource ID.' type: string type: object type: array serviceEndpoints: - description: 'ServiceEndpoints: An array of service endpoints.' items: - description: The service endpoint properties. properties: locations: - description: 'Locations: A list of locations.' items: type: string type: array networkIdentifier: - description: 'NetworkIdentifier: SubResource as network identifier.' properties: id: - description: 'Id: Resource ID.' type: string type: object provisioningState: - description: 'ProvisioningState: The provisioning state of the service endpoint resource.' type: string service: - description: 'Service: The type of the endpoint service.' type: string type: object type: array sharingScope: - description: |- - SharingScope: Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This - property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. type: string type: - description: 'Type: Resource type.' type: string type: object type: object @@ -67747,38 +44176,18 @@ spec: name: v1api20240301storage schema: openAPIV3Schema: - description: |- - Storage version of v1api20240301.VirtualNetworksSubnet - Generator information: - - Generated from: /network/resource-manager/Microsoft.Network/stable/2024-03-01/virtualNetwork.json - - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Storage version of v1api20240301.VirtualNetworksSubnet_Spec properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -67788,58 +44197,35 @@ spec: type: array applicationGatewayIPConfigurations: items: - description: |- - Storage version of v1api20240301.ApplicationGatewayIPConfiguration_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array azureName: - description: |- - AzureName: The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it - doesn't have to be. type: string defaultOutboundAccess: type: boolean delegations: items: - description: |- - Storage version of v1api20240301.Delegation - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object name: type: string @@ -67849,140 +44235,77 @@ spec: type: array ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array natGateway: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object networkSecurityGroup: - description: |- - Storage version of v1api20240301.NetworkSecurityGroupSpec_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object operatorSpec: - description: |- - Storage version of v1api20240301.VirtualNetworksSubnetOperatorSpec - Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object configMapExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -67991,27 +44314,12 @@ spec: type: array secretExpressions: items: - description: |- - DestinationExpression is a CEL expression and a destination to store the result in. The destination may - be a secret or a configmap. The value of the expression is stored at the specified location in - the destination. properties: key: - description: |- - Key is the key in the ConfigMap or Secret being written to. If the CEL expression in Value returns a string - this is required to identify what key to write to. If the CEL expression in Value returns a map[string]string - Key must not be set, instead the keys written will be determined dynamically based on the keys of the resulting - map[string]string. type: string name: - description: |- - Name is the name of the Kubernetes configmap or secret to write to. - The configmap or secret will be created in the same namespace as the resource. type: string value: - description: |- - Value is a CEL expression. The CEL expression may return a string or a map[string]string. For more information - on CEL in ASO see https://azure.github.io/azure-service-operator/guide/expressions/ type: string required: - name @@ -68022,16 +44330,11 @@ spec: originalVersion: type: string owner: - description: |- - Owner: The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also - controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a - reference to a network.azure.com/VirtualNetwork resource properties: armId: pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string name: - description: This is the name of the Kubernetes resource to reference. type: string type: object privateEndpointNetworkPolicies: @@ -68039,120 +44342,72 @@ spec: privateLinkServiceNetworkPolicies: type: string routeTable: - description: |- - Storage version of v1api20240301.RouteTableSpec_VirtualNetworks_Subnet_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object serviceEndpointPolicies: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPolicySpec_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object type: array serviceEndpoints: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPropertiesFormat - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: type: string type: array networkIdentifier: - description: |- - Storage version of v1api20240301.SubResource - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object reference: - description: 'Reference: Resource ID.' properties: armId: - description: |- - ARMID is a string of the form /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - The /resourcegroups/{resourceGroupName} bit is optional as some resources are scoped at the subscription level - ARMID is mutually exclusive with Group, Kind, Namespace and Name. pattern: (?i)(^(/subscriptions/([^/]+)(/resourcegroups/([^/]+))?)?/providers/([^/]+)/([^/]+/[^/]+)(/([^/]+/[^/]+))*$|^/subscriptions/([^/]+)(/resourcegroups/([^/]+))?$) type: string group: - description: Group is the Kubernetes group of the resource. type: string kind: - description: Kind is the Kubernetes kind of the resource. type: string name: - description: Name is the Kubernetes name of the resource. type: string type: object type: object @@ -68166,14 +44421,10 @@ spec: - owner type: object status: - description: Storage version of v1api20240301.VirtualNetworksSubnet_STATUS properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object addressPrefix: type: string @@ -68183,16 +44434,10 @@ spec: type: array applicationGatewayIPConfigurations: items: - description: |- - Storage version of v1api20240301.ApplicationGatewayIPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration of an application gateway. Currently 1 public and 1 private IP configuration is allowed. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68200,39 +44445,22 @@ spec: type: array conditions: items: - description: Condition defines an extension to status (an observation) of a resource properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. format: date-time type: string message: - description: Message is a human readable message indicating details about the transition. This field may be empty. type: string observedGeneration: - description: |- - ObservedGeneration is the .metadata.generation that the condition was set based upon. For instance, if - .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. format: int64 type: integer reason: - description: |- - Reason for the condition's last transition. - Reasons are upper CamelCase (PascalCase) with no spaces. A reason is always provided, this field will not be empty. type: string severity: - description: |- - Severity with which to treat failures of this type of condition. - For conditions which have positive polarity (Status == True is their normal/healthy state), this will be omitted when Status == True - For conditions which have negative polarity (Status == False is their normal/healthy state), this will be omitted when Status == False. - This is omitted in all cases when Status == Unknown type: string status: - description: Status of the condition, one of True, False, or Unknown. type: string type: - description: Type of condition. type: string required: - lastTransitionTime @@ -68245,16 +44473,10 @@ spec: type: boolean delegations: items: - description: |- - Storage version of v1api20240301.Delegation_STATUS - Details the service to which the subnet is delegated. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object actions: items: @@ -68280,16 +44502,10 @@ spec: type: string ipAllocations: items: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68297,16 +44513,10 @@ spec: type: array ipConfigurationProfiles: items: - description: |- - Storage version of v1api20240301.IPConfigurationProfile_STATUS - IP configuration profile child resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68314,16 +44524,10 @@ spec: type: array ipConfigurations: items: - description: |- - Storage version of v1api20240301.IPConfiguration_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - IP configuration. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68332,31 +44536,19 @@ spec: name: type: string natGateway: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object networkSecurityGroup: - description: |- - Storage version of v1api20240301.NetworkSecurityGroup_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - NetworkSecurityGroup resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68365,16 +44557,10 @@ spec: type: string privateEndpoints: items: - description: |- - Storage version of v1api20240301.PrivateEndpoint_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Private endpoint resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68388,48 +44574,30 @@ spec: type: string resourceNavigationLinks: items: - description: |- - Storage version of v1api20240301.ResourceNavigationLink_STATUS - ResourceNavigationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object type: array routeTable: - description: |- - Storage version of v1api20240301.RouteTable_STATUS_SubResourceEmbedded - Route table resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string type: object serviceAssociationLinks: items: - description: |- - Storage version of v1api20240301.ServiceAssociationLink_STATUS - ServiceAssociationLink resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68437,16 +44605,10 @@ spec: type: array serviceEndpointPolicies: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPolicy_STATUS_VirtualNetworks_Subnet_SubResourceEmbedded - Service End point policy resource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string @@ -68454,32 +44616,20 @@ spec: type: array serviceEndpoints: items: - description: |- - Storage version of v1api20240301.ServiceEndpointPropertiesFormat_STATUS - The service endpoint properties. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object locations: items: type: string type: array networkIdentifier: - description: |- - Storage version of v1api20240301.SubResource_STATUS - Reference to another subresource. properties: $propertyBag: additionalProperties: type: string - description: |- - PropertyBag is an unordered set of stashed information that used for properties not directly supported by storage - resources, allowing for full fidelity round trip conversions type: object id: type: string From ca71a3654536a58f55cbb7ab1d14746dd594a7ea Mon Sep 17 00:00:00 2001 From: Matt Boersma Date: Wed, 6 May 2026 09:18:00 -0600 Subject: [PATCH 57/61] Switch default Windows image to windows-2022 --- azure/defaults.go | 4 ++-- azure/services/virtualmachineimages/images.go | 4 ++-- test/e2e/helpers.go | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/azure/defaults.go b/azure/defaults.go index 37cc3d76d52..fa8231e0310 100644 --- a/azure/defaults.go +++ b/azure/defaults.go @@ -54,7 +54,7 @@ const ( // DefaultLinuxGalleryImageName is the default Linux community gallery image definition. DefaultLinuxGalleryImageName = "capi-ubun2-2404" // DefaultWindowsGalleryImageName is the default Windows community gallery image definition. - DefaultWindowsGalleryImageName = "capi-win-2019-containerd" + DefaultWindowsGalleryImageName = "capi-win-2022-containerd" ) const ( @@ -74,7 +74,7 @@ const ( const ( // DefaultWindowsOsAndVersion is the default Windows Server version to use when // generating default images for Windows nodes. - DefaultWindowsOsAndVersion = "windows-2019" + DefaultWindowsOsAndVersion = "windows-2022" ) const ( diff --git a/azure/services/virtualmachineimages/images.go b/azure/services/virtualmachineimages/images.go index 3a6fcac29ff..9f46de479b3 100644 --- a/azure/services/virtualmachineimages/images.go +++ b/azure/services/virtualmachineimages/images.go @@ -19,7 +19,6 @@ package virtualmachineimages import ( "context" "regexp" - "strings" "github.com/blang/semver" "github.com/pkg/errors" @@ -106,7 +105,8 @@ func (s *Service) GetDefaultWindowsImage(ctx context.Context, _, k8sVersion, run if len(match) != 2 { return nil, errors.Errorf("unsupported osAndVersion %s", osAndVersion) } - imageName = strings.Replace(imageName, "2019", match[1], 1) + // Substitute the requested Windows Server year into the default image name. + imageName = regexp.MustCompile(`\d{4}`).ReplaceAllString(imageName, match[1]) } // Use the Azure Marketplace for specific older versions, to keep "clusterctl upgrade" from rolling new machines. diff --git a/test/e2e/helpers.go b/test/e2e/helpers.go index afd50c93fb5..c61c2e95658 100644 --- a/test/e2e/helpers.go +++ b/test/e2e/helpers.go @@ -701,7 +701,7 @@ func resolveKubernetesVersions(config *clusterctl.E2EConfig) { windowsRequired := testWindows == "true" if windowsRequired { - windowsVersions := getVersionsInCommunityGallery(ctx, os.Getenv(AzureLocation), capiCommunityGallery, "capi-win-2019-containerd") + windowsVersions := getVersionsInCommunityGallery(ctx, os.Getenv(AzureLocation), capiCommunityGallery, "capi-win-2022-containerd") for k, v := range linuxVersions { if _, ok := windowsVersions[k]; ok { versions = append(versions, v) From 0a73d234bbb6f240d3ea66f446ca0f610f036c85 Mon Sep 17 00:00:00 2001 From: William Yao Date: Wed, 6 May 2026 12:20:47 -0700 Subject: [PATCH 58/61] Add release 1.24 to the metadata file Signed-off-by: William Yao --- metadata.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/metadata.yaml b/metadata.yaml index bc99e6dc455..c2d5ee34612 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -87,3 +87,6 @@ releaseSeries: - major: 1 minor: 23 contract: v1beta1 + - major: 1 + minor: 24 + contract: v1beta1 From c0e4ecab465c31049614e24d705f79993e2a621f Mon Sep 17 00:00:00 2001 From: William Yao Date: Wed, 6 May 2026 12:28:15 -0700 Subject: [PATCH 59/61] Add release notes for release 1.24 Signed-off-by: William Yao --- CHANGELOG/v1.24.0.md | 137 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 CHANGELOG/v1.24.0.md diff --git a/CHANGELOG/v1.24.0.md b/CHANGELOG/v1.24.0.md new file mode 100644 index 00000000000..cae4fb0caf7 --- /dev/null +++ b/CHANGELOG/v1.24.0.md @@ -0,0 +1,137 @@ +## Changes by Kind + +### Feature + +- Make tilt-up now runs a check that warns when the Azure CLI (az) is not installed or not on PATH, with optional VERBOSE=1 on make check-az-cli to print the detected binary path. ([#6177](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6177), [@vishalanarase](https://github.com/vishalanarase)) + +### Other (Cleanup or Flake) + +- Bump Azure Service Operator from v2.13.0 to v2.16.0 ([#6238](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6238), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0 ([#6251](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6251), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0-rc.0 ([#6182](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6182), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.0-rc.1 ([#6244](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6244), [@mboersma](https://github.com/mboersma)) +- Bump CAPI to v1.13.1 ([#6262](https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/6262), [@mboersma](https://github.com/mboersma)) + +## Dependencies + +### Added +- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/cognitiveservices/armcognitiveservices: [v1.8.0](https://github.com/Azure/azure-sdk-for-go/tree/sdk/resourcemanager/cognitiveservices/armcognitiveservices/v1.8.0) +- github.com/go-openapi/swag/jsonname: [v0.25.1](https://github.com/go-openapi/swag/tree/jsonname/v0.25.1) +- github.com/google/go-github/v82: [v82.0.0](https://github.com/google/go-github/tree/v82.0.0) +- github.com/microsoft/kiota-abstractions-go: [v1.9.3](https://github.com/microsoft/kiota-abstractions-go/tree/v1.9.3) +- github.com/microsoft/kiota-authentication-azure-go: [v1.3.1](https://github.com/microsoft/kiota-authentication-azure-go/tree/v1.3.1) +- github.com/microsoft/kiota-http-go: [v1.5.4](https://github.com/microsoft/kiota-http-go/tree/v1.5.4) +- github.com/microsoft/kiota-serialization-form-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-form-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-json-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-json-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-multipart-go: [v1.1.2](https://github.com/microsoft/kiota-serialization-multipart-go/tree/v1.1.2) +- github.com/microsoft/kiota-serialization-text-go: [v1.1.3](https://github.com/microsoft/kiota-serialization-text-go/tree/v1.1.3) +- github.com/microsoftgraph/msgraph-sdk-go-core: [v1.4.0](https://github.com/microsoftgraph/msgraph-sdk-go-core/tree/v1.4.0) +- github.com/microsoftgraph/msgraph-sdk-go: [v1.87.0](https://github.com/microsoftgraph/msgraph-sdk-go/tree/v1.87.0) +- github.com/moby/moby/api: [v1.54.2](https://github.com/moby/moby/tree/api/v1.54.2) +- github.com/moby/moby/client: [v0.4.1](https://github.com/moby/moby/tree/client/v0.4.1) +- github.com/russross/blackfriday: [v1.6.0](https://github.com/russross/blackfriday/tree/v1.6.0) +- github.com/santhosh-tekuri/jsonschema/v5: [v5.3.1](https://github.com/santhosh-tekuri/jsonschema/tree/v5.3.1) +- github.com/std-uritemplate/std-uritemplate/go/v2: [v2.0.3](https://github.com/std-uritemplate/std-uritemplate/tree/go/v2/v2.0.3) +- pgregory.net/rapid: v1.2.0 + +### Changed +- github.com/Azure/azure-sdk-for-go/sdk/azcore: [v1.21.0 → v1.21.1](https://github.com/Azure/azure-sdk-for-go/compare/sdk/azcore/v1.21.0...sdk/azcore/v1.21.1) +- github.com/Azure/azure-sdk-for-go/sdk/internal: [v1.11.2 → v1.12.0](https://github.com/Azure/azure-sdk-for-go/compare/sdk/internal/v1.11.2...sdk/internal/v1.12.0) +- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/search/armsearch: [v1.3.0 → v1.4.0](https://github.com/Azure/azure-sdk-for-go/compare/sdk/resourcemanager/search/armsearch/v1.3.0...sdk/resourcemanager/search/armsearch/v1.4.0) +- github.com/Azure/azure-service-operator/v2: [v2.13.0 → v2.16.0](https://github.com/Azure/azure-service-operator/compare/v2.13.0...v2.16.0) +- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.30.0 → v1.31.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.30.0...detectors/gcp/v1.31.0) +- github.com/Microsoft/go-winio: [v0.5.0 → v0.6.2](https://github.com/Microsoft/go-winio/compare/v0.5.0...v0.6.2) +- github.com/alecthomas/units: [b94a6e3 → 0f3dac3](https://github.com/alecthomas/units/compare/b94a6e3...0f3dac3) +- github.com/coredns/corefile-migration: [v1.0.30 → v1.0.31](https://github.com/coredns/corefile-migration/compare/v1.0.30...v1.0.31) +- github.com/creack/pty: [v1.1.18 → v1.1.24](https://github.com/creack/pty/compare/v1.1.18...v1.1.24) +- github.com/docker/go-connections: [v0.6.0 → v0.7.0](https://github.com/docker/go-connections/compare/v0.6.0...v0.7.0) +- github.com/docker/go-units: [v0.4.0 → v0.5.0](https://github.com/docker/go-units/compare/v0.4.0...v0.5.0) +- github.com/fatih/color: [v1.18.0 → v1.19.0](https://github.com/fatih/color/compare/v1.18.0...v1.19.0) +- github.com/go-openapi/jsonpointer: [v0.21.2 → v0.22.1](https://github.com/go-openapi/jsonpointer/compare/v0.21.2...v0.22.1) +- github.com/go-sql-driver/mysql: [v1.9.2 → v1.9.3](https://github.com/go-sql-driver/mysql/compare/v1.9.2...v1.9.3) +- github.com/google/go-querystring: [v1.1.0 → v1.2.0](https://github.com/google/go-querystring/compare/v1.1.0...v1.2.0) +- github.com/google/pprof: [294ebfa → 545e8a4](https://github.com/google/pprof/compare/294ebfa...545e8a4) +- github.com/hbollon/go-edlib: [v1.6.0 → v1.7.0](https://github.com/hbollon/go-edlib/compare/v1.6.0...v1.7.0) +- github.com/jackc/pgx/v5: [v5.7.4 → v5.7.6](https://github.com/jackc/pgx/compare/v5.7.4...v5.7.6) +- github.com/jellydator/ttlcache/v3: [v3.3.0 → v3.4.0](https://github.com/jellydator/ttlcache/compare/v3.3.0...v3.4.0) +- github.com/microsoft/go-mssqldb: [v1.8.0 → v1.9.3](https://github.com/microsoft/go-mssqldb/compare/v1.8.0...v1.9.3) +- github.com/moby/spdystream: [v0.5.0 → v0.5.1](https://github.com/moby/spdystream/compare/v0.5.0...v0.5.1) +- github.com/onsi/ginkgo/v2: [v2.28.1 → v2.28.3](https://github.com/onsi/ginkgo/compare/v2.28.1...v2.28.3) +- github.com/onsi/gomega: [v1.39.1 → v1.40.0](https://github.com/onsi/gomega/compare/v1.39.1...v1.40.0) +- github.com/opencontainers/image-spec: [v1.0.2 → v1.1.1](https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.1) +- github.com/prometheus/client_golang: [v1.23.0 → v1.23.2](https://github.com/prometheus/client_golang/compare/v1.23.0...v1.23.2) +- github.com/prometheus/common: [v0.65.0 → v0.67.5](https://github.com/prometheus/common/compare/v0.65.0...v0.67.5) +- github.com/prometheus/otlptranslator: [8549f4a → v1.0.0](https://github.com/prometheus/otlptranslator/compare/8549f4a...v1.0.0) +- github.com/prometheus/procfs: [v0.19.2 → v0.20.1](https://github.com/prometheus/procfs/compare/v0.19.2...v0.20.1) +- github.com/samber/lo: [v1.51.0 → v1.52.0](https://github.com/samber/lo/compare/v1.51.0...v1.52.0) +- github.com/spf13/cobra: [v1.10.1 → v1.10.2](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2) +- github.com/valyala/fastjson: [v1.6.4 → v1.6.10](https://github.com/valyala/fastjson/compare/v1.6.4...v1.6.10) +- go.etcd.io/bbolt: v1.4.2 → v1.4.3 +- go.etcd.io/etcd/api/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/client/pkg/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/client/v3: v3.6.6 → v3.6.10 +- go.etcd.io/etcd/pkg/v3: v3.6.4 → v3.6.5 +- go.etcd.io/etcd/server/v3: v3.6.4 → v3.6.5 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/exporters/prometheus: v0.59.1 → v0.65.0 +- go.opentelemetry.io/otel/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk/metric: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/sdk: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel/trace: v1.41.0 → v1.43.0 +- go.opentelemetry.io/otel: v1.41.0 → v1.43.0 +- go.opentelemetry.io/proto/otlp: v1.9.0 → v1.10.0 +- go.yaml.in/yaml/v2: v2.4.3 → v2.4.4 +- golang.org/x/crypto: v0.48.0 → v0.50.0 +- golang.org/x/mod: v0.33.0 → v0.35.0 +- golang.org/x/net: v0.50.0 → v0.53.0 +- golang.org/x/oauth2: v0.35.0 → v0.36.0 +- golang.org/x/sync: v0.19.0 → v0.20.0 +- golang.org/x/sys: v0.41.0 → v0.43.0 +- golang.org/x/telemetry: bd525da → be6f6cb +- golang.org/x/term: v0.40.0 → v0.42.0 +- golang.org/x/text: v0.34.0 → v0.36.0 +- golang.org/x/time: v0.12.0 → v0.14.0 +- golang.org/x/tools: v0.41.0 → v0.44.0 +- gonum.org/v1/gonum: v0.16.0 → v0.17.0 +- google.golang.org/genproto/googleapis/api: 4cfbd41 → 9d38bb4 +- google.golang.org/genproto/googleapis/rpc: 4cfbd41 → 9d38bb4 +- google.golang.org/grpc: v1.79.1 → v1.80.0 +- gotest.tools/v3: v3.4.0 → v3.5.2 +- k8s.io/api: v0.34.3 → v0.35.4 +- k8s.io/apiextensions-apiserver: v0.34.3 → v0.35.4 +- k8s.io/apimachinery: v0.34.3 → v0.35.4 +- k8s.io/apiserver: v0.34.3 → v0.35.4 +- k8s.io/client-go: v0.34.3 → v0.35.4 +- k8s.io/cluster-bootstrap: v0.34.2 → v0.35.4 +- k8s.io/code-generator: v0.34.3 → v0.35.4 +- k8s.io/component-base: v0.34.3 → v0.35.4 +- k8s.io/gengo/v2: 85fd79d → ec3ebc5 +- k8s.io/kms: v0.34.3 → v0.35.4 +- k8s.io/kube-openapi: d7b6acb → 589584f +- k8s.io/utils: 0af2bda → bc988d5 +- sigs.k8s.io/cluster-api/test: v1.12.4 → v1.13.1 +- sigs.k8s.io/cluster-api: v1.12.4 → v1.13.1 +- sigs.k8s.io/controller-runtime: v0.22.5 → v0.23.3 +- sigs.k8s.io/structured-merge-diff/v6: d9cc664 → v6.4.0 + +### Removed +- github.com/ProtonMail/go-crypto: [7d5c6f0](https://github.com/ProtonMail/go-crypto/tree/7d5c6f0) +- github.com/asaskevich/govalidator: [a9d515a](https://github.com/asaskevich/govalidator/tree/a9d515a) +- github.com/bwesterb/go-ristretto: [v1.2.3](https://github.com/bwesterb/go-ristretto/tree/v1.2.3) +- github.com/cloudflare/circl: [v1.6.3](https://github.com/cloudflare/circl/tree/v1.6.3) +- github.com/containerd/log: [v0.1.0](https://github.com/containerd/log/tree/v0.1.0) +- github.com/docker/docker: [v28.5.2+incompatible](https://github.com/docker/docker/tree/v28.5.2) +- github.com/google/go-github/v53: [v53.2.0](https://github.com/google/go-github/tree/v53.2.0) +- github.com/kisielk/errcheck: [v1.5.0](https://github.com/kisielk/errcheck/tree/v1.5.0) +- github.com/kisielk/gotool: [v1.0.0](https://github.com/kisielk/gotool/tree/v1.0.0) +- github.com/moby/sys/atomicwriter: [v0.1.0](https://github.com/moby/sys/tree/atomicwriter/v0.1.0) +- github.com/moby/sys/sequential: [v0.6.0](https://github.com/moby/sys/tree/sequential/v0.6.0) +- github.com/morikuni/aec: [v1.0.0](https://github.com/morikuni/aec/tree/v1.0.0) +- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp: v1.40.0 +- golang.org/x/xerrors: 5ec99f8 +- google.golang.org/appengine: v1.6.7 + +## Details + +https://github.com/kubernetes-sigs/cluster-api-provider-azure/compare/v1.23.0...v1.24.0 From ad23270db6476e8dd84e4d13ee66929bb30449d4 Mon Sep 17 00:00:00 2001 From: William Yao Date: Wed, 6 May 2026 13:41:52 -0700 Subject: [PATCH 60/61] Update security scanner for release 1.24 Signed-off-by: William Yao --- .github/workflows/weekly-security-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly-security-scan.yaml b/.github/workflows/weekly-security-scan.yaml index 6f129c7a248..d64e020bc83 100644 --- a/.github/workflows/weekly-security-scan.yaml +++ b/.github/workflows/weekly-security-scan.yaml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: false matrix: - branch: [ main, release-1.23, release-1.22 ] + branch: [ main, release-1.24, release-1.23 ] name: Trivy runs-on: ubuntu-latest steps: From ca6f96699892bb75c86380c00a80adc9cb278de2 Mon Sep 17 00:00:00 2001 From: andyzhangx Date: Thu, 7 May 2026 00:49:48 +0000 Subject: [PATCH 61/61] fix: configure service-account-issuer in cluster templates Set service-account-issuer: ${SERVICE_ACCOUNT_ISSUER} in the base cluster template (templates/flavors/base/cluster-template.yaml). This ensures projected service account tokens are signed with a discoverable issuer URL. The default value falls back to the kube-apiserver default (https://kubernetes.default.svc.cluster.local), so existing deployments are unaffected. When SERVICE_ACCOUNT_ISSUER is set (e.g., to a public OIDC endpoint), workload identity flows (CSI drivers, pod identity) will work correctly because AAD can discover and validate the token issuer. /kind bug --- templates/cluster-template-aad.yaml | 1 + templates/cluster-template-apiserver-ilb.yaml | 3 ++- templates/cluster-template-azure-bastion.yaml | 3 ++- templates/cluster-template-azure-cni-v1.yaml | 3 ++- templates/cluster-template-dual-stack.yaml | 3 ++- templates/cluster-template-edgezone.yaml | 3 ++- templates/cluster-template-ephemeral.yaml | 3 ++- templates/cluster-template-flatcar-sysext.yaml | 3 ++- templates/cluster-template-flatcar.yaml | 3 ++- templates/cluster-template-ipv6.yaml | 1 + templates/cluster-template-machinepool-windows.yaml | 3 ++- templates/cluster-template-machinepool.yaml | 3 ++- templates/cluster-template-nvidia-gpu.yaml | 3 ++- templates/cluster-template-private.yaml | 3 ++- templates/cluster-template-windows-apiserver-ilb.yaml | 3 ++- templates/cluster-template-windows.yaml | 3 ++- templates/cluster-template.yaml | 3 ++- templates/flavors/base/cluster-template.yaml | 3 ++- .../ci/cluster-template-prow-apiserver-ilb-custom-images.yaml | 3 ++- templates/test/ci/cluster-template-prow-apiserver-ilb.yaml | 3 ++- templates/test/ci/cluster-template-prow-azl3.yaml | 3 ++- templates/test/ci/cluster-template-prow-azure-cni-v1.yaml | 3 ++- templates/test/ci/cluster-template-prow-ci-version-azl3.yaml | 3 ++- templates/test/ci/cluster-template-prow-ci-version-dra.yaml | 1 + .../test/ci/cluster-template-prow-ci-version-dual-stack.yaml | 3 ++- templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml | 1 + .../test/ci/cluster-template-prow-ci-version-md-and-mp.yaml | 1 + .../test/ci/cluster-template-prow-ci-version-windows.yaml | 1 + templates/test/ci/cluster-template-prow-ci-version.yaml | 3 ++- templates/test/ci/cluster-template-prow-custom-vnet.yaml | 3 ++- .../test/ci/cluster-template-prow-dalec-custom-builds.yaml | 3 ++- templates/test/ci/cluster-template-prow-dual-stack.yaml | 3 ++- templates/test/ci/cluster-template-prow-edgezone.yaml | 3 ++- templates/test/ci/cluster-template-prow-flatcar-sysext.yaml | 3 ++- templates/test/ci/cluster-template-prow-ipv6.yaml | 1 + ...uster-template-prow-machine-pool-ci-version-multi-zone.yaml | 3 ++- .../cluster-template-prow-machine-pool-ci-version-windows.yaml | 3 ++- .../test/ci/cluster-template-prow-machine-pool-ci-version.yaml | 3 ++- templates/test/ci/cluster-template-prow-machine-pool-flex.yaml | 3 ++- .../test/ci/cluster-template-prow-machine-pool-windows.yaml | 3 ++- templates/test/ci/cluster-template-prow-machine-pool.yaml | 3 ++- templates/test/ci/cluster-template-prow-nvidia-gpu.yaml | 3 ++- templates/test/ci/cluster-template-prow-private.yaml | 3 ++- templates/test/ci/cluster-template-prow-spot.yaml | 3 ++- templates/test/ci/cluster-template-prow-windows.yaml | 1 + templates/test/ci/cluster-template-prow.yaml | 3 ++- templates/test/dev/cluster-template-custom-builds-dra.yaml | 1 + .../test/dev/cluster-template-custom-builds-load-dra.yaml | 1 + templates/test/dev/cluster-template-custom-builds-load.yaml | 1 + .../cluster-template-custom-builds-machine-pool-load-dra.yaml | 1 + .../dev/cluster-template-custom-builds-machine-pool-load.yaml | 3 ++- .../cluster-template-custom-builds-machine-pool-windows.yaml | 3 ++- .../test/dev/cluster-template-custom-builds-machine-pool.yaml | 3 ++- templates/test/dev/cluster-template-custom-builds-windows.yaml | 1 + templates/test/dev/cluster-template-custom-builds.yaml | 1 + 55 files changed, 96 insertions(+), 41 deletions(-) diff --git a/templates/cluster-template-aad.yaml b/templates/cluster-template-aad.yaml index 4a2a4ba7bdb..079e7c69f89 100644 --- a/templates/cluster-template-aad.yaml +++ b/templates/cluster-template-aad.yaml @@ -54,6 +54,7 @@ spec: oidc-issuer-url: https://sts.windows.net/${AZURE_TENANT_ID}/ oidc-username-claim: oid oidc-username-prefix: '-' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-apiserver-ilb.yaml b/templates/cluster-template-apiserver-ilb.yaml index 4dbd15c6550..cfc33f273e2 100644 --- a/templates/cluster-template-apiserver-ilb.yaml +++ b/templates/cluster-template-apiserver-ilb.yaml @@ -62,7 +62,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-azure-bastion.yaml b/templates/cluster-template-azure-bastion.yaml index 0da65077598..0473eea2d64 100644 --- a/templates/cluster-template-azure-bastion.yaml +++ b/templates/cluster-template-azure-bastion.yaml @@ -50,7 +50,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-azure-cni-v1.yaml b/templates/cluster-template-azure-cni-v1.yaml index b0d0af42ef8..c63415e3a45 100644 --- a/templates/cluster-template-azure-cni-v1.yaml +++ b/templates/cluster-template-azure-cni-v1.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-dual-stack.yaml b/templates/cluster-template-dual-stack.yaml index 626680c024f..97669e69165 100644 --- a/templates/cluster-template-dual-stack.yaml +++ b/templates/cluster-template-dual-stack.yaml @@ -64,7 +64,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-edgezone.yaml b/templates/cluster-template-edgezone.yaml index ce59da67964..1cb9e566289 100644 --- a/templates/cluster-template-edgezone.yaml +++ b/templates/cluster-template-edgezone.yaml @@ -51,7 +51,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-ephemeral.yaml b/templates/cluster-template-ephemeral.yaml index bef4bb61436..1362f788e0c 100644 --- a/templates/cluster-template-ephemeral.yaml +++ b/templates/cluster-template-ephemeral.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-flatcar-sysext.yaml b/templates/cluster-template-flatcar-sysext.yaml index 07f6ced9178..0e1eb3567e2 100644 --- a/templates/cluster-template-flatcar-sysext.yaml +++ b/templates/cluster-template-flatcar-sysext.yaml @@ -129,7 +129,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-flatcar.yaml b/templates/cluster-template-flatcar.yaml index 367076f0910..9c4c6600a30 100644 --- a/templates/cluster-template-flatcar.yaml +++ b/templates/cluster-template-flatcar.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-ipv6.yaml b/templates/cluster-template-ipv6.yaml index 97c622ec3ec..37fcd6fe9b3 100644 --- a/templates/cluster-template-ipv6.yaml +++ b/templates/cluster-template-ipv6.yaml @@ -62,6 +62,7 @@ spec: apiServer: extraArgs: bind-address: '::' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-machinepool-windows.yaml b/templates/cluster-template-machinepool-windows.yaml index f5e8ce9fe5c..dd6f47cfddf 100644 --- a/templates/cluster-template-machinepool-windows.yaml +++ b/templates/cluster-template-machinepool-windows.yaml @@ -52,7 +52,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-machinepool.yaml b/templates/cluster-template-machinepool.yaml index 97830128b27..9ab218b1396 100644 --- a/templates/cluster-template-machinepool.yaml +++ b/templates/cluster-template-machinepool.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-nvidia-gpu.yaml b/templates/cluster-template-nvidia-gpu.yaml index 21f06495aa8..d02120f1b26 100644 --- a/templates/cluster-template-nvidia-gpu.yaml +++ b/templates/cluster-template-nvidia-gpu.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-private.yaml b/templates/cluster-template-private.yaml index 786b6d52fc2..5aaf3ee57ae 100644 --- a/templates/cluster-template-private.yaml +++ b/templates/cluster-template-private.yaml @@ -57,7 +57,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-windows-apiserver-ilb.yaml b/templates/cluster-template-windows-apiserver-ilb.yaml index 2613ab07ad8..89f051a5347 100644 --- a/templates/cluster-template-windows-apiserver-ilb.yaml +++ b/templates/cluster-template-windows-apiserver-ilb.yaml @@ -66,7 +66,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template-windows.yaml b/templates/cluster-template-windows.yaml index a704c6040af..852e11f605e 100644 --- a/templates/cluster-template-windows.yaml +++ b/templates/cluster-template-windows.yaml @@ -52,7 +52,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml index c6ec37941fc..e9f64b4c8d2 100644 --- a/templates/cluster-template.yaml +++ b/templates/cluster-template.yaml @@ -48,7 +48,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/flavors/base/cluster-template.yaml b/templates/flavors/base/cluster-template.yaml index 13bf2a5aabc..753fccce62e 100644 --- a/templates/flavors/base/cluster-template.yaml +++ b/templates/flavors/base/cluster-template.yaml @@ -58,7 +58,8 @@ spec: clusterConfiguration: apiServer: timeoutForControlPlane: 20m - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} controllerManager: extraArgs: allocate-node-cidrs: "false" diff --git a/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml b/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml index 630287b07ac..4b065dd4eaf 100644 --- a/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml +++ b/templates/test/ci/cluster-template-prow-apiserver-ilb-custom-images.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml index e09b4ce6ec1..6a4074ee823 100644 --- a/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml +++ b/templates/test/ci/cluster-template-prow-apiserver-ilb.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-azl3.yaml b/templates/test/ci/cluster-template-prow-azl3.yaml index 657277af397..546a10bc466 100644 --- a/templates/test/ci/cluster-template-prow-azl3.yaml +++ b/templates/test/ci/cluster-template-prow-azl3.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml b/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml index e326a3b2f55..8049287550a 100644 --- a/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml +++ b/templates/test/ci/cluster-template-prow-azure-cni-v1.yaml @@ -54,7 +54,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml b/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml index 04a8517e750..8677a05e94e 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-azl3.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml index 94e505c90de..67d4d46f7b8 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dra.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dra.yaml @@ -58,6 +58,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml index 41e64f48556..00dd8db59be 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-dual-stack.yaml @@ -70,7 +70,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml index d986830669b..9706c8e459c 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-ipv6.yaml @@ -74,6 +74,7 @@ spec: extraArgs: bind-address: '::' feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml index de1b713e66a..04292078e24 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-md-and-mp.yaml @@ -59,6 +59,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml index 1a251c525c3..4b96a52ce2b 100644 --- a/templates/test/ci/cluster-template-prow-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version-windows.yaml @@ -61,6 +61,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ci-version.yaml b/templates/test/ci/cluster-template-prow-ci-version.yaml index 9e986c27d47..7b38f9ffbe8 100644 --- a/templates/test/ci/cluster-template-prow-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-ci-version.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-custom-vnet.yaml b/templates/test/ci/cluster-template-prow-custom-vnet.yaml index 2c8fca7738b..a52289998de 100644 --- a/templates/test/ci/cluster-template-prow-custom-vnet.yaml +++ b/templates/test/ci/cluster-template-prow-custom-vnet.yaml @@ -62,7 +62,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml index 618e885c186..6e5313c160f 100644 --- a/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml +++ b/templates/test/ci/cluster-template-prow-dalec-custom-builds.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-dual-stack.yaml b/templates/test/ci/cluster-template-prow-dual-stack.yaml index 924c5e996d2..c5ff22dff7c 100644 --- a/templates/test/ci/cluster-template-prow-dual-stack.yaml +++ b/templates/test/ci/cluster-template-prow-dual-stack.yaml @@ -69,7 +69,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-edgezone.yaml b/templates/test/ci/cluster-template-prow-edgezone.yaml index e5257557ee1..0ec49cc56be 100644 --- a/templates/test/ci/cluster-template-prow-edgezone.yaml +++ b/templates/test/ci/cluster-template-prow-edgezone.yaml @@ -58,7 +58,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml index f9814e761b3..a764db0d693 100644 --- a/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml +++ b/templates/test/ci/cluster-template-prow-flatcar-sysext.yaml @@ -258,7 +258,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-ipv6.yaml b/templates/test/ci/cluster-template-prow-ipv6.yaml index afbfd871215..8f05a437d0b 100644 --- a/templates/test/ci/cluster-template-prow-ipv6.yaml +++ b/templates/test/ci/cluster-template-prow-ipv6.yaml @@ -69,6 +69,7 @@ spec: apiServer: extraArgs: bind-address: '::' + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml index a123b7b77b7..a038da074d8 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-multi-zone.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml index 04c83f93058..5a9a9863202 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version-windows.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml index 1f9656aa900..2e1e4cdbe9a 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-ci-version.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml index 17f149e8b47..6b0339f65fc 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-flex.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml index fad34c0b614..a8427086498 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool-windows.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-machine-pool.yaml b/templates/test/ci/cluster-template-prow-machine-pool.yaml index 27d34935e6f..3b9d4ebad18 100644 --- a/templates/test/ci/cluster-template-prow-machine-pool.yaml +++ b/templates/test/ci/cluster-template-prow-machine-pool.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml index 224efd3d617..52e657482de 100644 --- a/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml +++ b/templates/test/ci/cluster-template-prow-nvidia-gpu.yaml @@ -56,7 +56,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-private.yaml b/templates/test/ci/cluster-template-prow-private.yaml index 26910fdcb43..33a58fa267e 100644 --- a/templates/test/ci/cluster-template-prow-private.yaml +++ b/templates/test/ci/cluster-template-prow-private.yaml @@ -86,7 +86,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-spot.yaml b/templates/test/ci/cluster-template-prow-spot.yaml index 32ca12e3ba0..f6976ac39d9 100644 --- a/templates/test/ci/cluster-template-prow-spot.yaml +++ b/templates/test/ci/cluster-template-prow-spot.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow-windows.yaml b/templates/test/ci/cluster-template-prow-windows.yaml index 85d8e32f4bb..a0421bda001 100644 --- a/templates/test/ci/cluster-template-prow-windows.yaml +++ b/templates/test/ci/cluster-template-prow-windows.yaml @@ -60,6 +60,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/ci/cluster-template-prow.yaml b/templates/test/ci/cluster-template-prow.yaml index 80f8824828c..ce770c1b069 100644 --- a/templates/test/ci/cluster-template-prow.yaml +++ b/templates/test/ci/cluster-template-prow.yaml @@ -55,7 +55,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-dra.yaml b/templates/test/dev/cluster-template-custom-builds-dra.yaml index aef108a6965..966ab36723d 100644 --- a/templates/test/dev/cluster-template-custom-builds-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-dra.yaml @@ -60,6 +60,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml index 4f88a9fb6a7..d5a41ef5c9b 100644 --- a/templates/test/dev/cluster-template-custom-builds-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load-dra.yaml @@ -63,6 +63,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-load.yaml b/templates/test/dev/cluster-template-custom-builds-load.yaml index 1db9e30ef56..b473a7c5919 100644 --- a/templates/test/dev/cluster-template-custom-builds-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-load.yaml @@ -63,6 +63,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml index 11e733450a1..173947d0133 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-load-dra.yaml @@ -62,6 +62,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"DynamicResourceAllocation=true,DRADeviceTaints=true,DRADeviceTaintRules=true"} runtime-config: resource.k8s.io/v1beta1=true,resource.k8s.io/v1beta2=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml index 92b7f17d40d..e5180f6fe27 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-load.yaml @@ -59,7 +59,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml index 86d77991eea..41c15da2df1 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool-windows.yaml @@ -61,7 +61,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml index 1145808676e..eeda131aa8d 100644 --- a/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml +++ b/templates/test/dev/cluster-template-custom-builds-machine-pool.yaml @@ -57,7 +57,8 @@ spec: kubeadmConfigSpec: clusterConfiguration: apiServer: - extraArgs: {} + extraArgs: + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds-windows.yaml b/templates/test/dev/cluster-template-custom-builds-windows.yaml index 6e4b0ccb6ac..e28ea93d3f8 100644 --- a/templates/test/dev/cluster-template-custom-builds-windows.yaml +++ b/templates/test/dev/cluster-template-custom-builds-windows.yaml @@ -63,6 +63,7 @@ spec: apiServer: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-""} + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: diff --git a/templates/test/dev/cluster-template-custom-builds.yaml b/templates/test/dev/cluster-template-custom-builds.yaml index a4faa09634e..8d7721f8de8 100644 --- a/templates/test/dev/cluster-template-custom-builds.yaml +++ b/templates/test/dev/cluster-template-custom-builds.yaml @@ -61,6 +61,7 @@ spec: extraArgs: feature-gates: ${K8S_FEATURE_GATES:-"AllAlpha=true,AllBeta=true"} runtime-config: api/all=true + service-account-issuer: ${SERVICE_ACCOUNT_ISSUER:-https://kubernetes.default.svc.cluster.local} timeoutForControlPlane: 20m controllerManager: extraArgs: