containerservice.azure.com/v1api20240901


APIVersion

Value Description
“2024-09-01”

MaintenanceConfiguration

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName}

Used by: MaintenanceConfigurationList.

Property Description Type
metav1.TypeMeta
metav1.ObjectMeta
spec MaintenanceConfiguration_Spec
Optional
status MaintenanceConfiguration_STATUS
Optional

MaintenanceConfiguration_Spec

Property Description Type
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
maintenanceWindow Maintenance window for the maintenance configuration. MaintenanceWindow
Optional
notAllowedTime Time slots on which upgrade is not allowed. TimeSpan[]
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure MaintenanceConfigurationOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
timeInWeek If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. TimeInWeek[]
Optional

MaintenanceConfiguration_STATUS

Property Description Type
conditions The observed state of the resource conditions.Condition[]
Optional
id Resource ID. string
Optional
maintenanceWindow Maintenance window for the maintenance configuration. MaintenanceWindow_STATUS
Optional
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
Optional
notAllowedTime Time slots on which upgrade is not allowed. TimeSpan_STATUS[]
Optional
systemData The system metadata relating to this resource. SystemData_STATUS
Optional
timeInWeek If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. TimeInWeek_STATUS[]
Optional
type Resource type string
Optional

MaintenanceConfigurationList

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName}

Property Description Type
metav1.TypeMeta
metav1.ListMeta
items MaintenanceConfiguration[]
Optional

ManagedCluster

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}

Used by: ManagedClusterList.

Property Description Type
metav1.TypeMeta
metav1.ObjectMeta
spec ManagedCluster_Spec
Optional
status ManagedCluster_STATUS
Optional

ManagedCluster_Spec

Property Description Type
aadProfile The Azure Active Directory configuration. ManagedClusterAADProfile
Optional
addonProfiles The profile of managed cluster add-on. map[string]ManagedClusterAddonProfile
Optional
agentPoolProfiles The agent pool properties. ManagedClusterAgentPoolProfile[]
Optional
apiServerAccessProfile The access profile for managed cluster API server. ManagedClusterAPIServerAccessProfile
Optional
autoScalerProfile Parameters to be applied to the cluster-autoscaler when enabled ManagedClusterProperties_AutoScalerProfile
Optional
autoUpgradeProfile The auto upgrade configuration. ManagedClusterAutoUpgradeProfile
Optional
azureMonitorProfile Azure Monitor addon profiles for monitoring the managed cluster. ManagedClusterAzureMonitorProfile
Optional
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
disableLocalAccounts If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. bool
Optional
diskEncryptionSetReference This is of the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ genruntime.ResourceReference
Optional
dnsPrefix This cannot be updated once the Managed Cluster has been created. string
Optional
enablePodSecurityPolicy (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp. bool
Optional
enableRBAC Whether to enable Kubernetes Role-Based Access Control. bool
Optional
extendedLocation The extended location of the Virtual Machine. ExtendedLocation
Optional
fqdnSubdomain This cannot be updated once the Managed Cluster has been created. string
Optional
httpProxyConfig Configurations for provisioning the cluster with HTTP proxy servers. ManagedClusterHTTPProxyConfig
Optional
identity The identity of the managed cluster, if configured. ManagedClusterIdentity
Optional
identityProfile The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. map[string]UserAssignedIdentity
Optional
ingressProfile Ingress profile for the managed cluster. ManagedClusterIngressProfile
Optional
kubernetesVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. string
Optional
linuxProfile The profile for Linux VMs in the Managed Cluster. ContainerServiceLinuxProfile
Optional
location The geo-location where the resource lives string
Required
metricsProfile Optional cluster metrics configuration. ManagedClusterMetricsProfile
Optional
networkProfile The network configuration profile. ContainerServiceNetworkProfile
Optional
nodeResourceGroup The name of the resource group containing agent pool nodes. string
Optional
nodeResourceGroupProfile Profile of the node resource group configuration. ManagedClusterNodeResourceGroupProfile
Optional
oidcIssuerProfile The OIDC issuer profile of the Managed Cluster. ManagedClusterOIDCIssuerProfile
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure ManagedClusterOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource genruntime.KnownResourceReference
Required
podIdentityProfile See use AAD pod identity for more details on AAD pod identity integration. ManagedClusterPodIdentityProfile
Optional
privateLinkResources Private link resources associated with the cluster. PrivateLinkResource[]
Optional
publicNetworkAccess Allow or deny public network access for AKS ManagedClusterProperties_PublicNetworkAccess
Optional
securityProfile Security profile for the managed cluster. ManagedClusterSecurityProfile
Optional
serviceMeshProfile Service mesh profile for a managed cluster. ServiceMeshProfile
Optional
servicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. ManagedClusterServicePrincipalProfile
Optional
sku The managed cluster SKU. ManagedClusterSKU
Optional
storageProfile Storage profile for the managed cluster. ManagedClusterStorageProfile
Optional
supportPlan The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’. KubernetesSupportPlan
Optional
tags Resource tags. map[string]string
Optional
upgradeSettings Settings for upgrading a cluster. ClusterUpgradeSettings
Optional
windowsProfile The profile for Windows VMs in the Managed Cluster. ManagedClusterWindowsProfile
Optional
workloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. ManagedClusterWorkloadAutoScalerProfile
Optional

ManagedCluster_STATUS

Property Description Type
aadProfile The Azure Active Directory configuration. ManagedClusterAADProfile_STATUS
Optional
addonProfiles The profile of managed cluster add-on. map[string]ManagedClusterAddonProfile_STATUS
Optional
agentPoolProfiles The agent pool properties. ManagedClusterAgentPoolProfile_STATUS[]
Optional
apiServerAccessProfile The access profile for managed cluster API server. ManagedClusterAPIServerAccessProfile_STATUS
Optional
autoScalerProfile Parameters to be applied to the cluster-autoscaler when enabled ManagedClusterProperties_AutoScalerProfile_STATUS
Optional
autoUpgradeProfile The auto upgrade configuration. ManagedClusterAutoUpgradeProfile_STATUS
Optional
azureMonitorProfile Azure Monitor addon profiles for monitoring the managed cluster. ManagedClusterAzureMonitorProfile_STATUS
Optional
azurePortalFQDN The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. string
Optional
conditions The observed state of the resource conditions.Condition[]
Optional
currentKubernetesVersion If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. string
Optional
disableLocalAccounts If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. bool
Optional
diskEncryptionSetID This is of the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ string
Optional
dnsPrefix This cannot be updated once the Managed Cluster has been created. string
Optional
enablePodSecurityPolicy (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp. bool
Optional
enableRBAC Whether to enable Kubernetes Role-Based Access Control. bool
Optional
eTag Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention. string
Optional
extendedLocation The extended location of the Virtual Machine. ExtendedLocation_STATUS
Optional
fqdn The FQDN of the master pool. string
Optional
fqdnSubdomain This cannot be updated once the Managed Cluster has been created. string
Optional
httpProxyConfig Configurations for provisioning the cluster with HTTP proxy servers. ManagedClusterHTTPProxyConfig_STATUS
Optional
id Fully qualified resource ID for the resource. E.g. “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}” string
Optional
identity The identity of the managed cluster, if configured. ManagedClusterIdentity_STATUS
Optional
identityProfile The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. map[string]UserAssignedIdentity_STATUS
Optional
ingressProfile Ingress profile for the managed cluster. ManagedClusterIngressProfile_STATUS
Optional
kubernetesVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. string
Optional
linuxProfile The profile for Linux VMs in the Managed Cluster. ContainerServiceLinuxProfile_STATUS
Optional
location The geo-location where the resource lives string
Optional
maxAgentPools The max number of agent pools for the managed cluster. int
Optional
metricsProfile Optional cluster metrics configuration. ManagedClusterMetricsProfile_STATUS
Optional
name The name of the resource string
Optional
networkProfile The network configuration profile. ContainerServiceNetworkProfile_STATUS
Optional
nodeResourceGroup The name of the resource group containing agent pool nodes. string
Optional
nodeResourceGroupProfile Profile of the node resource group configuration. ManagedClusterNodeResourceGroupProfile_STATUS
Optional
oidcIssuerProfile The OIDC issuer profile of the Managed Cluster. ManagedClusterOIDCIssuerProfile_STATUS
Optional
podIdentityProfile See use AAD pod identity for more details on AAD pod identity integration. ManagedClusterPodIdentityProfile_STATUS
Optional
powerState The Power State of the cluster. PowerState_STATUS
Optional
privateFQDN The FQDN of private cluster. string
Optional
privateLinkResources Private link resources associated with the cluster. PrivateLinkResource_STATUS[]
Optional
provisioningState The current provisioning state. string
Optional
publicNetworkAccess Allow or deny public network access for AKS ManagedClusterProperties_PublicNetworkAccess_STATUS
Optional
resourceUID The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) string
Optional
securityProfile Security profile for the managed cluster. ManagedClusterSecurityProfile_STATUS
Optional
serviceMeshProfile Service mesh profile for a managed cluster. ServiceMeshProfile_STATUS
Optional
servicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. ManagedClusterServicePrincipalProfile_STATUS
Optional
sku The managed cluster SKU. ManagedClusterSKU_STATUS
Optional
storageProfile Storage profile for the managed cluster. ManagedClusterStorageProfile_STATUS
Optional
supportPlan The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’. KubernetesSupportPlan_STATUS
Optional
systemData Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData_STATUS
Optional
tags Resource tags. map[string]string
Optional
type The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” string
Optional
upgradeSettings Settings for upgrading a cluster. ClusterUpgradeSettings_STATUS
Optional
windowsProfile The profile for Windows VMs in the Managed Cluster. ManagedClusterWindowsProfile_STATUS
Optional
workloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. ManagedClusterWorkloadAutoScalerProfile_STATUS
Optional

ManagedClusterList

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}

Property Description Type
metav1.TypeMeta
metav1.ListMeta
items ManagedCluster[]
Optional

ManagedClustersAgentPool

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}

Used by: ManagedClustersAgentPoolList.

Property Description Type
metav1.TypeMeta
metav1.ObjectMeta
spec ManagedClustersAgentPool_Spec
Optional
status ManagedClustersAgentPool_STATUS
Optional

ManagedClustersAgentPool_Spec

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
capacityReservationGroupReference AKS will associate the specified agent pool with the Capacity Reservation Group. genruntime.ResourceReference
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile
Optional
hostGroupReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. genruntime.ResourceReference
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode
Optional
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} genruntime.ResourceReference
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure ManagedClustersAgentPoolOperatorSpec
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB ContainerServiceOSDisk
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU
Optional
osType The operating system type. The default is Linux. OSType
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
podSubnetReference If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
Optional
proximityPlacementGroupReference The ID for Proximity Placement Group. genruntime.ResourceReference
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type The type of Agent Pool. AgentPoolType
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetReference If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime
Optional

ManagedClustersAgentPool_STATUS

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
Optional
conditions The observed state of the resource conditions.Condition[]
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData_STATUS
Optional
currentOrchestratorVersion If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. string
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
eTag Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention. string
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile_STATUS
Optional
hostGroupID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
Optional
id Resource ID. string
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig_STATUS
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType_STATUS
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig_STATUS
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode_STATUS
Optional
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
Optional
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile_STATUS
Optional
nodeImageVersion The version of node image string
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB int
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType_STATUS
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU_STATUS
Optional
osType The operating system type. The default is Linux. OSType_STATUS
Optional
podSubnetID If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState_STATUS
Optional
properties_type The type of Agent Pool. AgentPoolType_STATUS
Optional
provisioningState The current deployment or provisioning state. string
Optional
proximityPlacementGroupID The ID for Proximity Placement Group. string
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode_STATUS
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy_STATUS
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority_STATUS
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile_STATUS
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type Resource type string
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings_STATUS
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetID If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile_STATUS
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime_STATUS
Optional

ManagedClustersAgentPoolList

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}

Property Description Type
metav1.TypeMeta
metav1.ListMeta
items ManagedClustersAgentPool[]
Optional

TrustedAccessRoleBinding

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}

Used by: TrustedAccessRoleBindingList.

Property Description Type
metav1.TypeMeta
metav1.ObjectMeta
spec TrustedAccessRoleBinding_Spec
Optional
status TrustedAccessRoleBinding_STATUS
Optional

TrustedAccessRoleBinding_Spec

Property Description Type
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure TrustedAccessRoleBindingOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
roles A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. string[]
Required
sourceResourceReference The ARM resource ID of source resource that trusted access is configured for. genruntime.ResourceReference
Required

TrustedAccessRoleBinding_STATUS

Property Description Type
conditions The observed state of the resource conditions.Condition[]
Optional
id Fully qualified resource ID for the resource. E.g. “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}” string
Optional
name The name of the resource string
Optional
provisioningState The current provisioning state of trusted access role binding. TrustedAccessRoleBindingProperties_ProvisioningState_STATUS
Optional
roles A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. string[]
Optional
sourceResourceId The ARM resource ID of source resource that trusted access is configured for. string
Optional
systemData Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData_STATUS
Optional
type The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” string
Optional

TrustedAccessRoleBindingList

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}

Property Description Type
metav1.TypeMeta
metav1.ListMeta
items TrustedAccessRoleBinding[]
Optional

MaintenanceConfiguration_Spec

Used by: MaintenanceConfiguration.

Property Description Type
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
maintenanceWindow Maintenance window for the maintenance configuration. MaintenanceWindow
Optional
notAllowedTime Time slots on which upgrade is not allowed. TimeSpan[]
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure MaintenanceConfigurationOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
timeInWeek If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. TimeInWeek[]
Optional

MaintenanceConfiguration_STATUS

Used by: MaintenanceConfiguration.

Property Description Type
conditions The observed state of the resource conditions.Condition[]
Optional
id Resource ID. string
Optional
maintenanceWindow Maintenance window for the maintenance configuration. MaintenanceWindow_STATUS
Optional
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
Optional
notAllowedTime Time slots on which upgrade is not allowed. TimeSpan_STATUS[]
Optional
systemData The system metadata relating to this resource. SystemData_STATUS
Optional
timeInWeek If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. TimeInWeek_STATUS[]
Optional
type Resource type string
Optional

ManagedCluster_Spec

Used by: ManagedCluster.

Property Description Type
aadProfile The Azure Active Directory configuration. ManagedClusterAADProfile
Optional
addonProfiles The profile of managed cluster add-on. map[string]ManagedClusterAddonProfile
Optional
agentPoolProfiles The agent pool properties. ManagedClusterAgentPoolProfile[]
Optional
apiServerAccessProfile The access profile for managed cluster API server. ManagedClusterAPIServerAccessProfile
Optional
autoScalerProfile Parameters to be applied to the cluster-autoscaler when enabled ManagedClusterProperties_AutoScalerProfile
Optional
autoUpgradeProfile The auto upgrade configuration. ManagedClusterAutoUpgradeProfile
Optional
azureMonitorProfile Azure Monitor addon profiles for monitoring the managed cluster. ManagedClusterAzureMonitorProfile
Optional
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
disableLocalAccounts If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. bool
Optional
diskEncryptionSetReference This is of the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ genruntime.ResourceReference
Optional
dnsPrefix This cannot be updated once the Managed Cluster has been created. string
Optional
enablePodSecurityPolicy (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp. bool
Optional
enableRBAC Whether to enable Kubernetes Role-Based Access Control. bool
Optional
extendedLocation The extended location of the Virtual Machine. ExtendedLocation
Optional
fqdnSubdomain This cannot be updated once the Managed Cluster has been created. string
Optional
httpProxyConfig Configurations for provisioning the cluster with HTTP proxy servers. ManagedClusterHTTPProxyConfig
Optional
identity The identity of the managed cluster, if configured. ManagedClusterIdentity
Optional
identityProfile The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. map[string]UserAssignedIdentity
Optional
ingressProfile Ingress profile for the managed cluster. ManagedClusterIngressProfile
Optional
kubernetesVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. string
Optional
linuxProfile The profile for Linux VMs in the Managed Cluster. ContainerServiceLinuxProfile
Optional
location The geo-location where the resource lives string
Required
metricsProfile Optional cluster metrics configuration. ManagedClusterMetricsProfile
Optional
networkProfile The network configuration profile. ContainerServiceNetworkProfile
Optional
nodeResourceGroup The name of the resource group containing agent pool nodes. string
Optional
nodeResourceGroupProfile Profile of the node resource group configuration. ManagedClusterNodeResourceGroupProfile
Optional
oidcIssuerProfile The OIDC issuer profile of the Managed Cluster. ManagedClusterOIDCIssuerProfile
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure ManagedClusterOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource genruntime.KnownResourceReference
Required
podIdentityProfile See use AAD pod identity for more details on AAD pod identity integration. ManagedClusterPodIdentityProfile
Optional
privateLinkResources Private link resources associated with the cluster. PrivateLinkResource[]
Optional
publicNetworkAccess Allow or deny public network access for AKS ManagedClusterProperties_PublicNetworkAccess
Optional
securityProfile Security profile for the managed cluster. ManagedClusterSecurityProfile
Optional
serviceMeshProfile Service mesh profile for a managed cluster. ServiceMeshProfile
Optional
servicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. ManagedClusterServicePrincipalProfile
Optional
sku The managed cluster SKU. ManagedClusterSKU
Optional
storageProfile Storage profile for the managed cluster. ManagedClusterStorageProfile
Optional
supportPlan The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’. KubernetesSupportPlan
Optional
tags Resource tags. map[string]string
Optional
upgradeSettings Settings for upgrading a cluster. ClusterUpgradeSettings
Optional
windowsProfile The profile for Windows VMs in the Managed Cluster. ManagedClusterWindowsProfile
Optional
workloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. ManagedClusterWorkloadAutoScalerProfile
Optional

ManagedCluster_STATUS

Managed cluster.

Used by: ManagedCluster.

Property Description Type
aadProfile The Azure Active Directory configuration. ManagedClusterAADProfile_STATUS
Optional
addonProfiles The profile of managed cluster add-on. map[string]ManagedClusterAddonProfile_STATUS
Optional
agentPoolProfiles The agent pool properties. ManagedClusterAgentPoolProfile_STATUS[]
Optional
apiServerAccessProfile The access profile for managed cluster API server. ManagedClusterAPIServerAccessProfile_STATUS
Optional
autoScalerProfile Parameters to be applied to the cluster-autoscaler when enabled ManagedClusterProperties_AutoScalerProfile_STATUS
Optional
autoUpgradeProfile The auto upgrade configuration. ManagedClusterAutoUpgradeProfile_STATUS
Optional
azureMonitorProfile Azure Monitor addon profiles for monitoring the managed cluster. ManagedClusterAzureMonitorProfile_STATUS
Optional
azurePortalFQDN The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. string
Optional
conditions The observed state of the resource conditions.Condition[]
Optional
currentKubernetesVersion If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. string
Optional
disableLocalAccounts If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. bool
Optional
diskEncryptionSetID This is of the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ string
Optional
dnsPrefix This cannot be updated once the Managed Cluster has been created. string
Optional
enablePodSecurityPolicy (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp. bool
Optional
enableRBAC Whether to enable Kubernetes Role-Based Access Control. bool
Optional
eTag Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention. string
Optional
extendedLocation The extended location of the Virtual Machine. ExtendedLocation_STATUS
Optional
fqdn The FQDN of the master pool. string
Optional
fqdnSubdomain This cannot be updated once the Managed Cluster has been created. string
Optional
httpProxyConfig Configurations for provisioning the cluster with HTTP proxy servers. ManagedClusterHTTPProxyConfig_STATUS
Optional
id Fully qualified resource ID for the resource. E.g. “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}” string
Optional
identity The identity of the managed cluster, if configured. ManagedClusterIdentity_STATUS
Optional
identityProfile The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. map[string]UserAssignedIdentity_STATUS
Optional
ingressProfile Ingress profile for the managed cluster. ManagedClusterIngressProfile_STATUS
Optional
kubernetesVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. string
Optional
linuxProfile The profile for Linux VMs in the Managed Cluster. ContainerServiceLinuxProfile_STATUS
Optional
location The geo-location where the resource lives string
Optional
maxAgentPools The max number of agent pools for the managed cluster. int
Optional
metricsProfile Optional cluster metrics configuration. ManagedClusterMetricsProfile_STATUS
Optional
name The name of the resource string
Optional
networkProfile The network configuration profile. ContainerServiceNetworkProfile_STATUS
Optional
nodeResourceGroup The name of the resource group containing agent pool nodes. string
Optional
nodeResourceGroupProfile Profile of the node resource group configuration. ManagedClusterNodeResourceGroupProfile_STATUS
Optional
oidcIssuerProfile The OIDC issuer profile of the Managed Cluster. ManagedClusterOIDCIssuerProfile_STATUS
Optional
podIdentityProfile See use AAD pod identity for more details on AAD pod identity integration. ManagedClusterPodIdentityProfile_STATUS
Optional
powerState The Power State of the cluster. PowerState_STATUS
Optional
privateFQDN The FQDN of private cluster. string
Optional
privateLinkResources Private link resources associated with the cluster. PrivateLinkResource_STATUS[]
Optional
provisioningState The current provisioning state. string
Optional
publicNetworkAccess Allow or deny public network access for AKS ManagedClusterProperties_PublicNetworkAccess_STATUS
Optional
resourceUID The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) string
Optional
securityProfile Security profile for the managed cluster. ManagedClusterSecurityProfile_STATUS
Optional
serviceMeshProfile Service mesh profile for a managed cluster. ServiceMeshProfile_STATUS
Optional
servicePrincipalProfile Information about a service principal identity for the cluster to use for manipulating Azure APIs. ManagedClusterServicePrincipalProfile_STATUS
Optional
sku The managed cluster SKU. ManagedClusterSKU_STATUS
Optional
storageProfile Storage profile for the managed cluster. ManagedClusterStorageProfile_STATUS
Optional
supportPlan The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’. KubernetesSupportPlan_STATUS
Optional
systemData Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData_STATUS
Optional
tags Resource tags. map[string]string
Optional
type The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” string
Optional
upgradeSettings Settings for upgrading a cluster. ClusterUpgradeSettings_STATUS
Optional
windowsProfile The profile for Windows VMs in the Managed Cluster. ManagedClusterWindowsProfile_STATUS
Optional
workloadAutoScalerProfile Workload Auto-scaler profile for the managed cluster. ManagedClusterWorkloadAutoScalerProfile_STATUS
Optional

ManagedClustersAgentPool_Spec

Used by: ManagedClustersAgentPool.

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
capacityReservationGroupReference AKS will associate the specified agent pool with the Capacity Reservation Group. genruntime.ResourceReference
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile
Optional
hostGroupReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. genruntime.ResourceReference
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode
Optional
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} genruntime.ResourceReference
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure ManagedClustersAgentPoolOperatorSpec
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB ContainerServiceOSDisk
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU
Optional
osType The operating system type. The default is Linux. OSType
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
podSubnetReference If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
Optional
proximityPlacementGroupReference The ID for Proximity Placement Group. genruntime.ResourceReference
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type The type of Agent Pool. AgentPoolType
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetReference If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime
Optional

ManagedClustersAgentPool_STATUS

Used by: ManagedClustersAgentPool.

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
Optional
conditions The observed state of the resource conditions.Condition[]
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData_STATUS
Optional
currentOrchestratorVersion If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. string
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
eTag Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention. string
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile_STATUS
Optional
hostGroupID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
Optional
id Resource ID. string
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig_STATUS
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType_STATUS
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig_STATUS
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode_STATUS
Optional
name The name of the resource that is unique within a resource group. This name can be used to access the resource. string
Optional
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile_STATUS
Optional
nodeImageVersion The version of node image string
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB int
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType_STATUS
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU_STATUS
Optional
osType The operating system type. The default is Linux. OSType_STATUS
Optional
podSubnetID If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState_STATUS
Optional
properties_type The type of Agent Pool. AgentPoolType_STATUS
Optional
provisioningState The current deployment or provisioning state. string
Optional
proximityPlacementGroupID The ID for Proximity Placement Group. string
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode_STATUS
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy_STATUS
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority_STATUS
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile_STATUS
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type Resource type string
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings_STATUS
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetID If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile_STATUS
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime_STATUS
Optional

TrustedAccessRoleBinding_Spec

Used by: TrustedAccessRoleBinding.

Property Description Type
azureName The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. string
Optional
operatorSpec The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure TrustedAccessRoleBindingOperatorSpec
Optional
owner The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource genruntime.KnownResourceReference
Required
roles A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. string[]
Required
sourceResourceReference The ARM resource ID of source resource that trusted access is configured for. genruntime.ResourceReference
Required

TrustedAccessRoleBinding_STATUS

Used by: TrustedAccessRoleBinding.

Property Description Type
conditions The observed state of the resource conditions.Condition[]
Optional
id Fully qualified resource ID for the resource. E.g. “/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​{resourceProviderNamespace}/​{resourceType}/​{resourceName}” string
Optional
name The name of the resource string
Optional
provisioningState The current provisioning state of trusted access role binding. TrustedAccessRoleBindingProperties_ProvisioningState_STATUS
Optional
roles A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. string[]
Optional
sourceResourceId The ARM resource ID of source resource that trusted access is configured for. string
Optional
systemData Azure Resource Manager metadata containing createdBy and modifiedBy information. SystemData_STATUS
Optional
type The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” string
Optional

AgentPoolMode

A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“System”
“User”

AgentPoolMode_STATUS

A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“System”
“User”

AgentPoolNetworkProfile

Network settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
allowedHostPorts The port ranges that are allowed to access. The specified ranges are allowed to overlap. PortRange[]
Optional
applicationSecurityGroupsReferences The IDs of the application security groups which agent pool will associate when created. genruntime.ResourceReference[]
Optional
nodePublicIPTags IPTags of instance-level public IPs. IPTag[]
Optional

AgentPoolNetworkProfile_STATUS

Network settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
allowedHostPorts The port ranges that are allowed to access. The specified ranges are allowed to overlap. PortRange_STATUS[]
Optional
applicationSecurityGroups The IDs of the application security groups which agent pool will associate when created. string[]
Optional
nodePublicIPTags IPTags of instance-level public IPs. IPTag_STATUS[]
Optional

AgentPoolSecurityProfile

The security settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
enableSecureBoot Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
Optional
enableVTPM vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
Optional

AgentPoolSecurityProfile_STATUS

The security settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
enableSecureBoot Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
Optional
enableVTPM vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. bool
Optional

AgentPoolType

The type of Agent Pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“AvailabilitySet”
“VirtualMachineScaleSets”

AgentPoolType_STATUS

The type of Agent Pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“AvailabilitySet”
“VirtualMachineScaleSets”

AgentPoolUpgradeSettings

Settings for upgrading an agentpool

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
drainTimeoutInMinutes The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. int
Optional
maxSurge This can either be set to an integer (e.g. ‘5’) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade string
Optional
nodeSoakDurationInMinutes The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. int
Optional

AgentPoolUpgradeSettings_STATUS

Settings for upgrading an agentpool

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
drainTimeoutInMinutes The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. int
Optional
maxSurge This can either be set to an integer (e.g. ‘5’) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade string
Optional
nodeSoakDurationInMinutes The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. int
Optional

AgentPoolWindowsProfile

The Windows agent pool’s specific profile.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
disableOutboundNat The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. bool
Optional

AgentPoolWindowsProfile_STATUS

The Windows agent pool’s specific profile.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
disableOutboundNat The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. bool
Optional

ClusterUpgradeSettings

Settings for upgrading a cluster.

Used by: ManagedCluster_Spec.

Property Description Type
overrideSettings Settings for overrides. UpgradeOverrideSettings
Optional

ClusterUpgradeSettings_STATUS

Settings for upgrading a cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
overrideSettings Settings for overrides. UpgradeOverrideSettings_STATUS
Optional

ContainerServiceLinuxProfile

Profile for Linux VMs in the container service cluster.

Used by: ManagedCluster_Spec.

Property Description Type
adminUsername The administrator username to use for Linux VMs. string
Required
ssh The SSH configuration for Linux-based VMs running on Azure. ContainerServiceSshConfiguration
Required

ContainerServiceLinuxProfile_STATUS

Profile for Linux VMs in the container service cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
adminUsername The administrator username to use for Linux VMs. string
Optional
ssh The SSH configuration for Linux-based VMs running on Azure. ContainerServiceSshConfiguration_STATUS
Optional

ContainerServiceNetworkProfile

Profile of network configuration.

Used by: ManagedCluster_Spec.

Property Description Type
advancedNetworking Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking. AdvancedNetworking
Optional
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string
Optional
ipFamilies IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. ContainerServiceNetworkProfile_IpFamilies[]
Optional
loadBalancerProfile Profile of the cluster load balancer. ManagedClusterLoadBalancerProfile
Optional
loadBalancerSku The default is ‘standard’. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs. ContainerServiceNetworkProfile_LoadBalancerSku
Optional
natGatewayProfile Profile of the cluster NAT gateway. ManagedClusterNATGatewayProfile
Optional
networkDataplane Network dataplane used in the Kubernetes cluster. ContainerServiceNetworkProfile_NetworkDataplane
Optional
networkMode This cannot be specified if networkPlugin is anything other than ‘azure’. ContainerServiceNetworkProfile_NetworkMode
Optional
networkPlugin Network plugin used for building the Kubernetes network. ContainerServiceNetworkProfile_NetworkPlugin
Optional
networkPluginMode The mode the network plugin should use. ContainerServiceNetworkProfile_NetworkPluginMode
Optional
networkPolicy Network policy used for building the Kubernetes network. ContainerServiceNetworkProfile_NetworkPolicy
Optional
outboundType This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type. ContainerServiceNetworkProfile_OutboundType
Optional
podCidr A CIDR notation IP range from which to assign pod IPs when kubenet is used. string
Optional
podCidrs One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. string[]
Optional
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string
Optional
serviceCidrs One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges. string[]
Optional

ContainerServiceNetworkProfile_STATUS

Profile of network configuration.

Used by: ManagedCluster_STATUS.

Property Description Type
advancedNetworking Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking. AdvancedNetworking_STATUS
Optional
dnsServiceIP An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. string
Optional
ipFamilies IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. ContainerServiceNetworkProfile_IpFamilies_STATUS[]
Optional
loadBalancerProfile Profile of the cluster load balancer. ManagedClusterLoadBalancerProfile_STATUS
Optional
loadBalancerSku The default is ‘standard’. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs. ContainerServiceNetworkProfile_LoadBalancerSku_STATUS
Optional
natGatewayProfile Profile of the cluster NAT gateway. ManagedClusterNATGatewayProfile_STATUS
Optional
networkDataplane Network dataplane used in the Kubernetes cluster. ContainerServiceNetworkProfile_NetworkDataplane_STATUS
Optional
networkMode This cannot be specified if networkPlugin is anything other than ‘azure’. ContainerServiceNetworkProfile_NetworkMode_STATUS
Optional
networkPlugin Network plugin used for building the Kubernetes network. ContainerServiceNetworkProfile_NetworkPlugin_STATUS
Optional
networkPluginMode The mode the network plugin should use. ContainerServiceNetworkProfile_NetworkPluginMode_STATUS
Optional
networkPolicy Network policy used for building the Kubernetes network. ContainerServiceNetworkProfile_NetworkPolicy_STATUS
Optional
outboundType This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type. ContainerServiceNetworkProfile_OutboundType_STATUS
Optional
podCidr A CIDR notation IP range from which to assign pod IPs when kubenet is used. string
Optional
podCidrs One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. string[]
Optional
serviceCidr A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. string
Optional
serviceCidrs One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges. string[]
Optional

ContainerServiceOSDisk

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

CreationData

Data used when creating a target resource from a source resource.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
sourceResourceReference This is the ARM ID of the source object to be used to create the target object. genruntime.ResourceReference
Optional

CreationData_STATUS

Data used when creating a target resource from a source resource.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
sourceResourceId This is the ARM ID of the source object to be used to create the target object. string
Optional

ExtendedLocation

The complex type of the extended location.

Used by: ManagedCluster_Spec.

Property Description Type
name The name of the extended location. string
Optional
type The type of the extended location. ExtendedLocationType
Optional

ExtendedLocation_STATUS

The complex type of the extended location.

Used by: ManagedCluster_STATUS.

Property Description Type
name The name of the extended location. string
Optional
type The type of the extended location. ExtendedLocationType_STATUS
Optional

GPUInstanceProfile

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“MIG1g”
“MIG2g”
“MIG3g”
“MIG4g”
“MIG7g”

GPUInstanceProfile_STATUS

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“MIG1g”
“MIG2g”
“MIG3g”
“MIG4g”
“MIG7g”

KubeletConfig

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
allowedUnsafeSysctls Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). string[]
Optional
containerLogMaxFiles The maximum number of container log files that can be present for a container. The number must be ≥ 2. int
Optional
containerLogMaxSizeMB The maximum size (e.g. 10Mi) of container log file before it is rotated. int
Optional
cpuCfsQuota The default is true. bool
Optional
cpuCfsQuotaPeriod The default is ‘100ms.’ Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: ‘300ms’, ‘2h45m’. Supported units are ’ns’, ‘us’, ‘ms’, ’s’, ’m’, and ‘h’. string
Optional
cpuManagerPolicy The default is ’none’. See Kubernetes CPU management policies for more information. Allowed values are ’none’ and ‘static’. string
Optional
failSwapOn If set to true it will make the Kubelet fail to start if swap is enabled on the node. bool
Optional
imageGcHighThreshold To disable image garbage collection, set to 100. The default is 85% int
Optional
imageGcLowThreshold This cannot be set higher than imageGcHighThreshold. The default is 80% int
Optional
podMaxPids The maximum number of processes per pod. int
Optional
topologyManagerPolicy For more information see Kubernetes Topology Manager. The default is ’none’. Allowed values are ’none’, ‘best-effort’, ‘restricted’, and ‘single-numa-node’. string
Optional

KubeletConfig_STATUS

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
allowedUnsafeSysctls Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). string[]
Optional
containerLogMaxFiles The maximum number of container log files that can be present for a container. The number must be ≥ 2. int
Optional
containerLogMaxSizeMB The maximum size (e.g. 10Mi) of container log file before it is rotated. int
Optional
cpuCfsQuota The default is true. bool
Optional
cpuCfsQuotaPeriod The default is ‘100ms.’ Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: ‘300ms’, ‘2h45m’. Supported units are ’ns’, ‘us’, ‘ms’, ’s’, ’m’, and ‘h’. string
Optional
cpuManagerPolicy The default is ’none’. See Kubernetes CPU management policies for more information. Allowed values are ’none’ and ‘static’. string
Optional
failSwapOn If set to true it will make the Kubelet fail to start if swap is enabled on the node. bool
Optional
imageGcHighThreshold To disable image garbage collection, set to 100. The default is 85% int
Optional
imageGcLowThreshold This cannot be set higher than imageGcHighThreshold. The default is 80% int
Optional
podMaxPids The maximum number of processes per pod. int
Optional
topologyManagerPolicy For more information see Kubernetes Topology Manager. The default is ’none’. Allowed values are ’none’, ‘best-effort’, ‘restricted’, and ‘single-numa-node’. string
Optional

KubeletDiskType

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“OS”
“Temporary”

KubeletDiskType_STATUS

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“OS”
“Temporary”

KubernetesSupportPlan

Different support tiers for AKS managed clusters

Used by: ManagedCluster_Spec.

Value Description
“AKSLongTermSupport”
“KubernetesOfficial”

KubernetesSupportPlan_STATUS

Different support tiers for AKS managed clusters

Used by: ManagedCluster_STATUS.

Value Description
“AKSLongTermSupport”
“KubernetesOfficial”

LinuxOSConfig

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
swapFileSizeMB The size in MB of a swap file that will be created on each node. int
Optional
sysctls Sysctl settings for Linux agent nodes. SysctlConfig
Optional
transparentHugePageDefrag Valid values are ‘always’, ‘defer’, ‘defer+madvise’, ‘madvise’ and ’never’. The default is ‘madvise’. For more information see Transparent Hugepages. string
Optional
transparentHugePageEnabled Valid values are ‘always’, ‘madvise’, and ’never’. The default is ‘always’. For more information see Transparent Hugepages. string
Optional

LinuxOSConfig_STATUS

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
swapFileSizeMB The size in MB of a swap file that will be created on each node. int
Optional
sysctls Sysctl settings for Linux agent nodes. SysctlConfig_STATUS
Optional
transparentHugePageDefrag Valid values are ‘always’, ‘defer’, ‘defer+madvise’, ‘madvise’ and ’never’. The default is ‘madvise’. For more information see Transparent Hugepages. string
Optional
transparentHugePageEnabled Valid values are ‘always’, ‘madvise’, and ’never’. The default is ‘always’. For more information see Transparent Hugepages. string
Optional

MaintenanceConfigurationOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: MaintenanceConfiguration_Spec.

Property Description Type
configMapExpressions configures where to place operator written dynamic ConfigMaps (created with CEL expressions). core.DestinationExpression[]
Optional
secretExpressions configures where to place operator written dynamic secrets (created with CEL expressions). core.DestinationExpression[]
Optional

MaintenanceWindow

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Used by: MaintenanceConfiguration_Spec.

Property Description Type
durationHours Length of maintenance window range from 4 to 24 hours. int
Required
notAllowedDates Date ranges on which upgrade is not allowed. ‘utcOffset’ applies to this field. For example, with ‘utcOffset: +02:00’ and ‘dateSpan’ being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time. DateSpan[]
Optional
schedule Recurrence schedule for the maintenance window. Schedule
Required
startDate The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. string
Optional
startTime The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. ‘utcOffset’ applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’. string
Required
utcOffset The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’. string
Optional

MaintenanceWindow_STATUS

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Used by: MaintenanceConfiguration_STATUS.

Property Description Type
durationHours Length of maintenance window range from 4 to 24 hours. int
Optional
notAllowedDates Date ranges on which upgrade is not allowed. ‘utcOffset’ applies to this field. For example, with ‘utcOffset: +02:00’ and ‘dateSpan’ being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time. DateSpan_STATUS[]
Optional
schedule Recurrence schedule for the maintenance window. Schedule_STATUS
Optional
startDate The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. string
Optional
startTime The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. ‘utcOffset’ applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’. string
Optional
utcOffset The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’. string
Optional

ManagedClusterAADProfile

For more details see managed AAD on AKS.

Used by: ManagedCluster_Spec.

Property Description Type
adminGroupObjectIDs The list of AAD group object IDs that will have admin role of the cluster. string[]
Optional
clientAppID (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
enableAzureRBAC Whether to enable Azure RBAC for Kubernetes authorization. bool
Optional
managed Whether to enable managed AAD. bool
Optional
serverAppID (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
serverAppSecret (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
tenantID The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. string
Optional

ManagedClusterAADProfile_STATUS

For more details see managed AAD on AKS.

Used by: ManagedCluster_STATUS.

Property Description Type
adminGroupObjectIDs The list of AAD group object IDs that will have admin role of the cluster. string[]
Optional
clientAppID (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
enableAzureRBAC Whether to enable Azure RBAC for Kubernetes authorization. bool
Optional
managed Whether to enable managed AAD. bool
Optional
serverAppID (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
serverAppSecret (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy. string
Optional
tenantID The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. string
Optional

ManagedClusterAddonProfile

A Kubernetes add-on profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
config Key-value pairs for configuring an add-on. map[string]string
Optional
enabled Whether the add-on is enabled or not. bool
Required

ManagedClusterAddonProfile_STATUS

A Kubernetes add-on profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
config Key-value pairs for configuring an add-on. map[string]string
Optional
enabled Whether the add-on is enabled or not. bool
Optional
identity Information of user assigned identity used by this add-on. UserAssignedIdentity_STATUS
Optional

ManagedClusterAgentPoolProfile

Profile for the container service agent pool.

Used by: ManagedCluster_Spec.

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
capacityReservationGroupReference AKS will associate the specified agent pool with the Capacity Reservation Group. genruntime.ResourceReference
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile
Optional
hostGroupReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. genruntime.ResourceReference
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode
Optional
name Windows agent pool names must be 6 characters or less. string
Required
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixReference This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} genruntime.ResourceReference
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB ContainerServiceOSDisk
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU
Optional
osType The operating system type. The default is Linux. OSType
Optional
podSubnetReference If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState
Optional
proximityPlacementGroupReference The ID for Proximity Placement Group. genruntime.ResourceReference
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type The type of Agent Pool. AgentPoolType
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetReference If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} genruntime.ResourceReference
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime
Optional

ManagedClusterAgentPoolProfile_STATUS

Profile for the container service agent pool.

Used by: ManagedCluster_STATUS.

Property Description Type
availabilityZones The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’. string[]
Optional
capacityReservationGroupID AKS will associate the specified agent pool with the Capacity Reservation Group. string
Optional
count Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. int
Optional
creationData CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. CreationData_STATUS
Optional
currentOrchestratorVersion If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. string
Optional
enableAutoScaling Whether to enable auto-scaler bool
Optional
enableEncryptionAtHost This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption bool
Optional
enableFIPS See Add a FIPS-enabled node pool for more details. bool
Optional
enableNodePublicIP Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. bool
Optional
enableUltraSSD Whether to enable UltraSSD bool
Optional
eTag Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention. string
Optional
gpuInstanceProfile GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. GPUInstanceProfile_STATUS
Optional
hostGroupID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. string
Optional
kubeletConfig The Kubelet configuration on the agent pool nodes. KubeletConfig_STATUS
Optional
kubeletDiskType Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. KubeletDiskType_STATUS
Optional
linuxOSConfig The OS configuration of Linux agent nodes. LinuxOSConfig_STATUS
Optional
maxCount The maximum number of nodes for auto-scaling int
Optional
maxPods The maximum number of pods that can run on a node. int
Optional
minCount The minimum number of nodes for auto-scaling int
Optional
mode A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools AgentPoolMode_STATUS
Optional
name Windows agent pool names must be 6 characters or less. string
Optional
networkProfile Network-related settings of an agent pool. AgentPoolNetworkProfile_STATUS
Optional
nodeImageVersion The version of node image string
Optional
nodeLabels The node labels to be persisted across all nodes in agent pool. map[string]string
Optional
nodePublicIPPrefixID This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} string
Optional
nodeTaints The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. string[]
Optional
orchestratorVersion Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. string
Optional
osDiskSizeGB int
Optional
osDiskType The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS. OSDiskType_STATUS
Optional
osSKU Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. OSSKU_STATUS
Optional
osType The operating system type. The default is Linux. OSType_STATUS
Optional
podSubnetID If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
powerState When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded PowerState_STATUS
Optional
provisioningState The current deployment or provisioning state. string
Optional
proximityPlacementGroupID The ID for Proximity Placement Group. string
Optional
scaleDownMode This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. ScaleDownMode_STATUS
Optional
scaleSetEvictionPolicy This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’. ScaleSetEvictionPolicy_STATUS
Optional
scaleSetPriority The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’. ScaleSetPriority_STATUS
Optional
securityProfile The security settings of an agent pool. AgentPoolSecurityProfile_STATUS
Optional
spotMaxPrice Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing float64
Optional
tags The tags to be persisted on the agent pool virtual machine scale set. map[string]string
Optional
type The type of Agent Pool. AgentPoolType_STATUS
Optional
upgradeSettings Settings for upgrading the agentpool AgentPoolUpgradeSettings_STATUS
Optional
vmSize VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions string
Optional
vnetSubnetID If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} string
Optional
windowsProfile The Windows agent pool’s specific profile. AgentPoolWindowsProfile_STATUS
Optional
workloadRuntime Determines the type of workload a node can run. WorkloadRuntime_STATUS
Optional

ManagedClusterAPIServerAccessProfile

Access profile for managed cluster API server.

Used by: ManagedCluster_Spec.

Property Description Type
authorizedIPRanges IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges. string[]
Optional
disableRunCommand Whether to disable run command for the cluster or not. bool
Optional
enablePrivateCluster For more details, see Creating a private AKS cluster. bool
Optional
enablePrivateClusterPublicFQDN Whether to create additional public FQDN for private cluster or not. bool
Optional
privateDNSZone The default is System. For more details see configure private DNS zone. Allowed values are ‘system’ and ’none’. string
Optional

ManagedClusterAPIServerAccessProfile_STATUS

Access profile for managed cluster API server.

Used by: ManagedCluster_STATUS.

Property Description Type
authorizedIPRanges IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges. string[]
Optional
disableRunCommand Whether to disable run command for the cluster or not. bool
Optional
enablePrivateCluster For more details, see Creating a private AKS cluster. bool
Optional
enablePrivateClusterPublicFQDN Whether to create additional public FQDN for private cluster or not. bool
Optional
privateDNSZone The default is System. For more details see configure private DNS zone. Allowed values are ‘system’ and ’none’. string
Optional

ManagedClusterAutoUpgradeProfile

Auto upgrade profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
nodeOSUpgradeChannel Manner in which the OS on your nodes is updated. The default is NodeImage. ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel
Optional
upgradeChannel For more information see setting the AKS cluster auto-upgrade channel. ManagedClusterAutoUpgradeProfile_UpgradeChannel
Optional

ManagedClusterAutoUpgradeProfile_STATUS

Auto upgrade profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
nodeOSUpgradeChannel Manner in which the OS on your nodes is updated. The default is NodeImage. ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel_STATUS
Optional
upgradeChannel For more information see setting the AKS cluster auto-upgrade channel. ManagedClusterAutoUpgradeProfile_UpgradeChannel_STATUS
Optional

ManagedClusterAzureMonitorProfile

Azure Monitor addon profiles for monitoring the managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
metrics Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. ManagedClusterAzureMonitorProfileMetrics
Optional

ManagedClusterAzureMonitorProfile_STATUS

Azure Monitor addon profiles for monitoring the managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
metrics Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. ManagedClusterAzureMonitorProfileMetrics_STATUS
Optional

ManagedClusterHTTPProxyConfig

Cluster HTTP proxy configuration.

Used by: ManagedCluster_Spec.

Property Description Type
httpProxy The HTTP proxy server endpoint to use. string
Optional
httpsProxy The HTTPS proxy server endpoint to use. string
Optional
noProxy The endpoints that should not go through proxy. string[]
Optional
trustedCa Alternative CA cert to use for connecting to proxy servers. string
Optional

ManagedClusterHTTPProxyConfig_STATUS

Cluster HTTP proxy configuration.

Used by: ManagedCluster_STATUS.

Property Description Type
httpProxy The HTTP proxy server endpoint to use. string
Optional
httpsProxy The HTTPS proxy server endpoint to use. string
Optional
noProxy The endpoints that should not go through proxy. string[]
Optional
trustedCa Alternative CA cert to use for connecting to proxy servers. string
Optional

ManagedClusterIdentity

Identity for the managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
delegatedResources The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. map[string]DelegatedResource
Optional
type For more information see use managed identities in AKS. ManagedClusterIdentity_Type
Optional
userAssignedIdentities The keys must be ARM resource IDs in the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. UserAssignedIdentityDetails[]
Optional

ManagedClusterIdentity_STATUS

Identity for the managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
delegatedResources The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. map[string]DelegatedResource_STATUS
Optional
principalId The principal id of the system assigned identity which is used by master components. string
Optional
tenantId The tenant id of the system assigned identity which is used by master components. string
Optional
type For more information see use managed identities in AKS. ManagedClusterIdentity_Type_STATUS
Optional
userAssignedIdentities The keys must be ARM resource IDs in the form: ‘/​subscriptions/​{subscriptionId}/​resourceGroups/​{resourceGroupName}/​providers/​Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. map[string]ManagedClusterIdentity_UserAssignedIdentities_STATUS
Optional

ManagedClusterIngressProfile

Ingress profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property Description Type
webAppRouting App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. ManagedClusterIngressProfileWebAppRouting
Optional

ManagedClusterIngressProfile_STATUS

Ingress profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
webAppRouting App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. ManagedClusterIngressProfileWebAppRouting_STATUS
Optional

ManagedClusterMetricsProfile

The metrics profile for the ManagedCluster.

Used by: ManagedCluster_Spec.

Property Description Type
costAnalysis The cost analysis configuration for the cluster ManagedClusterCostAnalysis
Optional

ManagedClusterMetricsProfile_STATUS

The metrics profile for the ManagedCluster.

Used by: ManagedCluster_STATUS.

Property Description Type
costAnalysis The cost analysis configuration for the cluster ManagedClusterCostAnalysis_STATUS
Optional

ManagedClusterNodeResourceGroupProfile

Node resource group lockdown profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
restrictionLevel The restriction level applied to the cluster’s node resource group. If not specified, the default is ‘Unrestricted’ ManagedClusterNodeResourceGroupProfile_RestrictionLevel
Optional

ManagedClusterNodeResourceGroupProfile_STATUS

Node resource group lockdown profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
restrictionLevel The restriction level applied to the cluster’s node resource group. If not specified, the default is ‘Unrestricted’ ManagedClusterNodeResourceGroupProfile_RestrictionLevel_STATUS
Optional

ManagedClusterOIDCIssuerProfile

The OIDC issuer profile of the Managed Cluster.

Used by: ManagedCluster_Spec.

Property Description Type
enabled Whether the OIDC issuer is enabled. bool
Optional

ManagedClusterOIDCIssuerProfile_STATUS

The OIDC issuer profile of the Managed Cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
enabled Whether the OIDC issuer is enabled. bool
Optional
issuerURL The OIDC issuer url of the Managed Cluster. string
Optional

ManagedClusterOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ManagedCluster_Spec.

Property Description Type
configMapExpressions configures where to place operator written dynamic ConfigMaps (created with CEL expressions). core.DestinationExpression[]
Optional
configMaps configures where to place operator written ConfigMaps. ManagedClusterOperatorConfigMaps
Optional
secretExpressions configures where to place operator written dynamic secrets (created with CEL expressions). core.DestinationExpression[]
Optional
secrets configures where to place Azure generated secrets. ManagedClusterOperatorSecrets
Optional

ManagedClusterPodIdentityProfile

See use AAD pod identity for more details on pod identity integration.

Used by: ManagedCluster_Spec.

Property Description Type
allowNetworkPluginKubenet Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information. bool
Optional
enabled Whether the pod identity addon is enabled. bool
Optional
userAssignedIdentities The pod identities to use in the cluster. ManagedClusterPodIdentity[]
Optional
userAssignedIdentityExceptions The pod identity exceptions to allow. ManagedClusterPodIdentityException[]
Optional

ManagedClusterPodIdentityProfile_STATUS

See use AAD pod identity for more details on pod identity integration.

Used by: ManagedCluster_STATUS.

Property Description Type
allowNetworkPluginKubenet Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information. bool
Optional
enabled Whether the pod identity addon is enabled. bool
Optional
userAssignedIdentities The pod identities to use in the cluster. ManagedClusterPodIdentity_STATUS[]
Optional
userAssignedIdentityExceptions The pod identity exceptions to allow. ManagedClusterPodIdentityException_STATUS[]
Optional

ManagedClusterProperties_AutoScalerProfile

Used by: ManagedCluster_Spec.

Property Description Type
balance-similar-node-groups Valid values are ’true’ and ‘false’ string
Optional
daemonset-eviction-for-empty-nodes If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. bool
Optional
daemonset-eviction-for-occupied-nodes If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. bool
Optional
expander If not specified, the default is ‘random’. See expanders for more information. ManagedClusterProperties_AutoScalerProfile_Expander
Optional
ignore-daemonsets-utilization If set to true, the resources used by daemonset will be taken into account when making scaling down decisions. bool
Optional
max-empty-bulk-delete The default is 10. string
Optional
max-graceful-termination-sec The default is 600. string
Optional
max-node-provision-time The default is ‘15m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
max-total-unready-percentage The default is 45. The maximum is 100 and the minimum is 0. string
Optional
new-pod-scale-up-delay For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is ‘0s’. Values must be an integer followed by a unit (’s’ for seconds, ’m’ for minutes, ‘h’ for hours, etc). string
Optional
ok-total-unready-count This must be an integer. The default is 3. string
Optional
scale-down-delay-after-add The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-delay-after-delete The default is the scan-interval. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-delay-after-failure The default is ‘3m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-unneeded-time The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-unready-time The default is ‘20m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-utilization-threshold The default is ‘0.5’. string
Optional
scan-interval The default is ‘10’. Values must be an integer number of seconds. string
Optional
skip-nodes-with-local-storage The default is true. string
Optional
skip-nodes-with-system-pods The default is true. string
Optional

ManagedClusterProperties_AutoScalerProfile_STATUS

Used by: ManagedCluster_STATUS.

Property Description Type
balance-similar-node-groups Valid values are ’true’ and ‘false’ string
Optional
daemonset-eviction-for-empty-nodes If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. bool
Optional
daemonset-eviction-for-occupied-nodes If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. bool
Optional
expander If not specified, the default is ‘random’. See expanders for more information. ManagedClusterProperties_AutoScalerProfile_Expander_STATUS
Optional
ignore-daemonsets-utilization If set to true, the resources used by daemonset will be taken into account when making scaling down decisions. bool
Optional
max-empty-bulk-delete The default is 10. string
Optional
max-graceful-termination-sec The default is 600. string
Optional
max-node-provision-time The default is ‘15m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
max-total-unready-percentage The default is 45. The maximum is 100 and the minimum is 0. string
Optional
new-pod-scale-up-delay For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is ‘0s’. Values must be an integer followed by a unit (’s’ for seconds, ’m’ for minutes, ‘h’ for hours, etc). string
Optional
ok-total-unready-count This must be an integer. The default is 3. string
Optional
scale-down-delay-after-add The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-delay-after-delete The default is the scan-interval. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-delay-after-failure The default is ‘3m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-unneeded-time The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-unready-time The default is ‘20m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported. string
Optional
scale-down-utilization-threshold The default is ‘0.5’. string
Optional
scan-interval The default is ‘10’. Values must be an integer number of seconds. string
Optional
skip-nodes-with-local-storage The default is true. string
Optional
skip-nodes-with-system-pods The default is true. string
Optional

ManagedClusterProperties_PublicNetworkAccess

Used by: ManagedCluster_Spec.

Value Description
“Disabled”
“Enabled”

ManagedClusterProperties_PublicNetworkAccess_STATUS

Used by: ManagedCluster_STATUS.

Value Description
“Disabled”
“Enabled”

ManagedClustersAgentPoolOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ManagedClustersAgentPool_Spec.

Property Description Type
configMapExpressions configures where to place operator written dynamic ConfigMaps (created with CEL expressions). core.DestinationExpression[]
Optional
secretExpressions configures where to place operator written dynamic secrets (created with CEL expressions). core.DestinationExpression[]
Optional

ManagedClusterSecurityProfile

Security profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property Description Type
azureKeyVaultKms Azure Key Vault key management service settings for the security profile. AzureKeyVaultKms
Optional
defender Microsoft Defender settings for the security profile. ManagedClusterSecurityProfileDefender
Optional
imageCleaner Image Cleaner settings for the security profile. ManagedClusterSecurityProfileImageCleaner
Optional
workloadIdentity Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. ManagedClusterSecurityProfileWorkloadIdentity
Optional

ManagedClusterSecurityProfile_STATUS

Security profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
azureKeyVaultKms Azure Key Vault key management service settings for the security profile. AzureKeyVaultKms_STATUS
Optional
defender Microsoft Defender settings for the security profile. ManagedClusterSecurityProfileDefender_STATUS
Optional
imageCleaner Image Cleaner settings for the security profile. ManagedClusterSecurityProfileImageCleaner_STATUS
Optional
workloadIdentity Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. ManagedClusterSecurityProfileWorkloadIdentity_STATUS
Optional

ManagedClusterServicePrincipalProfile

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

Used by: ManagedCluster_Spec.

Property Description Type
clientId The ID for the service principal. string
Required
secret The secret password associated with the service principal in plain text. genruntime.SecretReference
Optional

ManagedClusterServicePrincipalProfile_STATUS

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

Used by: ManagedCluster_STATUS.

Property Description Type
clientId The ID for the service principal. string
Optional

ManagedClusterSKU

The SKU of a Managed Cluster.

Used by: ManagedCluster_Spec.

Property Description Type
name The name of a managed cluster SKU. ManagedClusterSKU_Name
Optional
tier If not specified, the default is ‘Free’. See AKS Pricing Tier for more details. ManagedClusterSKU_Tier
Optional

ManagedClusterSKU_STATUS

The SKU of a Managed Cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
name The name of a managed cluster SKU. ManagedClusterSKU_Name_STATUS
Optional
tier If not specified, the default is ‘Free’. See AKS Pricing Tier for more details. ManagedClusterSKU_Tier_STATUS
Optional

ManagedClusterStorageProfile

Storage profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property Description Type
blobCSIDriver AzureBlob CSI Driver settings for the storage profile. ManagedClusterStorageProfileBlobCSIDriver
Optional
diskCSIDriver AzureDisk CSI Driver settings for the storage profile. ManagedClusterStorageProfileDiskCSIDriver
Optional
fileCSIDriver AzureFile CSI Driver settings for the storage profile. ManagedClusterStorageProfileFileCSIDriver
Optional
snapshotController Snapshot Controller settings for the storage profile. ManagedClusterStorageProfileSnapshotController
Optional

ManagedClusterStorageProfile_STATUS

Storage profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
blobCSIDriver AzureBlob CSI Driver settings for the storage profile. ManagedClusterStorageProfileBlobCSIDriver_STATUS
Optional
diskCSIDriver AzureDisk CSI Driver settings for the storage profile. ManagedClusterStorageProfileDiskCSIDriver_STATUS
Optional
fileCSIDriver AzureFile CSI Driver settings for the storage profile. ManagedClusterStorageProfileFileCSIDriver_STATUS
Optional
snapshotController Snapshot Controller settings for the storage profile. ManagedClusterStorageProfileSnapshotController_STATUS
Optional

ManagedClusterWindowsProfile

Profile for Windows VMs in the managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
adminPassword Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!” genruntime.SecretReference
Optional
adminUsername Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters string
Required
enableCSIProxy For more details on CSI proxy, see the CSI proxy GitHub repo. bool
Optional
gmsaProfile The Windows gMSA Profile in the Managed Cluster. WindowsGmsaProfile
Optional
licenseType The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details. ManagedClusterWindowsProfile_LicenseType
Optional

ManagedClusterWindowsProfile_STATUS

Profile for Windows VMs in the managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
adminUsername Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters string
Optional
enableCSIProxy For more details on CSI proxy, see the CSI proxy GitHub repo. bool
Optional
gmsaProfile The Windows gMSA Profile in the Managed Cluster. WindowsGmsaProfile_STATUS
Optional
licenseType The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details. ManagedClusterWindowsProfile_LicenseType_STATUS
Optional

ManagedClusterWorkloadAutoScalerProfile

Workload Auto-scaler profile for the managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
keda KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. ManagedClusterWorkloadAutoScalerProfileKeda
Optional
verticalPodAutoscaler VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
Optional

ManagedClusterWorkloadAutoScalerProfile_STATUS

Workload Auto-scaler profile for the managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
keda KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. ManagedClusterWorkloadAutoScalerProfileKeda_STATUS
Optional
verticalPodAutoscaler VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS
Optional

OSDiskType

The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“Ephemeral”
“Managed”

OSDiskType_STATUS

The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“Ephemeral”
“Managed”

OSSKU

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“AzureLinux”
“CBLMariner”
“Ubuntu”
“Windows2019”
“Windows2022”

OSSKU_STATUS

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“AzureLinux”
“CBLMariner”
“Ubuntu”
“Windows2019”
“Windows2022”

OSType

The operating system type. The default is Linux.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“Linux”
“Windows”

OSType_STATUS

The operating system type. The default is Linux.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“Linux”
“Windows”

PowerState

Describes the Power State of the cluster

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property Description Type
code Tells whether the cluster is Running or Stopped PowerState_Code
Optional

PowerState_STATUS

Describes the Power State of the cluster

Used by: ManagedCluster_STATUS, ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property Description Type
code Tells whether the cluster is Running or Stopped PowerState_Code_STATUS
Optional

PrivateLinkResource

A private link resource

Used by: ManagedCluster_Spec.

Property Description Type
groupId The group ID of the resource. string
Optional
name The name of the private link resource. string
Optional
reference The ID of the private link resource. genruntime.ResourceReference
Optional
requiredMembers The RequiredMembers of the resource string[]
Optional
type The resource type. string
Optional

PrivateLinkResource_STATUS

A private link resource

Used by: ManagedCluster_STATUS.

Property Description Type
groupId The group ID of the resource. string
Optional
id The ID of the private link resource. string
Optional
name The name of the private link resource. string
Optional
privateLinkServiceID The private link service ID of the resource, this field is exposed only to NRP internally. string
Optional
requiredMembers The RequiredMembers of the resource string[]
Optional
type The resource type. string
Optional

ScaleDownMode

Describes how VMs are added to or removed from Agent Pools. See billing states.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“Deallocate”
“Delete”

ScaleDownMode_STATUS

Describes how VMs are added to or removed from Agent Pools. See billing states.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“Deallocate”
“Delete”

ScaleSetEvictionPolicy

The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“Deallocate”
“Delete”

ScaleSetEvictionPolicy_STATUS

The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“Deallocate”
“Delete”

ScaleSetPriority

The Virtual Machine Scale Set priority.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“Regular”
“Spot”

ScaleSetPriority_STATUS

The Virtual Machine Scale Set priority.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“Regular”
“Spot”

ServiceMeshProfile

Service mesh profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property Description Type
istio Istio service mesh configuration. IstioServiceMesh
Optional
mode Mode of the service mesh. ServiceMeshProfile_Mode
Required

ServiceMeshProfile_STATUS

Service mesh profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property Description Type
istio Istio service mesh configuration. IstioServiceMesh_STATUS
Optional
mode Mode of the service mesh. ServiceMeshProfile_Mode_STATUS
Optional

SystemData_STATUS

Metadata pertaining to creation and last modification of the resource.

Used by: MaintenanceConfiguration_STATUS, ManagedCluster_STATUS, and TrustedAccessRoleBinding_STATUS.

Property Description Type
createdAt The timestamp of resource creation (UTC). string
Optional
createdBy The identity that created the resource. string
Optional
createdByType The type of identity that created the resource. SystemData_CreatedByType_STATUS
Optional
lastModifiedAt The timestamp of resource last modification (UTC) string
Optional
lastModifiedBy The identity that last modified the resource. string
Optional
lastModifiedByType The type of identity that last modified the resource. SystemData_LastModifiedByType_STATUS
Optional

TimeInWeek

Time in a week.

Used by: MaintenanceConfiguration_Spec.

Property Description Type
day The day of the week. WeekDay
Optional
hourSlots Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range. HourInDay[]
Optional

TimeInWeek_STATUS

Time in a week.

Used by: MaintenanceConfiguration_STATUS.

Property Description Type
day The day of the week. WeekDay_STATUS
Optional
hourSlots Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range. int[]
Optional

TimeSpan

For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

Used by: MaintenanceConfiguration_Spec.

Property Description Type
end The end of a time span string
Optional
start The start of a time span string
Optional

TimeSpan_STATUS

For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

Used by: MaintenanceConfiguration_STATUS.

Property Description Type
end The end of a time span string
Optional
start The start of a time span string
Optional

TrustedAccessRoleBindingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: TrustedAccessRoleBinding_Spec.

Property Description Type
configMapExpressions configures where to place operator written dynamic ConfigMaps (created with CEL expressions). core.DestinationExpression[]
Optional
secretExpressions configures where to place operator written dynamic secrets (created with CEL expressions). core.DestinationExpression[]
Optional

TrustedAccessRoleBindingProperties_ProvisioningState_STATUS

Used by: TrustedAccessRoleBinding_STATUS.

Value Description
“Canceled”
“Deleting”
“Failed”
“Succeeded”
“Updating”

UserAssignedIdentity

Details about a user assigned identity.

Used by: ManagedCluster_Spec, and ManagedClusterPodIdentity.

Property Description Type
clientId The client ID of the user assigned identity. string
Optional
objectId The object ID of the user assigned identity. string
Optional
resourceReference The resource ID of the user assigned identity. genruntime.ResourceReference
Optional

UserAssignedIdentity_STATUS

Details about a user assigned identity.

Used by: ManagedCluster_STATUS, ManagedClusterAddonProfile_STATUS, ManagedClusterIngressProfileWebAppRouting_STATUS, and ManagedClusterPodIdentity_STATUS.

Property Description Type
clientId The client ID of the user assigned identity. string
Optional
objectId The object ID of the user assigned identity. string
Optional
resourceId The resource ID of the user assigned identity. string
Optional

WorkloadRuntime

Determines the type of workload a node can run.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value Description
“OCIContainer”
“WasmWasi”

WorkloadRuntime_STATUS

Determines the type of workload a node can run.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value Description
“OCIContainer”
“WasmWasi”

AdvancedNetworking

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Used by: ContainerServiceNetworkProfile.

Property Description Type
enabled Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false. bool
Optional
observability Observability profile to enable advanced network metrics and flow logs with historical contexts. AdvancedNetworkingObservability
Optional
security Security profile to enable security features on cilium based cluster. AdvancedNetworkingSecurity
Optional

AdvancedNetworking_STATUS

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Used by: ContainerServiceNetworkProfile_STATUS.

Property Description Type
enabled Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false. bool
Optional
observability Observability profile to enable advanced network metrics and flow logs with historical contexts. AdvancedNetworkingObservability_STATUS
Optional
security Security profile to enable security features on cilium based cluster. AdvancedNetworkingSecurity_STATUS
Optional

AzureKeyVaultKms

Azure Key Vault key management service settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property Description Type
enabled Whether to enable Azure Key Vault key management service. The default is false. bool
Optional
keyId Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty. string
Optional
keyVaultNetworkAccess Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. AzureKeyVaultKms_KeyVaultNetworkAccess
Optional
keyVaultResourceReference Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty. genruntime.ResourceReference
Optional

AzureKeyVaultKms_STATUS

Azure Key Vault key management service settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property Description Type
enabled Whether to enable Azure Key Vault key management service. The default is false. bool
Optional
keyId Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty. string
Optional
keyVaultNetworkAccess Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS
Optional
keyVaultResourceId Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty. string
Optional

ContainerServiceNetworkProfile_IpFamilies

Used by: ContainerServiceNetworkProfile.

Value Description
“IPv4”
“IPv6”

ContainerServiceNetworkProfile_IpFamilies_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“IPv4”
“IPv6”

ContainerServiceNetworkProfile_LoadBalancerSku

Used by: ContainerServiceNetworkProfile.

Value Description
“basic”
“standard”

ContainerServiceNetworkProfile_LoadBalancerSku_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“basic”
“standard”

ContainerServiceNetworkProfile_NetworkDataplane

Used by: ContainerServiceNetworkProfile.

Value Description
“azure”
“cilium”

ContainerServiceNetworkProfile_NetworkDataplane_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“azure”
“cilium”

ContainerServiceNetworkProfile_NetworkMode

Used by: ContainerServiceNetworkProfile.

Value Description
“bridge”
“transparent”

ContainerServiceNetworkProfile_NetworkMode_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“bridge”
“transparent”

ContainerServiceNetworkProfile_NetworkPlugin

Used by: ContainerServiceNetworkProfile.

Value Description
“azure”
“kubenet”
“none”

ContainerServiceNetworkProfile_NetworkPlugin_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“azure”
“kubenet”
“none”

ContainerServiceNetworkProfile_NetworkPluginMode

Used by: ContainerServiceNetworkProfile.

Value Description
“overlay”

ContainerServiceNetworkProfile_NetworkPluginMode_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“overlay”

ContainerServiceNetworkProfile_NetworkPolicy

Used by: ContainerServiceNetworkProfile.

Value Description
“azure”
“calico”
“cilium”
“none”

ContainerServiceNetworkProfile_NetworkPolicy_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“azure”
“calico”
“cilium”
“none”

ContainerServiceNetworkProfile_OutboundType

Used by: ContainerServiceNetworkProfile.

Value Description
“loadBalancer”
“managedNATGateway”
“userAssignedNATGateway”
“userDefinedRouting”

ContainerServiceNetworkProfile_OutboundType_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value Description
“loadBalancer”
“managedNATGateway”
“userAssignedNATGateway”
“userDefinedRouting”

ContainerServiceSshConfiguration

SSH configuration for Linux-based VMs running on Azure.

Used by: ContainerServiceLinuxProfile.

Property Description Type
publicKeys The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified. ContainerServiceSshPublicKey[]
Required

ContainerServiceSshConfiguration_STATUS

SSH configuration for Linux-based VMs running on Azure.

Used by: ContainerServiceLinuxProfile_STATUS.

Property Description Type
publicKeys The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified. ContainerServiceSshPublicKey_STATUS[]
Optional

DateSpan

For example, between ‘2022-12-23’ and ‘2023-01-05’.

Used by: MaintenanceWindow.

Property Description Type
end The end date of the date span. string
Required
start The start date of the date span. string
Required

DateSpan_STATUS

For example, between ‘2022-12-23’ and ‘2023-01-05’.

Used by: MaintenanceWindow_STATUS.

Property Description Type
end The end date of the date span. string
Optional
start The start date of the date span. string
Optional

DelegatedResource

Delegated resource properties - internal use only.

Used by: ManagedClusterIdentity.

Property Description Type
location The source resource location - internal use only. string
Optional
referralResource The delegation id of the referral delegation (optional) - internal use only. string
Optional
resourceReference The ARM resource id of the delegated resource - internal use only. genruntime.ResourceReference
Optional
tenantId The tenant id of the delegated resource - internal use only. string
Optional

DelegatedResource_STATUS

Delegated resource properties - internal use only.

Used by: ManagedClusterIdentity_STATUS.

Property Description Type
location The source resource location - internal use only. string
Optional
referralResource The delegation id of the referral delegation (optional) - internal use only. string
Optional
resourceId The ARM resource id of the delegated resource - internal use only. string
Optional
tenantId The tenant id of the delegated resource - internal use only. string
Optional

ExtendedLocationType

The type of extendedLocation.

Used by: ExtendedLocation.

Value Description
“EdgeZone”

ExtendedLocationType_STATUS

The type of extendedLocation.

Used by: ExtendedLocation_STATUS.

Value Description
“EdgeZone”

HourInDay

Used by: TimeInWeek.

IPTag

Contains the IPTag associated with the object.

Used by: AgentPoolNetworkProfile.

Property Description Type
ipTagType The IP tag type. Example: RoutingPreference. string
Optional
tag The value of the IP tag associated with the public IP. Example: Internet. string
Optional

IPTag_STATUS

Contains the IPTag associated with the object.

Used by: AgentPoolNetworkProfile_STATUS.

Property Description Type
ipTagType The IP tag type. Example: RoutingPreference. string
Optional
tag The value of the IP tag associated with the public IP. Example: Internet. string
Optional

IstioServiceMesh

Istio service mesh configuration.

Used by: ServiceMeshProfile.

Property Description Type
certificateAuthority Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca IstioCertificateAuthority
Optional
components Istio components configuration. IstioComponents
Optional
revisions The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade string[]
Optional

IstioServiceMesh_STATUS

Istio service mesh configuration.

Used by: ServiceMeshProfile_STATUS.

Property Description Type
certificateAuthority Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca IstioCertificateAuthority_STATUS
Optional
components Istio components configuration. IstioComponents_STATUS
Optional
revisions The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade string[]
Optional

ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel

Used by: ManagedClusterAutoUpgradeProfile.

Value Description
“NodeImage”
“None”
“SecurityPatch”
“Unmanaged”

ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel_STATUS

Used by: ManagedClusterAutoUpgradeProfile_STATUS.

Value Description
“NodeImage”
“None”
“SecurityPatch”
“Unmanaged”

ManagedClusterAutoUpgradeProfile_UpgradeChannel

Used by: ManagedClusterAutoUpgradeProfile.

Value Description
“node-image”
“none”
“patch”
“rapid”
“stable”

ManagedClusterAutoUpgradeProfile_UpgradeChannel_STATUS

Used by: ManagedClusterAutoUpgradeProfile_STATUS.

Value Description
“node-image”
“none”
“patch”
“rapid”
“stable”

ManagedClusterAzureMonitorProfileMetrics

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

Used by: ManagedClusterAzureMonitorProfile.

Property Description Type
enabled Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. bool
Required
kubeStateMetrics Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. ManagedClusterAzureMonitorProfileKubeStateMetrics
Optional

ManagedClusterAzureMonitorProfileMetrics_STATUS

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

Used by: ManagedClusterAzureMonitorProfile_STATUS.

Property Description Type
enabled Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. bool
Optional
kubeStateMetrics Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS
Optional

ManagedClusterCostAnalysis

The cost analysis configuration for the cluster

Used by: ManagedClusterMetricsProfile.

Property Description Type
enabled The Managed Cluster sku.tier must be set to ‘Standard’ or ‘Premium’ to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. bool
Optional

ManagedClusterCostAnalysis_STATUS

The cost analysis configuration for the cluster

Used by: ManagedClusterMetricsProfile_STATUS.

Property Description Type
enabled The Managed Cluster sku.tier must be set to ‘Standard’ or ‘Premium’ to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. bool
Optional

ManagedClusterIdentity_Type

Used by: ManagedClusterIdentity.

Value Description
“None”
“SystemAssigned”
“UserAssigned”

ManagedClusterIdentity_Type_STATUS

Used by: ManagedClusterIdentity_STATUS.

Value Description
“None”
“SystemAssigned”
“UserAssigned”

ManagedClusterIdentity_UserAssignedIdentities_STATUS

Used by: ManagedClusterIdentity_STATUS.

Property Description Type
clientId The client id of user assigned identity. string
Optional
principalId The principal id of user assigned identity. string
Optional

ManagedClusterIngressProfileWebAppRouting

Application Routing add-on settings for the ingress profile.

Used by: ManagedClusterIngressProfile.

Property Description Type
dnsZoneResourceReferences Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. genruntime.ResourceReference[]
Optional
enabled Whether to enable the Application Routing add-on. bool
Optional

ManagedClusterIngressProfileWebAppRouting_STATUS

Application Routing add-on settings for the ingress profile.

Used by: ManagedClusterIngressProfile_STATUS.

Property Description Type
dnsZoneResourceIds Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. string[]
Optional
enabled Whether to enable the Application Routing add-on. bool
Optional
identity Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See this overview of the add-on for more instructions. UserAssignedIdentity_STATUS
Optional

ManagedClusterLoadBalancerProfile

Profile of the managed cluster load balancer.

Used by: ContainerServiceNetworkProfile.

Property Description Type
allocatedOutboundPorts The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. int
Optional
backendPoolType The type of the managed inbound Load Balancer BackendPool. ManagedClusterLoadBalancerProfile_BackendPoolType
Optional
effectiveOutboundIPs The effective outbound IP resources of the cluster load balancer. ResourceReference[]
Optional
enableMultipleStandardLoadBalancers Enable multiple standard load balancers per AKS cluster or not. bool
Optional
idleTimeoutInMinutes Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. int
Optional
managedOutboundIPs Desired managed outbound IPs for the cluster load balancer. ManagedClusterLoadBalancerProfile_ManagedOutboundIPs
Optional
outboundIPPrefixes Desired outbound IP Prefix resources for the cluster load balancer. ManagedClusterLoadBalancerProfile_OutboundIPPrefixes
Optional
outboundIPs Desired outbound IP resources for the cluster load balancer. ManagedClusterLoadBalancerProfile_OutboundIPs
Optional

ManagedClusterLoadBalancerProfile_STATUS

Profile of the managed cluster load balancer.

Used by: ContainerServiceNetworkProfile_STATUS.

Property Description Type
allocatedOutboundPorts The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. int
Optional
backendPoolType The type of the managed inbound Load Balancer BackendPool. ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS
Optional
effectiveOutboundIPs The effective outbound IP resources of the cluster load balancer. ResourceReference_STATUS[]
Optional
enableMultipleStandardLoadBalancers Enable multiple standard load balancers per AKS cluster or not. bool
Optional
idleTimeoutInMinutes Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. int
Optional
managedOutboundIPs Desired managed outbound IPs for the cluster load balancer. ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS
Optional
outboundIPPrefixes Desired outbound IP Prefix resources for the cluster load balancer. ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS
Optional
outboundIPs Desired outbound IP resources for the cluster load balancer. ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS
Optional

ManagedClusterNATGatewayProfile

Profile of the managed cluster NAT gateway.

Used by: ContainerServiceNetworkProfile.

Property Description Type
effectiveOutboundIPs The effective outbound IP resources of the cluster NAT gateway. ResourceReference[]
Optional
idleTimeoutInMinutes Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. int
Optional
managedOutboundIPProfile Profile of the managed outbound IP resources of the cluster NAT gateway. ManagedClusterManagedOutboundIPProfile
Optional

ManagedClusterNATGatewayProfile_STATUS

Profile of the managed cluster NAT gateway.

Used by: ContainerServiceNetworkProfile_STATUS.

Property Description Type
effectiveOutboundIPs The effective outbound IP resources of the cluster NAT gateway. ResourceReference_STATUS[]
Optional
idleTimeoutInMinutes Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. int
Optional
managedOutboundIPProfile Profile of the managed outbound IP resources of the cluster NAT gateway. ManagedClusterManagedOutboundIPProfile_STATUS
Optional

ManagedClusterNodeResourceGroupProfile_RestrictionLevel

Used by: ManagedClusterNodeResourceGroupProfile.

Value Description
“ReadOnly”
“Unrestricted”

ManagedClusterNodeResourceGroupProfile_RestrictionLevel_STATUS

Used by: ManagedClusterNodeResourceGroupProfile_STATUS.

Value Description
“ReadOnly”
“Unrestricted”

ManagedClusterOperatorConfigMaps

Used by: ManagedClusterOperatorSpec.

Property Description Type
oidcIssuerProfile indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be created. genruntime.ConfigMapDestination
Optional

ManagedClusterOperatorSecrets

Used by: ManagedClusterOperatorSpec.

Property Description Type
adminCredentials indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure. genruntime.SecretDestination
Optional
userCredentials indicates where the UserCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure. genruntime.SecretDestination
Optional

ManagedClusterPodIdentity

Details about the pod identity assigned to the Managed Cluster.

Used by: ManagedClusterPodIdentityProfile.

Property Description Type
bindingSelector The binding selector to use for the AzureIdentityBinding resource. string
Optional
identity The user assigned identity details. UserAssignedIdentity
Required
name The name of the pod identity. string
Required
namespace The namespace of the pod identity. string
Required

ManagedClusterPodIdentity_STATUS

Details about the pod identity assigned to the Managed Cluster.

Used by: ManagedClusterPodIdentityProfile_STATUS.

Property Description Type
bindingSelector The binding selector to use for the AzureIdentityBinding resource. string
Optional
identity The user assigned identity details. UserAssignedIdentity_STATUS
Optional
name The name of the pod identity. string
Optional
namespace The namespace of the pod identity. string
Optional
provisioningInfo ManagedClusterPodIdentity_ProvisioningInfo_STATUS
Optional
provisioningState The current provisioning state of the pod identity. ManagedClusterPodIdentity_ProvisioningState_STATUS
Optional

ManagedClusterPodIdentityException

See disable AAD Pod Identity for a specific Pod/Application for more details.

Used by: ManagedClusterPodIdentityProfile.

Property Description Type
name The name of the pod identity exception. string
Required
namespace The namespace of the pod identity exception. string
Required
podLabels The pod labels to match. map[string]string
Required

ManagedClusterPodIdentityException_STATUS

See disable AAD Pod Identity for a specific Pod/Application for more details.

Used by: ManagedClusterPodIdentityProfile_STATUS.

Property Description Type
name The name of the pod identity exception. string
Optional
namespace The namespace of the pod identity exception. string
Optional
podLabels The pod labels to match. map[string]string
Optional

ManagedClusterProperties_AutoScalerProfile_Expander

Used by: ManagedClusterProperties_AutoScalerProfile.

Value Description
“least-waste”
“most-pods”
“priority”
“random”

ManagedClusterProperties_AutoScalerProfile_Expander_STATUS

Used by: ManagedClusterProperties_AutoScalerProfile_STATUS.

Value Description
“least-waste”
“most-pods”
“priority”
“random”

ManagedClusterSecurityProfileDefender

Microsoft Defender settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property Description Type
logAnalyticsWorkspaceResourceReference Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty. genruntime.ResourceReference
Optional
securityMonitoring Microsoft Defender threat detection for Cloud settings for the security profile. ManagedClusterSecurityProfileDefenderSecurityMonitoring
Optional

ManagedClusterSecurityProfileDefender_STATUS

Microsoft Defender settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property Description Type
logAnalyticsWorkspaceResourceId Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty. string
Optional
securityMonitoring Microsoft Defender threat detection for Cloud settings for the security profile. ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS
Optional

ManagedClusterSecurityProfileImageCleaner

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property Description Type
enabled Whether to enable Image Cleaner on AKS cluster. bool
Optional
intervalHours Image Cleaner scanning interval in hours. int
Optional

ManagedClusterSecurityProfileImageCleaner_STATUS

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property Description Type
enabled Whether to enable Image Cleaner on AKS cluster. bool
Optional
intervalHours Image Cleaner scanning interval in hours. int
Optional

ManagedClusterSecurityProfileWorkloadIdentity

Workload identity settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property Description Type
enabled Whether to enable workload identity. bool
Optional

ManagedClusterSecurityProfileWorkloadIdentity_STATUS

Workload identity settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property Description Type
enabled Whether to enable workload identity. bool
Optional

ManagedClusterSKU_Name

Used by: ManagedClusterSKU.

Value Description
“Base”

ManagedClusterSKU_Name_STATUS

Used by: ManagedClusterSKU_STATUS.

Value Description
“Base”

ManagedClusterSKU_Tier

Used by: ManagedClusterSKU.

Value Description
“Free”
“Premium”
“Standard”

ManagedClusterSKU_Tier_STATUS

Used by: ManagedClusterSKU_STATUS.

Value Description
“Free”
“Premium”
“Standard”

ManagedClusterStorageProfileBlobCSIDriver

AzureBlob CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property Description Type
enabled Whether to enable AzureBlob CSI Driver. The default value is false. bool
Optional

ManagedClusterStorageProfileBlobCSIDriver_STATUS

AzureBlob CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property Description Type
enabled Whether to enable AzureBlob CSI Driver. The default value is false. bool
Optional

ManagedClusterStorageProfileDiskCSIDriver

AzureDisk CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property Description Type
enabled Whether to enable AzureDisk CSI Driver. The default value is true. bool
Optional

ManagedClusterStorageProfileDiskCSIDriver_STATUS

AzureDisk CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property Description Type
enabled Whether to enable AzureDisk CSI Driver. The default value is true. bool
Optional

ManagedClusterStorageProfileFileCSIDriver

AzureFile CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property Description Type
enabled Whether to enable AzureFile CSI Driver. The default value is true. bool
Optional

ManagedClusterStorageProfileFileCSIDriver_STATUS

AzureFile CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property Description Type
enabled Whether to enable AzureFile CSI Driver. The default value is true. bool
Optional

ManagedClusterStorageProfileSnapshotController

Snapshot Controller settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property Description Type
enabled Whether to enable Snapshot Controller. The default value is true. bool
Optional

ManagedClusterStorageProfileSnapshotController_STATUS

Snapshot Controller settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property Description Type
enabled Whether to enable Snapshot Controller. The default value is true. bool
Optional

ManagedClusterWindowsProfile_LicenseType

Used by: ManagedClusterWindowsProfile.

Value Description
“None”
“Windows_Server”

ManagedClusterWindowsProfile_LicenseType_STATUS

Used by: ManagedClusterWindowsProfile_STATUS.

Value Description
“None”
“Windows_Server”

ManagedClusterWorkloadAutoScalerProfileKeda

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile.

Property Description Type
enabled Whether to enable KEDA. bool
Required

ManagedClusterWorkloadAutoScalerProfileKeda_STATUS

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.

Property Description Type
enabled Whether to enable KEDA. bool
Optional

ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile.

Property Description Type
enabled Whether to enable VPA. Default value is false. bool
Required

ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.

Property Description Type
enabled Whether to enable VPA. Default value is false. bool
Optional

PortRange

The port range.

Used by: AgentPoolNetworkProfile.

Property Description Type
portEnd The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. int
Optional
portStart The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. int
Optional
protocol The network protocol of the port. PortRange_Protocol
Optional

PortRange_STATUS

The port range.

Used by: AgentPoolNetworkProfile_STATUS.

Property Description Type
portEnd The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. int
Optional
portStart The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. int
Optional
protocol The network protocol of the port. PortRange_Protocol_STATUS
Optional

PowerState_Code

Used by: PowerState.

Value Description
“Running”
“Stopped”

PowerState_Code_STATUS

Used by: PowerState_STATUS.

Value Description
“Running”
“Stopped”

Schedule

One and only one of the schedule types should be specified. Choose either ‘daily’, ‘weekly’, ‘absoluteMonthly’ or ‘relativeMonthly’ for your maintenance schedule.

Used by: MaintenanceWindow.

Property Description Type
absoluteMonthly For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’. AbsoluteMonthlySchedule
Optional
daily For schedules like: ‘recur every day’ or ‘recur every 3 days’. DailySchedule
Optional
relativeMonthly For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’. RelativeMonthlySchedule
Optional
weekly For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’. WeeklySchedule
Optional

Schedule_STATUS

One and only one of the schedule types should be specified. Choose either ‘daily’, ‘weekly’, ‘absoluteMonthly’ or ‘relativeMonthly’ for your maintenance schedule.

Used by: MaintenanceWindow_STATUS.

Property Description Type
absoluteMonthly For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’. AbsoluteMonthlySchedule_STATUS
Optional
daily For schedules like: ‘recur every day’ or ‘recur every 3 days’. DailySchedule_STATUS
Optional
relativeMonthly For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’. RelativeMonthlySchedule_STATUS
Optional
weekly For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’. WeeklySchedule_STATUS
Optional

ServiceMeshProfile_Mode

Used by: ServiceMeshProfile.

Value Description
“Disabled”
“Istio”

ServiceMeshProfile_Mode_STATUS

Used by: ServiceMeshProfile_STATUS.

Value Description
“Disabled”
“Istio”

SysctlConfig

Sysctl settings for Linux agent nodes.

Used by: LinuxOSConfig.

Property Description Type
fsAioMaxNr Sysctl setting fs.aio-max-nr. int
Optional
fsFileMax Sysctl setting fs.file-max. int
Optional
fsInotifyMaxUserWatches Sysctl setting fs.inotify.max_user_watches. int
Optional
fsNrOpen Sysctl setting fs.nr_open. int
Optional
kernelThreadsMax Sysctl setting kernel.threads-max. int
Optional
netCoreNetdevMaxBacklog Sysctl setting net.core.netdev_max_backlog. int
Optional
netCoreOptmemMax Sysctl setting net.core.optmem_max. int
Optional
netCoreRmemDefault Sysctl setting net.core.rmem_default. int
Optional
netCoreRmemMax Sysctl setting net.core.rmem_max. int
Optional
netCoreSomaxconn Sysctl setting net.core.somaxconn. int
Optional
netCoreWmemDefault Sysctl setting net.core.wmem_default. int
Optional
netCoreWmemMax Sysctl setting net.core.wmem_max. int
Optional
netIpv4IpLocalPortRange Sysctl setting net.ipv4.ip_local_port_range. string
Optional
netIpv4NeighDefaultGcThresh1 Sysctl setting net.ipv4.neigh.default.gc_thresh1. int
Optional
netIpv4NeighDefaultGcThresh2 Sysctl setting net.ipv4.neigh.default.gc_thresh2. int
Optional
netIpv4NeighDefaultGcThresh3 Sysctl setting net.ipv4.neigh.default.gc_thresh3. int
Optional
netIpv4TcpFinTimeout Sysctl setting net.ipv4.tcp_fin_timeout. int
Optional
netIpv4TcpkeepaliveIntvl Sysctl setting net.ipv4.tcp_keepalive_intvl. int
Optional
netIpv4TcpKeepaliveProbes Sysctl setting net.ipv4.tcp_keepalive_probes. int
Optional
netIpv4TcpKeepaliveTime Sysctl setting net.ipv4.tcp_keepalive_time. int
Optional
netIpv4TcpMaxSynBacklog Sysctl setting net.ipv4.tcp_max_syn_backlog. int
Optional
netIpv4TcpMaxTwBuckets Sysctl setting net.ipv4.tcp_max_tw_buckets. int
Optional
netIpv4TcpTwReuse Sysctl setting net.ipv4.tcp_tw_reuse. bool
Optional
netNetfilterNfConntrackBuckets Sysctl setting net.netfilter.nf_conntrack_buckets. int
Optional
netNetfilterNfConntrackMax Sysctl setting net.netfilter.nf_conntrack_max. int
Optional
vmMaxMapCount Sysctl setting vm.max_map_count. int
Optional
vmSwappiness Sysctl setting vm.swappiness. int
Optional
vmVfsCachePressure Sysctl setting vm.vfs_cache_pressure. int
Optional

SysctlConfig_STATUS

Sysctl settings for Linux agent nodes.

Used by: LinuxOSConfig_STATUS.

Property Description Type
fsAioMaxNr Sysctl setting fs.aio-max-nr. int
Optional
fsFileMax Sysctl setting fs.file-max. int
Optional
fsInotifyMaxUserWatches Sysctl setting fs.inotify.max_user_watches. int
Optional
fsNrOpen Sysctl setting fs.nr_open. int
Optional
kernelThreadsMax Sysctl setting kernel.threads-max. int
Optional
netCoreNetdevMaxBacklog Sysctl setting net.core.netdev_max_backlog. int
Optional
netCoreOptmemMax Sysctl setting net.core.optmem_max. int
Optional
netCoreRmemDefault Sysctl setting net.core.rmem_default. int
Optional
netCoreRmemMax Sysctl setting net.core.rmem_max. int
Optional
netCoreSomaxconn Sysctl setting net.core.somaxconn. int
Optional
netCoreWmemDefault Sysctl setting net.core.wmem_default. int
Optional
netCoreWmemMax Sysctl setting net.core.wmem_max. int
Optional
netIpv4IpLocalPortRange Sysctl setting net.ipv4.ip_local_port_range. string
Optional
netIpv4NeighDefaultGcThresh1 Sysctl setting net.ipv4.neigh.default.gc_thresh1. int
Optional
netIpv4NeighDefaultGcThresh2 Sysctl setting net.ipv4.neigh.default.gc_thresh2. int
Optional
netIpv4NeighDefaultGcThresh3 Sysctl setting net.ipv4.neigh.default.gc_thresh3. int
Optional
netIpv4TcpFinTimeout Sysctl setting net.ipv4.tcp_fin_timeout. int
Optional
netIpv4TcpkeepaliveIntvl Sysctl setting net.ipv4.tcp_keepalive_intvl. int
Optional
netIpv4TcpKeepaliveProbes Sysctl setting net.ipv4.tcp_keepalive_probes. int
Optional
netIpv4TcpKeepaliveTime Sysctl setting net.ipv4.tcp_keepalive_time. int
Optional
netIpv4TcpMaxSynBacklog Sysctl setting net.ipv4.tcp_max_syn_backlog. int
Optional
netIpv4TcpMaxTwBuckets Sysctl setting net.ipv4.tcp_max_tw_buckets. int
Optional
netIpv4TcpTwReuse Sysctl setting net.ipv4.tcp_tw_reuse. bool
Optional
netNetfilterNfConntrackBuckets Sysctl setting net.netfilter.nf_conntrack_buckets. int
Optional
netNetfilterNfConntrackMax Sysctl setting net.netfilter.nf_conntrack_max. int
Optional
vmMaxMapCount Sysctl setting vm.max_map_count. int
Optional
vmSwappiness Sysctl setting vm.swappiness. int
Optional
vmVfsCachePressure Sysctl setting vm.vfs_cache_pressure. int
Optional

SystemData_CreatedByType_STATUS

Used by: SystemData_STATUS.

Value Description
“Application”
“Key”
“ManagedIdentity”
“User”

SystemData_LastModifiedByType_STATUS

Used by: SystemData_STATUS.

Value Description
“Application”
“Key”
“ManagedIdentity”
“User”

UpgradeOverrideSettings

Settings for overrides when upgrading a cluster.

Used by: ClusterUpgradeSettings.

Property Description Type
forceUpgrade Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution. bool
Optional
until Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect. string
Optional

UpgradeOverrideSettings_STATUS

Settings for overrides when upgrading a cluster.

Used by: ClusterUpgradeSettings_STATUS.

Property Description Type
forceUpgrade Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution. bool
Optional
until Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect. string
Optional

UserAssignedIdentityDetails

Information about the user assigned identity for the resource

Used by: ManagedClusterIdentity.

Property Description Type
reference genruntime.ResourceReference
Optional

WeekDay

The weekday enum.

Used by: RelativeMonthlySchedule, TimeInWeek, and WeeklySchedule.

Value Description
“Friday”
“Monday”
“Saturday”
“Sunday”
“Thursday”
“Tuesday”
“Wednesday”

WeekDay_STATUS

The weekday enum.

Used by: RelativeMonthlySchedule_STATUS, TimeInWeek_STATUS, and WeeklySchedule_STATUS.

Value Description
“Friday”
“Monday”
“Saturday”
“Sunday”
“Thursday”
“Tuesday”
“Wednesday”

WindowsGmsaProfile

Windows gMSA Profile in the managed cluster.

Used by: ManagedClusterWindowsProfile.

Property Description Type
dnsServer Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. string
Optional
enabled Specifies whether to enable Windows gMSA in the managed cluster. bool
Optional
rootDomainName Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. string
Optional

WindowsGmsaProfile_STATUS

Windows gMSA Profile in the managed cluster.

Used by: ManagedClusterWindowsProfile_STATUS.

Property Description Type
dnsServer Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. string
Optional
enabled Specifies whether to enable Windows gMSA in the managed cluster. bool
Optional
rootDomainName Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. string
Optional

AbsoluteMonthlySchedule

For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.

Used by: Schedule.

Property Description Type
dayOfMonth The date of the month. int
Required
intervalMonths Specifies the number of months between each set of occurrences. int
Required

AbsoluteMonthlySchedule_STATUS

For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.

Used by: Schedule_STATUS.

Property Description Type
dayOfMonth The date of the month. int
Optional
intervalMonths Specifies the number of months between each set of occurrences. int
Optional

AdvancedNetworkingObservability

Observability profile to enable advanced network metrics and flow logs with historical contexts.

Used by: AdvancedNetworking.

Property Description Type
enabled Indicates the enablement of Advanced Networking observability functionalities on clusters. bool
Optional

AdvancedNetworkingObservability_STATUS

Observability profile to enable advanced network metrics and flow logs with historical contexts.

Used by: AdvancedNetworking_STATUS.

Property Description Type
enabled Indicates the enablement of Advanced Networking observability functionalities on clusters. bool
Optional

AdvancedNetworkingSecurity

Security profile to enable security features on cilium based cluster.

Used by: AdvancedNetworking.

Property Description Type
enabled This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false. bool
Optional

AdvancedNetworkingSecurity_STATUS

Security profile to enable security features on cilium based cluster.

Used by: AdvancedNetworking_STATUS.

Property Description Type
enabled This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false. bool
Optional

AzureKeyVaultKms_KeyVaultNetworkAccess

Used by: AzureKeyVaultKms.

Value Description
“Private”
“Public”

AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS

Used by: AzureKeyVaultKms_STATUS.

Value Description
“Private”
“Public”

ContainerServiceSshPublicKey

Contains information about SSH certificate public key data.

Used by: ContainerServiceSshConfiguration.

Property Description Type
keyData Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. string
Required

ContainerServiceSshPublicKey_STATUS

Contains information about SSH certificate public key data.

Used by: ContainerServiceSshConfiguration_STATUS.

Property Description Type
keyData Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. string
Optional

DailySchedule

For schedules like: ‘recur every day’ or ‘recur every 3 days’.

Used by: Schedule.

Property Description Type
intervalDays Specifies the number of days between each set of occurrences. int
Required

DailySchedule_STATUS

For schedules like: ‘recur every day’ or ‘recur every 3 days’.

Used by: Schedule_STATUS.

Property Description Type
intervalDays Specifies the number of days between each set of occurrences. int
Optional

IstioCertificateAuthority

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Used by: IstioServiceMesh.

Property Description Type
plugin Plugin certificates information for Service Mesh. IstioPluginCertificateAuthority
Optional

IstioCertificateAuthority_STATUS

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Used by: IstioServiceMesh_STATUS.

Property Description Type
plugin Plugin certificates information for Service Mesh. IstioPluginCertificateAuthority_STATUS
Optional

IstioComponents

Istio components configuration.

Used by: IstioServiceMesh.

Property Description Type
egressGateways Istio egress gateways. IstioEgressGateway[]
Optional
ingressGateways Istio ingress gateways. IstioIngressGateway[]
Optional

IstioComponents_STATUS

Istio components configuration.

Used by: IstioServiceMesh_STATUS.

Property Description Type
egressGateways Istio egress gateways. IstioEgressGateway_STATUS[]
Optional
ingressGateways Istio ingress gateways. IstioIngressGateway_STATUS[]
Optional

ManagedClusterAzureMonitorProfileKubeStateMetrics

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

Used by: ManagedClusterAzureMonitorProfileMetrics.

Property Description Type
metricAnnotationsAllowList Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels. string
Optional
metricLabelsAllowlist Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels. string
Optional

ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

Used by: ManagedClusterAzureMonitorProfileMetrics_STATUS.

Property Description Type
metricAnnotationsAllowList Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels. string
Optional
metricLabelsAllowlist Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels. string
Optional

ManagedClusterLoadBalancerProfile_BackendPoolType

Used by: ManagedClusterLoadBalancerProfile.

Value Description
“NodeIP”
“NodeIPConfiguration”

ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Value Description
“NodeIP”
“NodeIPConfiguration”

ManagedClusterLoadBalancerProfile_ManagedOutboundIPs

Used by: ManagedClusterLoadBalancerProfile.

Property Description Type
count The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. int
Optional
countIPv6 The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. int
Optional

ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property Description Type
count The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. int
Optional
countIPv6 The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. int
Optional

ManagedClusterLoadBalancerProfile_OutboundIPPrefixes

Used by: ManagedClusterLoadBalancerProfile.

Property Description Type
publicIPPrefixes A list of public IP prefix resources. ResourceReference[]
Optional

ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property Description Type
publicIPPrefixes A list of public IP prefix resources. ResourceReference_STATUS[]
Optional

ManagedClusterLoadBalancerProfile_OutboundIPs

Used by: ManagedClusterLoadBalancerProfile.

Property Description Type
publicIPs A list of public IP resources. ResourceReference[]
Optional

ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property Description Type
publicIPs A list of public IP resources. ResourceReference_STATUS[]
Optional

ManagedClusterManagedOutboundIPProfile

Profile of the managed outbound IP resources of the managed cluster.

Used by: ManagedClusterNATGatewayProfile.

Property Description Type
count The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. int
Optional

ManagedClusterManagedOutboundIPProfile_STATUS

Profile of the managed outbound IP resources of the managed cluster.

Used by: ManagedClusterNATGatewayProfile_STATUS.

Property Description Type
count The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. int
Optional

ManagedClusterPodIdentity_ProvisioningInfo_STATUS

Used by: ManagedClusterPodIdentity_STATUS.

Property Description Type
error Pod identity assignment error (if any). ManagedClusterPodIdentityProvisioningError_STATUS
Optional

ManagedClusterPodIdentity_ProvisioningState_STATUS

Used by: ManagedClusterPodIdentity_STATUS.

Value Description
“Assigned”
“Canceled”
“Deleting”
“Failed”
“Succeeded”
“Updating”

ManagedClusterSecurityProfileDefenderSecurityMonitoring

Microsoft Defender settings for the security profile threat detection.

Used by: ManagedClusterSecurityProfileDefender.

Property Description Type
enabled Whether to enable Defender threat detection bool
Optional

ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS

Microsoft Defender settings for the security profile threat detection.

Used by: ManagedClusterSecurityProfileDefender_STATUS.

Property Description Type
enabled Whether to enable Defender threat detection bool
Optional

PortRange_Protocol

Used by: PortRange.

Value Description
“TCP”
“UDP”

PortRange_Protocol_STATUS

Used by: PortRange_STATUS.

Value Description
“TCP”
“UDP”

RelativeMonthlySchedule

For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.

Used by: Schedule.

Property Description Type
dayOfWeek Specifies on which day of the week the maintenance occurs. WeekDay
Required
intervalMonths Specifies the number of months between each set of occurrences. int
Required
weekIndex Specifies on which week of the month the dayOfWeek applies. RelativeMonthlySchedule_WeekIndex
Required

RelativeMonthlySchedule_STATUS

For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.

Used by: Schedule_STATUS.

Property Description Type
dayOfWeek Specifies on which day of the week the maintenance occurs. WeekDay_STATUS
Optional
intervalMonths Specifies the number of months between each set of occurrences. int
Optional
weekIndex Specifies on which week of the month the dayOfWeek applies. RelativeMonthlySchedule_WeekIndex_STATUS
Optional

ResourceReference

A reference to an Azure resource.

Used by: ManagedClusterLoadBalancerProfile, ManagedClusterLoadBalancerProfile_OutboundIPPrefixes, ManagedClusterLoadBalancerProfile_OutboundIPs, and ManagedClusterNATGatewayProfile.

Property Description Type
reference The fully qualified Azure resource id. genruntime.ResourceReference
Optional

ResourceReference_STATUS

A reference to an Azure resource.

Used by: ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS, ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS, ManagedClusterLoadBalancerProfile_STATUS, and ManagedClusterNATGatewayProfile_STATUS.

Property Description Type
id The fully qualified Azure resource id. string
Optional

WeeklySchedule

For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.

Used by: Schedule.

Property Description Type
dayOfWeek Specifies on which day of the week the maintenance occurs. WeekDay
Required
intervalWeeks Specifies the number of weeks between each set of occurrences. int
Required

WeeklySchedule_STATUS

For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.

Used by: Schedule_STATUS.

Property Description Type
dayOfWeek Specifies on which day of the week the maintenance occurs. WeekDay_STATUS
Optional
intervalWeeks Specifies the number of weeks between each set of occurrences. int
Optional

IstioEgressGateway

Istio egress gateway configuration.

Used by: IstioComponents.

Property Description Type
enabled Whether to enable the egress gateway. bool
Required

IstioEgressGateway_STATUS

Istio egress gateway configuration.

Used by: IstioComponents_STATUS.

Property Description Type
enabled Whether to enable the egress gateway. bool
Optional

IstioIngressGateway

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Used by: IstioComponents.

Property Description Type
enabled Whether to enable the ingress gateway. bool
Required
mode Mode of an ingress gateway. IstioIngressGateway_Mode
Required

IstioIngressGateway_STATUS

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Used by: IstioComponents_STATUS.

Property Description Type
enabled Whether to enable the ingress gateway. bool
Optional
mode Mode of an ingress gateway. IstioIngressGateway_Mode_STATUS
Optional

IstioPluginCertificateAuthority

Plugin certificates information for Service Mesh.

Used by: IstioCertificateAuthority.

Property Description Type
certChainObjectName Certificate chain object name in Azure Key Vault. string
Optional
certObjectName Intermediate certificate object name in Azure Key Vault. string
Optional
keyObjectName Intermediate certificate private key object name in Azure Key Vault. string
Optional
keyVaultReference The resource ID of the Key Vault. genruntime.ResourceReference
Optional
rootCertObjectName Root certificate object name in Azure Key Vault. string
Optional

IstioPluginCertificateAuthority_STATUS

Plugin certificates information for Service Mesh.

Used by: IstioCertificateAuthority_STATUS.

Property Description Type
certChainObjectName Certificate chain object name in Azure Key Vault. string
Optional
certObjectName Intermediate certificate object name in Azure Key Vault. string
Optional
keyObjectName Intermediate certificate private key object name in Azure Key Vault. string
Optional
keyVaultId The resource ID of the Key Vault. string
Optional
rootCertObjectName Root certificate object name in Azure Key Vault. string
Optional

ManagedClusterPodIdentityProvisioningError_STATUS

An error response from the pod identity provisioning.

Used by: ManagedClusterPodIdentity_ProvisioningInfo_STATUS.

Property Description Type
error Details about the error. ManagedClusterPodIdentityProvisioningErrorBody_STATUS
Optional

RelativeMonthlySchedule_WeekIndex

Used by: RelativeMonthlySchedule.

Value Description
“First”
“Fourth”
“Last”
“Second”
“Third”

RelativeMonthlySchedule_WeekIndex_STATUS

Used by: RelativeMonthlySchedule_STATUS.

Value Description
“First”
“Fourth”
“Last”
“Second”
“Third”

IstioIngressGateway_Mode

Used by: IstioIngressGateway.

Value Description
“External”
“Internal”

IstioIngressGateway_Mode_STATUS

Used by: IstioIngressGateway_STATUS.

Value Description
“External”
“Internal”

ManagedClusterPodIdentityProvisioningErrorBody_STATUS

An error response from the pod identity provisioning.

Used by: ManagedClusterPodIdentityProvisioningError_STATUS.

Property Description Type
code An identifier for the error. Codes are invariant and are intended to be consumed programmatically. string
Optional
details A list of additional details about the error. ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled[]
Optional
message A message describing the error, intended to be suitable for display in a user interface. string
Optional
target The target of the particular error. For example, the name of the property in error. string
Optional

ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled

Used by: ManagedClusterPodIdentityProvisioningErrorBody_STATUS.

Property Description Type
code An identifier for the error. Codes are invariant and are intended to be consumed programmatically. string
Optional
message A message describing the error, intended to be suitable for display in a user interface. string
Optional
target The target of the particular error. For example, the name of the property in error. string
Optional