containerservice.azure.com/v1api20240901

APIVersion

Value	Description
“2024-09-01”

MaintenanceConfiguration

Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-09-01/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName}

Used by: MaintenanceConfigurationList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		MaintenanceConfiguration_Spec Optional
status		MaintenanceConfiguration_STATUS Optional

MaintenanceConfiguration_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
maintenanceWindow	Maintenance window for the maintenance configuration.	MaintenanceWindow Optional
notAllowedTime	Time slots on which upgrade is not allowed.	TimeSpan[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	MaintenanceConfigurationOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
timeInWeek	If two array entries specify the same day of the week, the applied configuration is the union of times in both entries.	TimeInWeek[] Optional

MaintenanceConfiguration_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
maintenanceWindow	Maintenance window for the maintenance configuration.	MaintenanceWindow_STATUS Optional
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string Optional
notAllowedTime	Time slots on which upgrade is not allowed.	TimeSpan_STATUS[] Optional
systemData	The system metadata relating to this resource.	SystemData_STATUS Optional
timeInWeek	If two array entries specify the same day of the week, the applied configuration is the union of times in both entries.	TimeInWeek_STATUS[] Optional
type	Resource type	string Optional

MaintenanceConfigurationList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		MaintenanceConfiguration[] Optional

ManagedCluster

Used by: ManagedClusterList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ManagedCluster_Spec Optional
status		ManagedCluster_STATUS Optional

ManagedCluster_Spec

Property	Description	Type
aadProfile	The Azure Active Directory configuration.	ManagedClusterAADProfile Optional
addonProfiles	The profile of managed cluster add-on.	map[string]ManagedClusterAddonProfile Optional
agentPoolProfiles	The agent pool properties.	ManagedClusterAgentPoolProfile[] Optional
apiServerAccessProfile	The access profile for managed cluster API server.	ManagedClusterAPIServerAccessProfile Optional
autoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled	ManagedClusterProperties_AutoScalerProfile Optional
autoUpgradeProfile	The auto upgrade configuration.	ManagedClusterAutoUpgradeProfile Optional
azureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.	ManagedClusterAzureMonitorProfile Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
disableLocalAccounts	If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.	bool Optional
diskEncryptionSetReference	This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’	genruntime.ResourceReference Optional
dnsPrefix	This cannot be updated once the Managed Cluster has been created.	string Optional
enablePodSecurityPolicy	(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.	bool Optional
enableRBAC	Whether to enable Kubernetes Role-Based Access Control.	bool Optional
extendedLocation	The extended location of the Virtual Machine.	ExtendedLocation Optional
fqdnSubdomain	This cannot be updated once the Managed Cluster has been created.	string Optional
httpProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.	ManagedClusterHTTPProxyConfig Optional
identity	The identity of the managed cluster, if configured.	ManagedClusterIdentity Optional
identityProfile	The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”.	map[string]UserAssignedIdentity Optional
ingressProfile	Ingress profile for the managed cluster.	ManagedClusterIngressProfile Optional
kubernetesVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.	string Optional
linuxProfile	The profile for Linux VMs in the Managed Cluster.	ContainerServiceLinuxProfile Optional
location	The geo-location where the resource lives	string Required
metricsProfile	Optional cluster metrics configuration.	ManagedClusterMetricsProfile Optional
networkProfile	The network configuration profile.	ContainerServiceNetworkProfile Optional
nodeResourceGroup	The name of the resource group containing agent pool nodes.	string Optional
nodeResourceGroupProfile	Profile of the node resource group configuration.	ManagedClusterNodeResourceGroupProfile Optional
oidcIssuerProfile	The OIDC issuer profile of the Managed Cluster.	ManagedClusterOIDCIssuerProfile Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ManagedClusterOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource	genruntime.KnownResourceReference Required
podIdentityProfile	See use AAD pod identity for more details on AAD pod identity integration.	ManagedClusterPodIdentityProfile Optional
privateLinkResources	Private link resources associated with the cluster.	PrivateLinkResource[] Optional
publicNetworkAccess	Allow or deny public network access for AKS	ManagedClusterProperties_PublicNetworkAccess Optional
securityProfile	Security profile for the managed cluster.	ManagedClusterSecurityProfile Optional
serviceMeshProfile	Service mesh profile for a managed cluster.	ServiceMeshProfile Optional
servicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.	ManagedClusterServicePrincipalProfile Optional
sku	The managed cluster SKU.	ManagedClusterSKU Optional
storageProfile	Storage profile for the managed cluster.	ManagedClusterStorageProfile Optional
supportPlan	The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’.	KubernetesSupportPlan Optional
tags	Resource tags.	map[string]string Optional
upgradeSettings	Settings for upgrading a cluster.	ClusterUpgradeSettings Optional
windowsProfile	The profile for Windows VMs in the Managed Cluster.	ManagedClusterWindowsProfile Optional
workloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.	ManagedClusterWorkloadAutoScalerProfile Optional

ManagedCluster_STATUS

Property	Description	Type
aadProfile	The Azure Active Directory configuration.	ManagedClusterAADProfile_STATUS Optional
addonProfiles	The profile of managed cluster add-on.	map[string]ManagedClusterAddonProfile_STATUS Optional
agentPoolProfiles	The agent pool properties.	ManagedClusterAgentPoolProfile_STATUS[] Optional
apiServerAccessProfile	The access profile for managed cluster API server.	ManagedClusterAPIServerAccessProfile_STATUS Optional
autoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled	ManagedClusterProperties_AutoScalerProfile_STATUS Optional
autoUpgradeProfile	The auto upgrade configuration.	ManagedClusterAutoUpgradeProfile_STATUS Optional
azureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.	ManagedClusterAzureMonitorProfile_STATUS Optional
azurePortalFQDN	The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
currentKubernetesVersion	If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.	string Optional
disableLocalAccounts	If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.	bool Optional
diskEncryptionSetID	This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’	string Optional
dnsPrefix	This cannot be updated once the Managed Cluster has been created.	string Optional
enablePodSecurityPolicy	(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.	bool Optional
enableRBAC	Whether to enable Kubernetes Role-Based Access Control.	bool Optional
eTag	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.	string Optional
extendedLocation	The extended location of the Virtual Machine.	ExtendedLocation_STATUS Optional
fqdn	The FQDN of the master pool.	string Optional
fqdnSubdomain	This cannot be updated once the Managed Cluster has been created.	string Optional
httpProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.	ManagedClusterHTTPProxyConfig_STATUS Optional
id	Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”	string Optional
identity	The identity of the managed cluster, if configured.	ManagedClusterIdentity_STATUS Optional
identityProfile	The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”.	map[string]UserAssignedIdentity_STATUS Optional
ingressProfile	Ingress profile for the managed cluster.	ManagedClusterIngressProfile_STATUS Optional
kubernetesVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.	string Optional
linuxProfile	The profile for Linux VMs in the Managed Cluster.	ContainerServiceLinuxProfile_STATUS Optional
location	The geo-location where the resource lives	string Optional
maxAgentPools	The max number of agent pools for the managed cluster.	int Optional
metricsProfile	Optional cluster metrics configuration.	ManagedClusterMetricsProfile_STATUS Optional
name	The name of the resource	string Optional
networkProfile	The network configuration profile.	ContainerServiceNetworkProfile_STATUS Optional
nodeResourceGroup	The name of the resource group containing agent pool nodes.	string Optional
nodeResourceGroupProfile	Profile of the node resource group configuration.	ManagedClusterNodeResourceGroupProfile_STATUS Optional
oidcIssuerProfile	The OIDC issuer profile of the Managed Cluster.	ManagedClusterOIDCIssuerProfile_STATUS Optional
podIdentityProfile	See use AAD pod identity for more details on AAD pod identity integration.	ManagedClusterPodIdentityProfile_STATUS Optional
powerState	The Power State of the cluster.	PowerState_STATUS Optional
privateFQDN	The FQDN of private cluster.	string Optional
privateLinkResources	Private link resources associated with the cluster.	PrivateLinkResource_STATUS[] Optional
provisioningState	The current provisioning state.	string Optional
publicNetworkAccess	Allow or deny public network access for AKS	ManagedClusterProperties_PublicNetworkAccess_STATUS Optional
resourceUID	The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence)	string Optional
securityProfile	Security profile for the managed cluster.	ManagedClusterSecurityProfile_STATUS Optional
serviceMeshProfile	Service mesh profile for a managed cluster.	ServiceMeshProfile_STATUS Optional
servicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.	ManagedClusterServicePrincipalProfile_STATUS Optional
sku	The managed cluster SKU.	ManagedClusterSKU_STATUS Optional
storageProfile	Storage profile for the managed cluster.	ManagedClusterStorageProfile_STATUS Optional
supportPlan	The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’.	KubernetesSupportPlan_STATUS Optional
systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.	SystemData_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”	string Optional
upgradeSettings	Settings for upgrading a cluster.	ClusterUpgradeSettings_STATUS Optional
windowsProfile	The profile for Windows VMs in the Managed Cluster.	ManagedClusterWindowsProfile_STATUS Optional
workloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.	ManagedClusterWorkloadAutoScalerProfile_STATUS Optional

ManagedClusterList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ManagedCluster[] Optional

ManagedClustersAgentPool

Used by: ManagedClustersAgentPoolList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ManagedClustersAgentPool_Spec Optional
status		ManagedClustersAgentPool_STATUS Optional

ManagedClustersAgentPool_Spec

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
capacityReservationGroupReference	AKS will associate the specified agent pool with the Capacity Reservation Group.	genruntime.ResourceReference Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile Optional
hostGroupReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	genruntime.ResourceReference Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode Optional
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	genruntime.ResourceReference Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ManagedClustersAgentPoolOperatorSpec Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		ContainerServiceOSDisk Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU Optional
osType	The operating system type. The default is Linux.	OSType Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
podSubnetReference	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState Optional
proximityPlacementGroupReference	The ID for Proximity Placement Group.	genruntime.ResourceReference Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	The type of Agent Pool.	AgentPoolType Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetReference	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime Optional

ManagedClustersAgentPool_STATUS

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
capacityReservationGroupID	AKS will associate the specified agent pool with the Capacity Reservation Group.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData_STATUS Optional
currentOrchestratorVersion	If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used.	string Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
eTag	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.	string Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile_STATUS Optional
hostGroupID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	string Optional
id	Resource ID.	string Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig_STATUS Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType_STATUS Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig_STATUS Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode_STATUS Optional
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string Optional
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile_STATUS Optional
nodeImageVersion	The version of node image	string Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	string Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		int Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType_STATUS Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU_STATUS Optional
osType	The operating system type. The default is Linux.	OSType_STATUS Optional
podSubnetID	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState_STATUS Optional
properties_type	The type of Agent Pool.	AgentPoolType_STATUS Optional
provisioningState	The current deployment or provisioning state.	string Optional
proximityPlacementGroupID	The ID for Proximity Placement Group.	string Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode_STATUS Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy_STATUS Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority_STATUS Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile_STATUS Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	Resource type	string Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings_STATUS Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetID	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile_STATUS Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime_STATUS Optional

ManagedClustersAgentPoolList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ManagedClustersAgentPool[] Optional

TrustedAccessRoleBinding

Used by: TrustedAccessRoleBindingList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		TrustedAccessRoleBinding_Spec Optional
status		TrustedAccessRoleBinding_STATUS Optional

TrustedAccessRoleBinding_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	TrustedAccessRoleBindingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
roles	A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’.	string[] Required
sourceResourceReference	The ARM resource ID of source resource that trusted access is configured for.	genruntime.ResourceReference Required

TrustedAccessRoleBinding_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”	string Optional
name	The name of the resource	string Optional
provisioningState	The current provisioning state of trusted access role binding.	TrustedAccessRoleBindingProperties_ProvisioningState_STATUS Optional
roles	A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’.	string[] Optional
sourceResourceId	The ARM resource ID of source resource that trusted access is configured for.	string Optional
systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.	SystemData_STATUS Optional
type	The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”	string Optional

TrustedAccessRoleBindingList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		TrustedAccessRoleBinding[] Optional

MaintenanceConfiguration_Spec

Used by: MaintenanceConfiguration.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
maintenanceWindow	Maintenance window for the maintenance configuration.	MaintenanceWindow Optional
notAllowedTime	Time slots on which upgrade is not allowed.	TimeSpan[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	MaintenanceConfigurationOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
timeInWeek	If two array entries specify the same day of the week, the applied configuration is the union of times in both entries.	TimeInWeek[] Optional

MaintenanceConfiguration_STATUS

Used by: MaintenanceConfiguration.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
maintenanceWindow	Maintenance window for the maintenance configuration.	MaintenanceWindow_STATUS Optional
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string Optional
notAllowedTime	Time slots on which upgrade is not allowed.	TimeSpan_STATUS[] Optional
systemData	The system metadata relating to this resource.	SystemData_STATUS Optional
timeInWeek	If two array entries specify the same day of the week, the applied configuration is the union of times in both entries.	TimeInWeek_STATUS[] Optional
type	Resource type	string Optional

ManagedCluster_Spec

Used by: ManagedCluster.

Property	Description	Type
aadProfile	The Azure Active Directory configuration.	ManagedClusterAADProfile Optional
addonProfiles	The profile of managed cluster add-on.	map[string]ManagedClusterAddonProfile Optional
agentPoolProfiles	The agent pool properties.	ManagedClusterAgentPoolProfile[] Optional
apiServerAccessProfile	The access profile for managed cluster API server.	ManagedClusterAPIServerAccessProfile Optional
autoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled	ManagedClusterProperties_AutoScalerProfile Optional
autoUpgradeProfile	The auto upgrade configuration.	ManagedClusterAutoUpgradeProfile Optional
azureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.	ManagedClusterAzureMonitorProfile Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
disableLocalAccounts	If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.	bool Optional
diskEncryptionSetReference	This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’	genruntime.ResourceReference Optional
dnsPrefix	This cannot be updated once the Managed Cluster has been created.	string Optional
enablePodSecurityPolicy	(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.	bool Optional
enableRBAC	Whether to enable Kubernetes Role-Based Access Control.	bool Optional
extendedLocation	The extended location of the Virtual Machine.	ExtendedLocation Optional
fqdnSubdomain	This cannot be updated once the Managed Cluster has been created.	string Optional
httpProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.	ManagedClusterHTTPProxyConfig Optional
identity	The identity of the managed cluster, if configured.	ManagedClusterIdentity Optional
identityProfile	The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”.	map[string]UserAssignedIdentity Optional
ingressProfile	Ingress profile for the managed cluster.	ManagedClusterIngressProfile Optional
kubernetesVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.	string Optional
linuxProfile	The profile for Linux VMs in the Managed Cluster.	ContainerServiceLinuxProfile Optional
location	The geo-location where the resource lives	string Required
metricsProfile	Optional cluster metrics configuration.	ManagedClusterMetricsProfile Optional
networkProfile	The network configuration profile.	ContainerServiceNetworkProfile Optional
nodeResourceGroup	The name of the resource group containing agent pool nodes.	string Optional
nodeResourceGroupProfile	Profile of the node resource group configuration.	ManagedClusterNodeResourceGroupProfile Optional
oidcIssuerProfile	The OIDC issuer profile of the Managed Cluster.	ManagedClusterOIDCIssuerProfile Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ManagedClusterOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource	genruntime.KnownResourceReference Required
podIdentityProfile	See use AAD pod identity for more details on AAD pod identity integration.	ManagedClusterPodIdentityProfile Optional
privateLinkResources	Private link resources associated with the cluster.	PrivateLinkResource[] Optional
publicNetworkAccess	Allow or deny public network access for AKS	ManagedClusterProperties_PublicNetworkAccess Optional
securityProfile	Security profile for the managed cluster.	ManagedClusterSecurityProfile Optional
serviceMeshProfile	Service mesh profile for a managed cluster.	ServiceMeshProfile Optional
servicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.	ManagedClusterServicePrincipalProfile Optional
sku	The managed cluster SKU.	ManagedClusterSKU Optional
storageProfile	Storage profile for the managed cluster.	ManagedClusterStorageProfile Optional
supportPlan	The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’.	KubernetesSupportPlan Optional
tags	Resource tags.	map[string]string Optional
upgradeSettings	Settings for upgrading a cluster.	ClusterUpgradeSettings Optional
windowsProfile	The profile for Windows VMs in the Managed Cluster.	ManagedClusterWindowsProfile Optional
workloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.	ManagedClusterWorkloadAutoScalerProfile Optional

ManagedCluster_STATUS

Managed cluster.

Used by: ManagedCluster.

Property	Description	Type
aadProfile	The Azure Active Directory configuration.	ManagedClusterAADProfile_STATUS Optional
addonProfiles	The profile of managed cluster add-on.	map[string]ManagedClusterAddonProfile_STATUS Optional
agentPoolProfiles	The agent pool properties.	ManagedClusterAgentPoolProfile_STATUS[] Optional
apiServerAccessProfile	The access profile for managed cluster API server.	ManagedClusterAPIServerAccessProfile_STATUS Optional
autoScalerProfile	Parameters to be applied to the cluster-autoscaler when enabled	ManagedClusterProperties_AutoScalerProfile_STATUS Optional
autoUpgradeProfile	The auto upgrade configuration.	ManagedClusterAutoUpgradeProfile_STATUS Optional
azureMonitorProfile	Azure Monitor addon profiles for monitoring the managed cluster.	ManagedClusterAzureMonitorProfile_STATUS Optional
azurePortalFQDN	The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
currentKubernetesVersion	If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.	string Optional
disableLocalAccounts	If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.	bool Optional
diskEncryptionSetID	This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’	string Optional
dnsPrefix	This cannot be updated once the Managed Cluster has been created.	string Optional
enablePodSecurityPolicy	(DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.	bool Optional
enableRBAC	Whether to enable Kubernetes Role-Based Access Control.	bool Optional
eTag	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.	string Optional
extendedLocation	The extended location of the Virtual Machine.	ExtendedLocation_STATUS Optional
fqdn	The FQDN of the master pool.	string Optional
fqdnSubdomain	This cannot be updated once the Managed Cluster has been created.	string Optional
httpProxyConfig	Configurations for provisioning the cluster with HTTP proxy servers.	ManagedClusterHTTPProxyConfig_STATUS Optional
id	Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”	string Optional
identity	The identity of the managed cluster, if configured.	ManagedClusterIdentity_STATUS Optional
identityProfile	The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”.	map[string]UserAssignedIdentity_STATUS Optional
ingressProfile	Ingress profile for the managed cluster.	ManagedClusterIngressProfile_STATUS Optional
kubernetesVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.	string Optional
linuxProfile	The profile for Linux VMs in the Managed Cluster.	ContainerServiceLinuxProfile_STATUS Optional
location	The geo-location where the resource lives	string Optional
maxAgentPools	The max number of agent pools for the managed cluster.	int Optional
metricsProfile	Optional cluster metrics configuration.	ManagedClusterMetricsProfile_STATUS Optional
name	The name of the resource	string Optional
networkProfile	The network configuration profile.	ContainerServiceNetworkProfile_STATUS Optional
nodeResourceGroup	The name of the resource group containing agent pool nodes.	string Optional
nodeResourceGroupProfile	Profile of the node resource group configuration.	ManagedClusterNodeResourceGroupProfile_STATUS Optional
oidcIssuerProfile	The OIDC issuer profile of the Managed Cluster.	ManagedClusterOIDCIssuerProfile_STATUS Optional
podIdentityProfile	See use AAD pod identity for more details on AAD pod identity integration.	ManagedClusterPodIdentityProfile_STATUS Optional
powerState	The Power State of the cluster.	PowerState_STATUS Optional
privateFQDN	The FQDN of private cluster.	string Optional
privateLinkResources	Private link resources associated with the cluster.	PrivateLinkResource_STATUS[] Optional
provisioningState	The current provisioning state.	string Optional
publicNetworkAccess	Allow or deny public network access for AKS	ManagedClusterProperties_PublicNetworkAccess_STATUS Optional
resourceUID	The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence)	string Optional
securityProfile	Security profile for the managed cluster.	ManagedClusterSecurityProfile_STATUS Optional
serviceMeshProfile	Service mesh profile for a managed cluster.	ServiceMeshProfile_STATUS Optional
servicePrincipalProfile	Information about a service principal identity for the cluster to use for manipulating Azure APIs.	ManagedClusterServicePrincipalProfile_STATUS Optional
sku	The managed cluster SKU.	ManagedClusterSKU_STATUS Optional
storageProfile	Storage profile for the managed cluster.	ManagedClusterStorageProfile_STATUS Optional
supportPlan	The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’.	KubernetesSupportPlan_STATUS Optional
systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.	SystemData_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”	string Optional
upgradeSettings	Settings for upgrading a cluster.	ClusterUpgradeSettings_STATUS Optional
windowsProfile	The profile for Windows VMs in the Managed Cluster.	ManagedClusterWindowsProfile_STATUS Optional
workloadAutoScalerProfile	Workload Auto-scaler profile for the managed cluster.	ManagedClusterWorkloadAutoScalerProfile_STATUS Optional

ManagedClustersAgentPool_Spec

Used by: ManagedClustersAgentPool.

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
capacityReservationGroupReference	AKS will associate the specified agent pool with the Capacity Reservation Group.	genruntime.ResourceReference Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile Optional
hostGroupReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	genruntime.ResourceReference Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode Optional
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	genruntime.ResourceReference Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ManagedClustersAgentPoolOperatorSpec Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		ContainerServiceOSDisk Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU Optional
osType	The operating system type. The default is Linux.	OSType Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
podSubnetReference	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState Optional
proximityPlacementGroupReference	The ID for Proximity Placement Group.	genruntime.ResourceReference Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	The type of Agent Pool.	AgentPoolType Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetReference	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime Optional

ManagedClustersAgentPool_STATUS

Used by: ManagedClustersAgentPool.

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
capacityReservationGroupID	AKS will associate the specified agent pool with the Capacity Reservation Group.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData_STATUS Optional
currentOrchestratorVersion	If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used.	string Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
eTag	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.	string Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile_STATUS Optional
hostGroupID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	string Optional
id	Resource ID.	string Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig_STATUS Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType_STATUS Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig_STATUS Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode_STATUS Optional
name	The name of the resource that is unique within a resource group. This name can be used to access the resource.	string Optional
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile_STATUS Optional
nodeImageVersion	The version of node image	string Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	string Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		int Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType_STATUS Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU_STATUS Optional
osType	The operating system type. The default is Linux.	OSType_STATUS Optional
podSubnetID	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState_STATUS Optional
properties_type	The type of Agent Pool.	AgentPoolType_STATUS Optional
provisioningState	The current deployment or provisioning state.	string Optional
proximityPlacementGroupID	The ID for Proximity Placement Group.	string Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode_STATUS Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy_STATUS Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority_STATUS Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile_STATUS Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	Resource type	string Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings_STATUS Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetID	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile_STATUS Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime_STATUS Optional

TrustedAccessRoleBinding_Spec

Used by: TrustedAccessRoleBinding.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	TrustedAccessRoleBindingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource	genruntime.KnownResourceReference Required
roles	A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’.	string[] Required
sourceResourceReference	The ARM resource ID of source resource that trusted access is configured for.	genruntime.ResourceReference Required

TrustedAccessRoleBinding_STATUS

Used by: TrustedAccessRoleBinding.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”	string Optional
name	The name of the resource	string Optional
provisioningState	The current provisioning state of trusted access role binding.	TrustedAccessRoleBindingProperties_ProvisioningState_STATUS Optional
roles	A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’.	string[] Optional
sourceResourceId	The ARM resource ID of source resource that trusted access is configured for.	string Optional
systemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.	SystemData_STATUS Optional
type	The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”	string Optional

AgentPoolMode

A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“System”
“User”

AgentPoolMode_STATUS

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“System”
“User”

AgentPoolNetworkProfile

Network settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
allowedHostPorts	The port ranges that are allowed to access. The specified ranges are allowed to overlap.	PortRange[] Optional
applicationSecurityGroupsReferences	The IDs of the application security groups which agent pool will associate when created.	genruntime.ResourceReference[] Optional
nodePublicIPTags	IPTags of instance-level public IPs.	IPTag[] Optional

AgentPoolNetworkProfile_STATUS

Network settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
allowedHostPorts	The port ranges that are allowed to access. The specified ranges are allowed to overlap.	PortRange_STATUS[] Optional
applicationSecurityGroups	The IDs of the application security groups which agent pool will associate when created.	string[] Optional
nodePublicIPTags	IPTags of instance-level public IPs.	IPTag_STATUS[] Optional

AgentPoolSecurityProfile

The security settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
enableSecureBoot	Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.	bool Optional
enableVTPM	vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.	bool Optional

AgentPoolSecurityProfile_STATUS

The security settings of an agent pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
enableSecureBoot	Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.	bool Optional
enableVTPM	vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.	bool Optional

AgentPoolType

The type of Agent Pool.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“AvailabilitySet”
“VirtualMachineScaleSets”

AgentPoolType_STATUS

The type of Agent Pool.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“AvailabilitySet”
“VirtualMachineScaleSets”

AgentPoolUpgradeSettings

Settings for upgrading an agentpool

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
drainTimeoutInMinutes	The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes.	int Optional
maxSurge	This can either be set to an integer (e.g. ‘5’) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade	string Optional
nodeSoakDurationInMinutes	The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes.	int Optional

AgentPoolUpgradeSettings_STATUS

Settings for upgrading an agentpool

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
drainTimeoutInMinutes	The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes.	int Optional
maxSurge	This can either be set to an integer (e.g. ‘5’) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade	string Optional
nodeSoakDurationInMinutes	The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes.	int Optional

AgentPoolWindowsProfile

The Windows agent pool’s specific profile.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
disableOutboundNat	The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled.	bool Optional

AgentPoolWindowsProfile_STATUS

The Windows agent pool’s specific profile.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
disableOutboundNat	The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled.	bool Optional

ClusterUpgradeSettings

Settings for upgrading a cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
overrideSettings	Settings for overrides.	UpgradeOverrideSettings Optional

ClusterUpgradeSettings_STATUS

Settings for upgrading a cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
overrideSettings	Settings for overrides.	UpgradeOverrideSettings_STATUS Optional

ContainerServiceLinuxProfile

Profile for Linux VMs in the container service cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
adminUsername	The administrator username to use for Linux VMs.	string Required
ssh	The SSH configuration for Linux-based VMs running on Azure.	ContainerServiceSshConfiguration Required

ContainerServiceLinuxProfile_STATUS

Profile for Linux VMs in the container service cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
adminUsername	The administrator username to use for Linux VMs.	string Optional
ssh	The SSH configuration for Linux-based VMs running on Azure.	ContainerServiceSshConfiguration_STATUS Optional

ContainerServiceNetworkProfile

Profile of network configuration.

Used by: ManagedCluster_Spec.

Property	Description	Type
advancedNetworking	Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.	AdvancedNetworking Optional
dnsServiceIP	An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.	string Optional
ipFamilies	IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.	ContainerServiceNetworkProfile_IpFamilies[] Optional
loadBalancerProfile	Profile of the cluster load balancer.	ManagedClusterLoadBalancerProfile Optional
loadBalancerSku	The default is ‘standard’. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.	ContainerServiceNetworkProfile_LoadBalancerSku Optional
natGatewayProfile	Profile of the cluster NAT gateway.	ManagedClusterNATGatewayProfile Optional
networkDataplane	Network dataplane used in the Kubernetes cluster.	ContainerServiceNetworkProfile_NetworkDataplane Optional
networkMode	This cannot be specified if networkPlugin is anything other than ‘azure’.	ContainerServiceNetworkProfile_NetworkMode Optional
networkPlugin	Network plugin used for building the Kubernetes network.	ContainerServiceNetworkProfile_NetworkPlugin Optional
networkPluginMode	The mode the network plugin should use.	ContainerServiceNetworkProfile_NetworkPluginMode Optional
networkPolicy	Network policy used for building the Kubernetes network.	ContainerServiceNetworkProfile_NetworkPolicy Optional
outboundType	This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.	ContainerServiceNetworkProfile_OutboundType Optional
podCidr	A CIDR notation IP range from which to assign pod IPs when kubenet is used.	string Optional
podCidrs	One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.	string[] Optional
serviceCidr	A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.	string Optional
serviceCidrs	One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.	string[] Optional

ContainerServiceNetworkProfile_STATUS

Profile of network configuration.

Used by: ManagedCluster_STATUS.

Property	Description	Type
advancedNetworking	Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.	AdvancedNetworking_STATUS Optional
dnsServiceIP	An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.	string Optional
ipFamilies	IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.	ContainerServiceNetworkProfile_IpFamilies_STATUS[] Optional
loadBalancerProfile	Profile of the cluster load balancer.	ManagedClusterLoadBalancerProfile_STATUS Optional
loadBalancerSku	The default is ‘standard’. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.	ContainerServiceNetworkProfile_LoadBalancerSku_STATUS Optional
natGatewayProfile	Profile of the cluster NAT gateway.	ManagedClusterNATGatewayProfile_STATUS Optional
networkDataplane	Network dataplane used in the Kubernetes cluster.	ContainerServiceNetworkProfile_NetworkDataplane_STATUS Optional
networkMode	This cannot be specified if networkPlugin is anything other than ‘azure’.	ContainerServiceNetworkProfile_NetworkMode_STATUS Optional
networkPlugin	Network plugin used for building the Kubernetes network.	ContainerServiceNetworkProfile_NetworkPlugin_STATUS Optional
networkPluginMode	The mode the network plugin should use.	ContainerServiceNetworkProfile_NetworkPluginMode_STATUS Optional
networkPolicy	Network policy used for building the Kubernetes network.	ContainerServiceNetworkProfile_NetworkPolicy_STATUS Optional
outboundType	This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.	ContainerServiceNetworkProfile_OutboundType_STATUS Optional
podCidr	A CIDR notation IP range from which to assign pod IPs when kubenet is used.	string Optional
podCidrs	One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.	string[] Optional
serviceCidr	A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.	string Optional
serviceCidrs	One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.	string[] Optional

ContainerServiceOSDisk

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

CreationData

Data used when creating a target resource from a source resource.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
sourceResourceReference	This is the ARM ID of the source object to be used to create the target object.	genruntime.ResourceReference Optional

CreationData_STATUS

Data used when creating a target resource from a source resource.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
sourceResourceId	This is the ARM ID of the source object to be used to create the target object.	string Optional

ExtendedLocation

The complex type of the extended location.

Used by: ManagedCluster_Spec.

Property	Description	Type
name	The name of the extended location.	string Optional
type	The type of the extended location.	ExtendedLocationType Optional

ExtendedLocation_STATUS

The complex type of the extended location.

Used by: ManagedCluster_STATUS.

Property	Description	Type
name	The name of the extended location.	string Optional
type	The type of the extended location.	ExtendedLocationType_STATUS Optional

GPUInstanceProfile

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“MIG1g”
“MIG2g”
“MIG3g”
“MIG4g”
“MIG7g”

GPUInstanceProfile_STATUS

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“MIG1g”
“MIG2g”
“MIG3g”
“MIG4g”
“MIG7g”

KubeletConfig

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
allowedUnsafeSysctls	Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).	string[] Optional
containerLogMaxFiles	The maximum number of container log files that can be present for a container. The number must be ≥ 2.	int Optional
containerLogMaxSizeMB	The maximum size (e.g. 10Mi) of container log file before it is rotated.	int Optional
cpuCfsQuota	The default is true.	bool Optional
cpuCfsQuotaPeriod	The default is ‘100ms.’ Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: ‘300ms’, ‘2h45m’. Supported units are ’ns’, ‘us’, ‘ms’, ’s’, ’m’, and ‘h’.	string Optional
cpuManagerPolicy	The default is ’none’. See Kubernetes CPU management policies for more information. Allowed values are ’none’ and ‘static’.	string Optional
failSwapOn	If set to true it will make the Kubelet fail to start if swap is enabled on the node.	bool Optional
imageGcHighThreshold	To disable image garbage collection, set to 100. The default is 85%	int Optional
imageGcLowThreshold	This cannot be set higher than imageGcHighThreshold. The default is 80%	int Optional
podMaxPids	The maximum number of processes per pod.	int Optional
topologyManagerPolicy	For more information see Kubernetes Topology Manager. The default is ’none’. Allowed values are ’none’, ‘best-effort’, ‘restricted’, and ‘single-numa-node’.	string Optional

KubeletConfig_STATUS

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
allowedUnsafeSysctls	Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in `*`).	string[] Optional
containerLogMaxFiles	The maximum number of container log files that can be present for a container. The number must be ≥ 2.	int Optional
containerLogMaxSizeMB	The maximum size (e.g. 10Mi) of container log file before it is rotated.	int Optional
cpuCfsQuota	The default is true.	bool Optional
cpuCfsQuotaPeriod	The default is ‘100ms.’ Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: ‘300ms’, ‘2h45m’. Supported units are ’ns’, ‘us’, ‘ms’, ’s’, ’m’, and ‘h’.	string Optional
cpuManagerPolicy	The default is ’none’. See Kubernetes CPU management policies for more information. Allowed values are ’none’ and ‘static’.	string Optional
failSwapOn	If set to true it will make the Kubelet fail to start if swap is enabled on the node.	bool Optional
imageGcHighThreshold	To disable image garbage collection, set to 100. The default is 85%	int Optional
imageGcLowThreshold	This cannot be set higher than imageGcHighThreshold. The default is 80%	int Optional
podMaxPids	The maximum number of processes per pod.	int Optional
topologyManagerPolicy	For more information see Kubernetes Topology Manager. The default is ’none’. Allowed values are ’none’, ‘best-effort’, ‘restricted’, and ‘single-numa-node’.	string Optional

KubeletDiskType

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“OS”
“Temporary”

KubeletDiskType_STATUS

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“OS”
“Temporary”

KubernetesSupportPlan

Different support tiers for AKS managed clusters

Used by: ManagedCluster_Spec.

Value	Description
“AKSLongTermSupport”
“KubernetesOfficial”

KubernetesSupportPlan_STATUS

Different support tiers for AKS managed clusters

Used by: ManagedCluster_STATUS.

Value	Description
“AKSLongTermSupport”
“KubernetesOfficial”

LinuxOSConfig

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
swapFileSizeMB	The size in MB of a swap file that will be created on each node.	int Optional
sysctls	Sysctl settings for Linux agent nodes.	SysctlConfig Optional
transparentHugePageDefrag	Valid values are ‘always’, ‘defer’, ‘defer+madvise’, ‘madvise’ and ’never’. The default is ‘madvise’. For more information see Transparent Hugepages.	string Optional
transparentHugePageEnabled	Valid values are ‘always’, ‘madvise’, and ’never’. The default is ‘always’. For more information see Transparent Hugepages.	string Optional

LinuxOSConfig_STATUS

See AKS custom node configuration for more details.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
swapFileSizeMB	The size in MB of a swap file that will be created on each node.	int Optional
sysctls	Sysctl settings for Linux agent nodes.	SysctlConfig_STATUS Optional
transparentHugePageDefrag	Valid values are ‘always’, ‘defer’, ‘defer+madvise’, ‘madvise’ and ’never’. The default is ‘madvise’. For more information see Transparent Hugepages.	string Optional
transparentHugePageEnabled	Valid values are ‘always’, ‘madvise’, and ’never’. The default is ‘always’. For more information see Transparent Hugepages.	string Optional

MaintenanceConfigurationOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: MaintenanceConfiguration_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

MaintenanceWindow

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Used by: MaintenanceConfiguration_Spec.

Property	Description	Type
durationHours	Length of maintenance window range from 4 to 24 hours.	int Required
notAllowedDates	Date ranges on which upgrade is not allowed. ‘utcOffset’ applies to this field. For example, with ‘utcOffset: +02:00’ and ‘dateSpan’ being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time.	DateSpan[] Optional
schedule	Recurrence schedule for the maintenance window.	Schedule Required
startDate	The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away.	string Optional
startTime	The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. ‘utcOffset’ applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’.	string Required
utcOffset	The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’.	string Optional

MaintenanceWindow_STATUS

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Used by: MaintenanceConfiguration_STATUS.

Property	Description	Type
durationHours	Length of maintenance window range from 4 to 24 hours.	int Optional
notAllowedDates	Date ranges on which upgrade is not allowed. ‘utcOffset’ applies to this field. For example, with ‘utcOffset: +02:00’ and ‘dateSpan’ being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time.	DateSpan_STATUS[] Optional
schedule	Recurrence schedule for the maintenance window.	Schedule_STATUS Optional
startDate	The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away.	string Optional
startTime	The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. ‘utcOffset’ applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’.	string Optional
utcOffset	The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’.	string Optional

ManagedClusterAADProfile

For more details see managed AAD on AKS.

Used by: ManagedCluster_Spec.

Property	Description	Type
adminGroupObjectIDs	The list of AAD group object IDs that will have admin role of the cluster.	string[] Optional
clientAppID	(DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
enableAzureRBAC	Whether to enable Azure RBAC for Kubernetes authorization.	bool Optional
managed	Whether to enable managed AAD.	bool Optional
serverAppID	(DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
serverAppSecret	(DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
tenantID	The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.	string Optional

ManagedClusterAADProfile_STATUS

For more details see managed AAD on AKS.

Used by: ManagedCluster_STATUS.

Property	Description	Type
adminGroupObjectIDs	The list of AAD group object IDs that will have admin role of the cluster.	string[] Optional
clientAppID	(DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
enableAzureRBAC	Whether to enable Azure RBAC for Kubernetes authorization.	bool Optional
managed	Whether to enable managed AAD.	bool Optional
serverAppID	(DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
serverAppSecret	(DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.	string Optional
tenantID	The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.	string Optional

ManagedClusterAddonProfile

A Kubernetes add-on profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
config	Key-value pairs for configuring an add-on.	map[string]string Optional
enabled	Whether the add-on is enabled or not.	bool Required

ManagedClusterAddonProfile_STATUS

A Kubernetes add-on profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
config	Key-value pairs for configuring an add-on.	map[string]string Optional
enabled	Whether the add-on is enabled or not.	bool Optional
identity	Information of user assigned identity used by this add-on.	UserAssignedIdentity_STATUS Optional

ManagedClusterAgentPoolProfile

Profile for the container service agent pool.

Used by: ManagedCluster_Spec.

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
capacityReservationGroupReference	AKS will associate the specified agent pool with the Capacity Reservation Group.	genruntime.ResourceReference Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile Optional
hostGroupReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	genruntime.ResourceReference Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode Optional
name	Windows agent pool names must be 6 characters or less.	string Required
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixReference	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	genruntime.ResourceReference Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		ContainerServiceOSDisk Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU Optional
osType	The operating system type. The default is Linux.	OSType Optional
podSubnetReference	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState Optional
proximityPlacementGroupReference	The ID for Proximity Placement Group.	genruntime.ResourceReference Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	The type of Agent Pool.	AgentPoolType Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetReference	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	genruntime.ResourceReference Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime Optional

ManagedClusterAgentPoolProfile_STATUS

Profile for the container service agent pool.

Used by: ManagedCluster_STATUS.

Property	Description	Type
availabilityZones	The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.	string[] Optional
capacityReservationGroupID	AKS will associate the specified agent pool with the Capacity Reservation Group.	string Optional
count	Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.	int Optional
creationData	CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.	CreationData_STATUS Optional
currentOrchestratorVersion	If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used.	string Optional
enableAutoScaling	Whether to enable auto-scaler	bool Optional
enableEncryptionAtHost	This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption	bool Optional
enableFIPS	See Add a FIPS-enabled node pool for more details.	bool Optional
enableNodePublicIP	Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.	bool Optional
enableUltraSSD	Whether to enable UltraSSD	bool Optional
eTag	Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.	string Optional
gpuInstanceProfile	GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.	GPUInstanceProfile_STATUS Optional
hostGroupID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.	string Optional
kubeletConfig	The Kubelet configuration on the agent pool nodes.	KubeletConfig_STATUS Optional
kubeletDiskType	Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.	KubeletDiskType_STATUS Optional
linuxOSConfig	The OS configuration of Linux agent nodes.	LinuxOSConfig_STATUS Optional
maxCount	The maximum number of nodes for auto-scaling	int Optional
maxPods	The maximum number of pods that can run on a node.	int Optional
minCount	The minimum number of nodes for auto-scaling	int Optional
mode	A cluster must have at least one ‘System’ Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools	AgentPoolMode_STATUS Optional
name	Windows agent pool names must be 6 characters or less.	string Optional
networkProfile	Network-related settings of an agent pool.	AgentPoolNetworkProfile_STATUS Optional
nodeImageVersion	The version of node image	string Optional
nodeLabels	The node labels to be persisted across all nodes in agent pool.	map[string]string Optional
nodePublicIPPrefixID	This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}	string Optional
nodeTaints	The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.	string[] Optional
orchestratorVersion	Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.	string Optional
osDiskSizeGB		int Optional
osDiskType	The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.	OSDiskType_STATUS Optional
osSKU	Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.	OSSKU_STATUS Optional
osType	The operating system type. The default is Linux.	OSType_STATUS Optional
podSubnetID	If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
powerState	When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded	PowerState_STATUS Optional
provisioningState	The current deployment or provisioning state.	string Optional
proximityPlacementGroupID	The ID for Proximity Placement Group.	string Optional
scaleDownMode	This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.	ScaleDownMode_STATUS Optional
scaleSetEvictionPolicy	This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.	ScaleSetEvictionPolicy_STATUS Optional
scaleSetPriority	The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.	ScaleSetPriority_STATUS Optional
securityProfile	The security settings of an agent pool.	AgentPoolSecurityProfile_STATUS Optional
spotMaxPrice	Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing	float64 Optional
tags	The tags to be persisted on the agent pool virtual machine scale set.	map[string]string Optional
type	The type of Agent Pool.	AgentPoolType_STATUS Optional
upgradeSettings	Settings for upgrading the agentpool	AgentPoolUpgradeSettings_STATUS Optional
vmSize	VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions	string Optional
vnetSubnetID	If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}	string Optional
windowsProfile	The Windows agent pool’s specific profile.	AgentPoolWindowsProfile_STATUS Optional
workloadRuntime	Determines the type of workload a node can run.	WorkloadRuntime_STATUS Optional

ManagedClusterAPIServerAccessProfile

Access profile for managed cluster API server.

Used by: ManagedCluster_Spec.

Property	Description	Type
authorizedIPRanges	IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.	string[] Optional
disableRunCommand	Whether to disable run command for the cluster or not.	bool Optional
enablePrivateCluster	For more details, see Creating a private AKS cluster.	bool Optional
enablePrivateClusterPublicFQDN	Whether to create additional public FQDN for private cluster or not.	bool Optional
privateDNSZone	The default is System. For more details see configure private DNS zone. Allowed values are ‘system’ and ’none’.	string Optional

ManagedClusterAPIServerAccessProfile_STATUS

Access profile for managed cluster API server.

Used by: ManagedCluster_STATUS.

Property	Description	Type
authorizedIPRanges	IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.	string[] Optional
disableRunCommand	Whether to disable run command for the cluster or not.	bool Optional
enablePrivateCluster	For more details, see Creating a private AKS cluster.	bool Optional
enablePrivateClusterPublicFQDN	Whether to create additional public FQDN for private cluster or not.	bool Optional
privateDNSZone	The default is System. For more details see configure private DNS zone. Allowed values are ‘system’ and ’none’.	string Optional

ManagedClusterAutoUpgradeProfile

Auto upgrade profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
nodeOSUpgradeChannel	Manner in which the OS on your nodes is updated. The default is NodeImage.	ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel Optional
upgradeChannel	For more information see setting the AKS cluster auto-upgrade channel.	ManagedClusterAutoUpgradeProfile_UpgradeChannel Optional

ManagedClusterAutoUpgradeProfile_STATUS

Auto upgrade profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
nodeOSUpgradeChannel	Manner in which the OS on your nodes is updated. The default is NodeImage.	ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel_STATUS Optional
upgradeChannel	For more information see setting the AKS cluster auto-upgrade channel.	ManagedClusterAutoUpgradeProfile_UpgradeChannel_STATUS Optional

ManagedClusterAzureMonitorProfile

Azure Monitor addon profiles for monitoring the managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
metrics	Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.	ManagedClusterAzureMonitorProfileMetrics Optional

ManagedClusterAzureMonitorProfile_STATUS

Azure Monitor addon profiles for monitoring the managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
metrics	Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.	ManagedClusterAzureMonitorProfileMetrics_STATUS Optional

ManagedClusterHTTPProxyConfig

Cluster HTTP proxy configuration.

Used by: ManagedCluster_Spec.

Property	Description	Type
httpProxy	The HTTP proxy server endpoint to use.	string Optional
httpsProxy	The HTTPS proxy server endpoint to use.	string Optional
noProxy	The endpoints that should not go through proxy.	string[] Optional
trustedCa	Alternative CA cert to use for connecting to proxy servers.	string Optional

ManagedClusterHTTPProxyConfig_STATUS

Cluster HTTP proxy configuration.

Used by: ManagedCluster_STATUS.

Property	Description	Type
httpProxy	The HTTP proxy server endpoint to use.	string Optional
httpsProxy	The HTTPS proxy server endpoint to use.	string Optional
noProxy	The endpoints that should not go through proxy.	string[] Optional
trustedCa	Alternative CA cert to use for connecting to proxy servers.	string Optional

ManagedClusterIdentity

Identity for the managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
delegatedResources	The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only.	map[string]DelegatedResource Optional
type	For more information see use managed identities in AKS.	ManagedClusterIdentity_Type Optional
userAssignedIdentities	The keys must be ARM resource IDs in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’.	UserAssignedIdentityDetails[] Optional

ManagedClusterIdentity_STATUS

Identity for the managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
delegatedResources	The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only.	map[string]DelegatedResource_STATUS Optional
principalId	The principal id of the system assigned identity which is used by master components.	string Optional
tenantId	The tenant id of the system assigned identity which is used by master components.	string Optional
type	For more information see use managed identities in AKS.	ManagedClusterIdentity_Type_STATUS Optional
userAssignedIdentities	The keys must be ARM resource IDs in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’.	map[string]ManagedClusterIdentity_UserAssignedIdentities_STATUS Optional

ManagedClusterIngressProfile

Ingress profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
webAppRouting	App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default.	ManagedClusterIngressProfileWebAppRouting Optional

ManagedClusterIngressProfile_STATUS

Ingress profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
webAppRouting	App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default.	ManagedClusterIngressProfileWebAppRouting_STATUS Optional

ManagedClusterMetricsProfile

The metrics profile for the ManagedCluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
costAnalysis	The cost analysis configuration for the cluster	ManagedClusterCostAnalysis Optional

ManagedClusterMetricsProfile_STATUS

The metrics profile for the ManagedCluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
costAnalysis	The cost analysis configuration for the cluster	ManagedClusterCostAnalysis_STATUS Optional

ManagedClusterNodeResourceGroupProfile

Node resource group lockdown profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
restrictionLevel	The restriction level applied to the cluster’s node resource group. If not specified, the default is ‘Unrestricted’	ManagedClusterNodeResourceGroupProfile_RestrictionLevel Optional

ManagedClusterNodeResourceGroupProfile_STATUS

Node resource group lockdown profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
restrictionLevel	The restriction level applied to the cluster’s node resource group. If not specified, the default is ‘Unrestricted’	ManagedClusterNodeResourceGroupProfile_RestrictionLevel_STATUS Optional

ManagedClusterOIDCIssuerProfile

The OIDC issuer profile of the Managed Cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
enabled	Whether the OIDC issuer is enabled.	bool Optional

ManagedClusterOIDCIssuerProfile_STATUS

The OIDC issuer profile of the Managed Cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
enabled	Whether the OIDC issuer is enabled.	bool Optional
issuerURL	The OIDC issuer url of the Managed Cluster.	string Optional

ManagedClusterOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ManagedCluster_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
configMaps	configures where to place operator written ConfigMaps.	ManagedClusterOperatorConfigMaps Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional
secrets	configures where to place Azure generated secrets.	ManagedClusterOperatorSecrets Optional

ManagedClusterPodIdentityProfile

See use AAD pod identity for more details on pod identity integration.

Used by: ManagedCluster_Spec.

Property	Description	Type
allowNetworkPluginKubenet	Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.	bool Optional
enabled	Whether the pod identity addon is enabled.	bool Optional
userAssignedIdentities	The pod identities to use in the cluster.	ManagedClusterPodIdentity[] Optional
userAssignedIdentityExceptions	The pod identity exceptions to allow.	ManagedClusterPodIdentityException[] Optional

ManagedClusterPodIdentityProfile_STATUS

See use AAD pod identity for more details on pod identity integration.

Used by: ManagedCluster_STATUS.

Property	Description	Type
allowNetworkPluginKubenet	Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.	bool Optional
enabled	Whether the pod identity addon is enabled.	bool Optional
userAssignedIdentities	The pod identities to use in the cluster.	ManagedClusterPodIdentity_STATUS[] Optional
userAssignedIdentityExceptions	The pod identity exceptions to allow.	ManagedClusterPodIdentityException_STATUS[] Optional

ManagedClusterProperties_AutoScalerProfile

Used by: ManagedCluster_Spec.

Property	Description	Type
balance-similar-node-groups	Valid values are ’true’ and ‘false’	string Optional
daemonset-eviction-for-empty-nodes	If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.	bool Optional
daemonset-eviction-for-occupied-nodes	If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.	bool Optional
expander	If not specified, the default is ‘random’. See expanders for more information.	ManagedClusterProperties_AutoScalerProfile_Expander Optional
ignore-daemonsets-utilization	If set to true, the resources used by daemonset will be taken into account when making scaling down decisions.	bool Optional
max-empty-bulk-delete	The default is 10.	string Optional
max-graceful-termination-sec	The default is 600.	string Optional
max-node-provision-time	The default is ‘15m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
max-total-unready-percentage	The default is 45. The maximum is 100 and the minimum is 0.	string Optional
new-pod-scale-up-delay	For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is ‘0s’. Values must be an integer followed by a unit (’s’ for seconds, ’m’ for minutes, ‘h’ for hours, etc).	string Optional
ok-total-unready-count	This must be an integer. The default is 3.	string Optional
scale-down-delay-after-add	The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-delay-after-delete	The default is the scan-interval. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-delay-after-failure	The default is ‘3m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-unneeded-time	The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-unready-time	The default is ‘20m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-utilization-threshold	The default is ‘0.5’.	string Optional
scan-interval	The default is ‘10’. Values must be an integer number of seconds.	string Optional
skip-nodes-with-local-storage	The default is true.	string Optional
skip-nodes-with-system-pods	The default is true.	string Optional

ManagedClusterProperties_AutoScalerProfile_STATUS

Used by: ManagedCluster_STATUS.

Property	Description	Type
balance-similar-node-groups	Valid values are ’true’ and ‘false’	string Optional
daemonset-eviction-for-empty-nodes	If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.	bool Optional
daemonset-eviction-for-occupied-nodes	If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.	bool Optional
expander	If not specified, the default is ‘random’. See expanders for more information.	ManagedClusterProperties_AutoScalerProfile_Expander_STATUS Optional
ignore-daemonsets-utilization	If set to true, the resources used by daemonset will be taken into account when making scaling down decisions.	bool Optional
max-empty-bulk-delete	The default is 10.	string Optional
max-graceful-termination-sec	The default is 600.	string Optional
max-node-provision-time	The default is ‘15m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
max-total-unready-percentage	The default is 45. The maximum is 100 and the minimum is 0.	string Optional
new-pod-scale-up-delay	For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is ‘0s’. Values must be an integer followed by a unit (’s’ for seconds, ’m’ for minutes, ‘h’ for hours, etc).	string Optional
ok-total-unready-count	This must be an integer. The default is 3.	string Optional
scale-down-delay-after-add	The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-delay-after-delete	The default is the scan-interval. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-delay-after-failure	The default is ‘3m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-unneeded-time	The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-unready-time	The default is ‘20m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.	string Optional
scale-down-utilization-threshold	The default is ‘0.5’.	string Optional
scan-interval	The default is ‘10’. Values must be an integer number of seconds.	string Optional
skip-nodes-with-local-storage	The default is true.	string Optional
skip-nodes-with-system-pods	The default is true.	string Optional

ManagedClusterProperties_PublicNetworkAccess

Used by: ManagedCluster_Spec.

Value	Description
“Disabled”
“Enabled”

ManagedClusterProperties_PublicNetworkAccess_STATUS

Used by: ManagedCluster_STATUS.

Value	Description
“Disabled”
“Enabled”

ManagedClustersAgentPoolOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ManagedClustersAgentPool_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ManagedClusterSecurityProfile

Security profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
azureKeyVaultKms	Azure Key Vault key management service settings for the security profile.	AzureKeyVaultKms Optional
defender	Microsoft Defender settings for the security profile.	ManagedClusterSecurityProfileDefender Optional
imageCleaner	Image Cleaner settings for the security profile.	ManagedClusterSecurityProfileImageCleaner Optional
workloadIdentity	Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details.	ManagedClusterSecurityProfileWorkloadIdentity Optional

ManagedClusterSecurityProfile_STATUS

Security profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
azureKeyVaultKms	Azure Key Vault key management service settings for the security profile.	AzureKeyVaultKms_STATUS Optional
defender	Microsoft Defender settings for the security profile.	ManagedClusterSecurityProfileDefender_STATUS Optional
imageCleaner	Image Cleaner settings for the security profile.	ManagedClusterSecurityProfileImageCleaner_STATUS Optional
workloadIdentity	Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details.	ManagedClusterSecurityProfileWorkloadIdentity_STATUS Optional

ManagedClusterServicePrincipalProfile

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

Used by: ManagedCluster_Spec.

Property	Description	Type
clientId	The ID for the service principal.	string Required
secret	The secret password associated with the service principal in plain text.	genruntime.SecretReference Optional

ManagedClusterServicePrincipalProfile_STATUS

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

Used by: ManagedCluster_STATUS.

Property	Description	Type
clientId	The ID for the service principal.	string Optional

ManagedClusterSKU

The SKU of a Managed Cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
name	The name of a managed cluster SKU.	ManagedClusterSKU_Name Optional
tier	If not specified, the default is ‘Free’. See AKS Pricing Tier for more details.	ManagedClusterSKU_Tier Optional

ManagedClusterSKU_STATUS

The SKU of a Managed Cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
name	The name of a managed cluster SKU.	ManagedClusterSKU_Name_STATUS Optional
tier	If not specified, the default is ‘Free’. See AKS Pricing Tier for more details.	ManagedClusterSKU_Tier_STATUS Optional

ManagedClusterStorageProfile

Storage profile for the container service cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
blobCSIDriver	AzureBlob CSI Driver settings for the storage profile.	ManagedClusterStorageProfileBlobCSIDriver Optional
diskCSIDriver	AzureDisk CSI Driver settings for the storage profile.	ManagedClusterStorageProfileDiskCSIDriver Optional
fileCSIDriver	AzureFile CSI Driver settings for the storage profile.	ManagedClusterStorageProfileFileCSIDriver Optional
snapshotController	Snapshot Controller settings for the storage profile.	ManagedClusterStorageProfileSnapshotController Optional

ManagedClusterStorageProfile_STATUS

Storage profile for the container service cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
blobCSIDriver	AzureBlob CSI Driver settings for the storage profile.	ManagedClusterStorageProfileBlobCSIDriver_STATUS Optional
diskCSIDriver	AzureDisk CSI Driver settings for the storage profile.	ManagedClusterStorageProfileDiskCSIDriver_STATUS Optional
fileCSIDriver	AzureFile CSI Driver settings for the storage profile.	ManagedClusterStorageProfileFileCSIDriver_STATUS Optional
snapshotController	Snapshot Controller settings for the storage profile.	ManagedClusterStorageProfileSnapshotController_STATUS Optional

ManagedClusterWindowsProfile

Profile for Windows VMs in the managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
adminPassword	Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!”	genruntime.SecretReference Optional
adminUsername	Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters	string Required
enableCSIProxy	For more details on CSI proxy, see the CSI proxy GitHub repo.	bool Optional
gmsaProfile	The Windows gMSA Profile in the Managed Cluster.	WindowsGmsaProfile Optional
licenseType	The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.	ManagedClusterWindowsProfile_LicenseType Optional

ManagedClusterWindowsProfile_STATUS

Profile for Windows VMs in the managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
adminUsername	Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters	string Optional
enableCSIProxy	For more details on CSI proxy, see the CSI proxy GitHub repo.	bool Optional
gmsaProfile	The Windows gMSA Profile in the Managed Cluster.	WindowsGmsaProfile_STATUS Optional
licenseType	The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.	ManagedClusterWindowsProfile_LicenseType_STATUS Optional

ManagedClusterWorkloadAutoScalerProfile

Workload Auto-scaler profile for the managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
keda	KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.	ManagedClusterWorkloadAutoScalerProfileKeda Optional
verticalPodAutoscaler	VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.	ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler Optional

ManagedClusterWorkloadAutoScalerProfile_STATUS

Workload Auto-scaler profile for the managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
keda	KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.	ManagedClusterWorkloadAutoScalerProfileKeda_STATUS Optional
verticalPodAutoscaler	VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.	ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS Optional

OSDiskType

The default is ‘Ephemeral’ if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to ‘Managed’. May not be changed after creation. For more information see Ephemeral OS.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“Ephemeral”
“Managed”

OSDiskType_STATUS

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“Ephemeral”
“Managed”

OSSKU

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“AzureLinux”
“CBLMariner”
“Ubuntu”
“Windows2019”
“Windows2022”

OSSKU_STATUS

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“AzureLinux”
“CBLMariner”
“Ubuntu”
“Windows2019”
“Windows2022”

OSType

The operating system type. The default is Linux.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“Linux”
“Windows”

OSType_STATUS

The operating system type. The default is Linux.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“Linux”
“Windows”

PowerState

Describes the Power State of the cluster

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Property	Description	Type
code	Tells whether the cluster is Running or Stopped	PowerState_Code Optional

PowerState_STATUS

Describes the Power State of the cluster

Used by: ManagedCluster_STATUS, ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Property	Description	Type
code	Tells whether the cluster is Running or Stopped	PowerState_Code_STATUS Optional

PrivateLinkResource

A private link resource

Used by: ManagedCluster_Spec.

Property	Description	Type
groupId	The group ID of the resource.	string Optional
name	The name of the private link resource.	string Optional
reference	The ID of the private link resource.	genruntime.ResourceReference Optional
requiredMembers	The RequiredMembers of the resource	string[] Optional
type	The resource type.	string Optional

PrivateLinkResource_STATUS

A private link resource

Used by: ManagedCluster_STATUS.

Property	Description	Type
groupId	The group ID of the resource.	string Optional
id	The ID of the private link resource.	string Optional
name	The name of the private link resource.	string Optional
privateLinkServiceID	The private link service ID of the resource, this field is exposed only to NRP internally.	string Optional
requiredMembers	The RequiredMembers of the resource	string[] Optional
type	The resource type.	string Optional

ScaleDownMode

Describes how VMs are added to or removed from Agent Pools. See billing states.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“Deallocate”
“Delete”

ScaleDownMode_STATUS

Describes how VMs are added to or removed from Agent Pools. See billing states.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“Deallocate”
“Delete”

ScaleSetEvictionPolicy

The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“Deallocate”
“Delete”

ScaleSetEvictionPolicy_STATUS

The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“Deallocate”
“Delete”

ScaleSetPriority

The Virtual Machine Scale Set priority.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“Regular”
“Spot”

ScaleSetPriority_STATUS

The Virtual Machine Scale Set priority.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“Regular”
“Spot”

ServiceMeshProfile

Service mesh profile for a managed cluster.

Used by: ManagedCluster_Spec.

Property	Description	Type
istio	Istio service mesh configuration.	IstioServiceMesh Optional
mode	Mode of the service mesh.	ServiceMeshProfile_Mode Required

ServiceMeshProfile_STATUS

Service mesh profile for a managed cluster.

Used by: ManagedCluster_STATUS.

Property	Description	Type
istio	Istio service mesh configuration.	IstioServiceMesh_STATUS Optional
mode	Mode of the service mesh.	ServiceMeshProfile_Mode_STATUS Optional

SystemData_STATUS

Metadata pertaining to creation and last modification of the resource.

Used by: MaintenanceConfiguration_STATUS, ManagedCluster_STATUS, and TrustedAccessRoleBinding_STATUS.

Property	Description	Type
createdAt	The timestamp of resource creation (UTC).	string Optional
createdBy	The identity that created the resource.	string Optional
createdByType	The type of identity that created the resource.	SystemData_CreatedByType_STATUS Optional
lastModifiedAt	The timestamp of resource last modification (UTC)	string Optional
lastModifiedBy	The identity that last modified the resource.	string Optional
lastModifiedByType	The type of identity that last modified the resource.	SystemData_LastModifiedByType_STATUS Optional

TimeInWeek

Time in a week.

Used by: MaintenanceConfiguration_Spec.

Property	Description	Type
day	The day of the week.	WeekDay Optional
hourSlots	Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range.	HourInDay[] Optional

TimeInWeek_STATUS

Time in a week.

Used by: MaintenanceConfiguration_STATUS.

Property	Description	Type
day	The day of the week.	WeekDay_STATUS Optional
hourSlots	Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range.	int[] Optional

TimeSpan

For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

Used by: MaintenanceConfiguration_Spec.

Property	Description	Type
end	The end of a time span	string Optional
start	The start of a time span	string Optional

TimeSpan_STATUS

For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

Used by: MaintenanceConfiguration_STATUS.

Property	Description	Type
end	The end of a time span	string Optional
start	The start of a time span	string Optional

TrustedAccessRoleBindingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: TrustedAccessRoleBinding_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

TrustedAccessRoleBindingProperties_ProvisioningState_STATUS

Used by: TrustedAccessRoleBinding_STATUS.

Value	Description
“Canceled”
“Deleting”
“Failed”
“Succeeded”
“Updating”

UserAssignedIdentity

Details about a user assigned identity.

Used by: ManagedCluster_Spec, and ManagedClusterPodIdentity.

Property	Description	Type
clientId	The client ID of the user assigned identity.	string Optional
objectId	The object ID of the user assigned identity.	string Optional
resourceReference	The resource ID of the user assigned identity.	genruntime.ResourceReference Optional

UserAssignedIdentity_STATUS

Details about a user assigned identity.

Used by: ManagedCluster_STATUS, ManagedClusterAddonProfile_STATUS, ManagedClusterIngressProfileWebAppRouting_STATUS, and ManagedClusterPodIdentity_STATUS.

Property	Description	Type
clientId	The client ID of the user assigned identity.	string Optional
objectId	The object ID of the user assigned identity.	string Optional
resourceId	The resource ID of the user assigned identity.	string Optional

WorkloadRuntime

Determines the type of workload a node can run.

Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.

Value	Description
“OCIContainer”
“WasmWasi”

WorkloadRuntime_STATUS

Determines the type of workload a node can run.

Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.

Value	Description
“OCIContainer”
“WasmWasi”

AdvancedNetworking

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Used by: ContainerServiceNetworkProfile.

Property	Description	Type
enabled	Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false.	bool Optional
observability	Observability profile to enable advanced network metrics and flow logs with historical contexts.	AdvancedNetworkingObservability Optional
security	Security profile to enable security features on cilium based cluster.	AdvancedNetworkingSecurity Optional

AdvancedNetworking_STATUS

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Used by: ContainerServiceNetworkProfile_STATUS.

Property	Description	Type
enabled	Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false.	bool Optional
observability	Observability profile to enable advanced network metrics and flow logs with historical contexts.	AdvancedNetworkingObservability_STATUS Optional
security	Security profile to enable security features on cilium based cluster.	AdvancedNetworkingSecurity_STATUS Optional

AzureKeyVaultKms

Azure Key Vault key management service settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property	Description	Type
enabled	Whether to enable Azure Key Vault key management service. The default is false.	bool Optional
keyId	Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty.	string Optional
keyVaultNetworkAccess	Network access of key vault. The possible values are `Public` and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault disables public access and enables private link. The default value is `Public`.	AzureKeyVaultKms_KeyVaultNetworkAccess Optional
keyVaultResourceReference	Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty.	genruntime.ResourceReference Optional

AzureKeyVaultKms_STATUS

Azure Key Vault key management service settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property	Description	Type
enabled	Whether to enable Azure Key Vault key management service. The default is false.	bool Optional
keyId	Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty.	string Optional
keyVaultNetworkAccess	Network access of key vault. The possible values are `Public` and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault disables public access and enables private link. The default value is `Public`.	AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS Optional
keyVaultResourceId	Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty.	string Optional

ContainerServiceNetworkProfile_IpFamilies

Used by: ContainerServiceNetworkProfile.

Value	Description
“IPv4”
“IPv6”

ContainerServiceNetworkProfile_IpFamilies_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“IPv4”
“IPv6”

ContainerServiceNetworkProfile_LoadBalancerSku

Used by: ContainerServiceNetworkProfile.

Value	Description
“basic”
“standard”

ContainerServiceNetworkProfile_LoadBalancerSku_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“basic”
“standard”

ContainerServiceNetworkProfile_NetworkDataplane

Used by: ContainerServiceNetworkProfile.

Value	Description
“azure”
“cilium”

ContainerServiceNetworkProfile_NetworkDataplane_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“azure”
“cilium”

ContainerServiceNetworkProfile_NetworkMode

Used by: ContainerServiceNetworkProfile.

Value	Description
“bridge”
“transparent”

ContainerServiceNetworkProfile_NetworkMode_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“bridge”
“transparent”

ContainerServiceNetworkProfile_NetworkPlugin

Used by: ContainerServiceNetworkProfile.

Value	Description
“azure”
“kubenet”
“none”

ContainerServiceNetworkProfile_NetworkPlugin_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“azure”
“kubenet”
“none”

ContainerServiceNetworkProfile_NetworkPluginMode

Used by: ContainerServiceNetworkProfile.

Value	Description
“overlay”

ContainerServiceNetworkProfile_NetworkPluginMode_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“overlay”

ContainerServiceNetworkProfile_NetworkPolicy

Used by: ContainerServiceNetworkProfile.

Value	Description
“azure”
“calico”
“cilium”
“none”

ContainerServiceNetworkProfile_NetworkPolicy_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“azure”
“calico”
“cilium”
“none”

ContainerServiceNetworkProfile_OutboundType

Used by: ContainerServiceNetworkProfile.

Value	Description
“loadBalancer”
“managedNATGateway”
“userAssignedNATGateway”
“userDefinedRouting”

ContainerServiceNetworkProfile_OutboundType_STATUS

Used by: ContainerServiceNetworkProfile_STATUS.

Value	Description
“loadBalancer”
“managedNATGateway”
“userAssignedNATGateway”
“userDefinedRouting”

ContainerServiceSshConfiguration

SSH configuration for Linux-based VMs running on Azure.

Used by: ContainerServiceLinuxProfile.

Property	Description	Type
publicKeys	The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.	ContainerServiceSshPublicKey[] Required

ContainerServiceSshConfiguration_STATUS

SSH configuration for Linux-based VMs running on Azure.

Used by: ContainerServiceLinuxProfile_STATUS.

Property	Description	Type
publicKeys	The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.	ContainerServiceSshPublicKey_STATUS[] Optional

DateSpan

For example, between ‘2022-12-23’ and ‘2023-01-05’.

Used by: MaintenanceWindow.

Property	Description	Type
end	The end date of the date span.	string Required
start	The start date of the date span.	string Required

DateSpan_STATUS

For example, between ‘2022-12-23’ and ‘2023-01-05’.

Used by: MaintenanceWindow_STATUS.

Property	Description	Type
end	The end date of the date span.	string Optional
start	The start date of the date span.	string Optional

DelegatedResource

Delegated resource properties - internal use only.

Used by: ManagedClusterIdentity.

Property	Description	Type
location	The source resource location - internal use only.	string Optional
referralResource	The delegation id of the referral delegation (optional) - internal use only.	string Optional
resourceReference	The ARM resource id of the delegated resource - internal use only.	genruntime.ResourceReference Optional
tenantId	The tenant id of the delegated resource - internal use only.	string Optional

DelegatedResource_STATUS

Delegated resource properties - internal use only.

Used by: ManagedClusterIdentity_STATUS.

Property	Description	Type
location	The source resource location - internal use only.	string Optional
referralResource	The delegation id of the referral delegation (optional) - internal use only.	string Optional
resourceId	The ARM resource id of the delegated resource - internal use only.	string Optional
tenantId	The tenant id of the delegated resource - internal use only.	string Optional

ExtendedLocationType

The type of extendedLocation.

Used by: ExtendedLocation.

Value	Description
“EdgeZone”

ExtendedLocationType_STATUS

The type of extendedLocation.

Used by: ExtendedLocation_STATUS.

Value	Description
“EdgeZone”

HourInDay

Used by: TimeInWeek.

IPTag

Contains the IPTag associated with the object.

Used by: AgentPoolNetworkProfile.

Property	Description	Type
ipTagType	The IP tag type. Example: RoutingPreference.	string Optional
tag	The value of the IP tag associated with the public IP. Example: Internet.	string Optional

IPTag_STATUS

Contains the IPTag associated with the object.

Used by: AgentPoolNetworkProfile_STATUS.

Property	Description	Type
ipTagType	The IP tag type. Example: RoutingPreference.	string Optional
tag	The value of the IP tag associated with the public IP. Example: Internet.	string Optional

IstioServiceMesh

Istio service mesh configuration.

Used by: ServiceMeshProfile.

Property	Description	Type
certificateAuthority	Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca	IstioCertificateAuthority Optional
components	Istio components configuration.	IstioComponents Optional
revisions	The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade	string[] Optional

IstioServiceMesh_STATUS

Istio service mesh configuration.

Used by: ServiceMeshProfile_STATUS.

Property	Description	Type
certificateAuthority	Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca	IstioCertificateAuthority_STATUS Optional
components	Istio components configuration.	IstioComponents_STATUS Optional
revisions	The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade	string[] Optional

ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel

Used by: ManagedClusterAutoUpgradeProfile.

Value	Description
“NodeImage”
“None”
“SecurityPatch”
“Unmanaged”

ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel_STATUS

Used by: ManagedClusterAutoUpgradeProfile_STATUS.

Value	Description
“NodeImage”
“None”
“SecurityPatch”
“Unmanaged”

ManagedClusterAutoUpgradeProfile_UpgradeChannel

Used by: ManagedClusterAutoUpgradeProfile.

Value	Description
“node-image”
“none”
“patch”
“rapid”
“stable”

ManagedClusterAutoUpgradeProfile_UpgradeChannel_STATUS

Used by: ManagedClusterAutoUpgradeProfile_STATUS.

Value	Description
“node-image”
“none”
“patch”
“rapid”
“stable”

ManagedClusterAzureMonitorProfileMetrics

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

Used by: ManagedClusterAzureMonitorProfile.

Property	Description	Type
enabled	Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling.	bool Required
kubeStateMetrics	Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.	ManagedClusterAzureMonitorProfileKubeStateMetrics Optional

ManagedClusterAzureMonitorProfileMetrics_STATUS

Used by: ManagedClusterAzureMonitorProfile_STATUS.

Property	Description	Type
enabled	Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling.	bool Optional
kubeStateMetrics	Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.	ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS Optional

ManagedClusterCostAnalysis

The cost analysis configuration for the cluster

Used by: ManagedClusterMetricsProfile.

Property	Description	Type
enabled	The Managed Cluster sku.tier must be set to ‘Standard’ or ‘Premium’ to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis.	bool Optional

ManagedClusterCostAnalysis_STATUS

The cost analysis configuration for the cluster

Used by: ManagedClusterMetricsProfile_STATUS.

Property	Description	Type
enabled	The Managed Cluster sku.tier must be set to ‘Standard’ or ‘Premium’ to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis.	bool Optional

ManagedClusterIdentity_Type

Used by: ManagedClusterIdentity.

Value	Description
“None”
“SystemAssigned”
“UserAssigned”

ManagedClusterIdentity_Type_STATUS

Used by: ManagedClusterIdentity_STATUS.

Value	Description
“None”
“SystemAssigned”
“UserAssigned”

ManagedClusterIdentity_UserAssignedIdentities_STATUS

Used by: ManagedClusterIdentity_STATUS.

Property	Description	Type
clientId	The client id of user assigned identity.	string Optional
principalId	The principal id of user assigned identity.	string Optional

ManagedClusterIngressProfileWebAppRouting

Application Routing add-on settings for the ingress profile.

Used by: ManagedClusterIngressProfile.

Property	Description	Type
dnsZoneResourceReferences	Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group.	genruntime.ResourceReference[] Optional
enabled	Whether to enable the Application Routing add-on.	bool Optional

ManagedClusterIngressProfileWebAppRouting_STATUS

Application Routing add-on settings for the ingress profile.

Used by: ManagedClusterIngressProfile_STATUS.

Property	Description	Type
dnsZoneResourceIds	Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group.	string[] Optional
enabled	Whether to enable the Application Routing add-on.	bool Optional
identity	Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See this overview of the add-on for more instructions.	UserAssignedIdentity_STATUS Optional

ManagedClusterLoadBalancerProfile

Profile of the managed cluster load balancer.

Used by: ContainerServiceNetworkProfile.

Property	Description	Type
allocatedOutboundPorts	The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.	int Optional
backendPoolType	The type of the managed inbound Load Balancer BackendPool.	ManagedClusterLoadBalancerProfile_BackendPoolType Optional
effectiveOutboundIPs	The effective outbound IP resources of the cluster load balancer.	ResourceReference[] Optional
enableMultipleStandardLoadBalancers	Enable multiple standard load balancers per AKS cluster or not.	bool Optional
idleTimeoutInMinutes	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.	int Optional
managedOutboundIPs	Desired managed outbound IPs for the cluster load balancer.	ManagedClusterLoadBalancerProfile_ManagedOutboundIPs Optional
outboundIPPrefixes	Desired outbound IP Prefix resources for the cluster load balancer.	ManagedClusterLoadBalancerProfile_OutboundIPPrefixes Optional
outboundIPs	Desired outbound IP resources for the cluster load balancer.	ManagedClusterLoadBalancerProfile_OutboundIPs Optional

ManagedClusterLoadBalancerProfile_STATUS

Profile of the managed cluster load balancer.

Used by: ContainerServiceNetworkProfile_STATUS.

Property	Description	Type
allocatedOutboundPorts	The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.	int Optional
backendPoolType	The type of the managed inbound Load Balancer BackendPool.	ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS Optional
effectiveOutboundIPs	The effective outbound IP resources of the cluster load balancer.	ResourceReference_STATUS[] Optional
enableMultipleStandardLoadBalancers	Enable multiple standard load balancers per AKS cluster or not.	bool Optional
idleTimeoutInMinutes	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.	int Optional
managedOutboundIPs	Desired managed outbound IPs for the cluster load balancer.	ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS Optional
outboundIPPrefixes	Desired outbound IP Prefix resources for the cluster load balancer.	ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS Optional
outboundIPs	Desired outbound IP resources for the cluster load balancer.	ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS Optional

ManagedClusterNATGatewayProfile

Profile of the managed cluster NAT gateway.

Used by: ContainerServiceNetworkProfile.

Property	Description	Type
effectiveOutboundIPs	The effective outbound IP resources of the cluster NAT gateway.	ResourceReference[] Optional
idleTimeoutInMinutes	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.	int Optional
managedOutboundIPProfile	Profile of the managed outbound IP resources of the cluster NAT gateway.	ManagedClusterManagedOutboundIPProfile Optional

ManagedClusterNATGatewayProfile_STATUS

Profile of the managed cluster NAT gateway.

Used by: ContainerServiceNetworkProfile_STATUS.

Property	Description	Type
effectiveOutboundIPs	The effective outbound IP resources of the cluster NAT gateway.	ResourceReference_STATUS[] Optional
idleTimeoutInMinutes	Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.	int Optional
managedOutboundIPProfile	Profile of the managed outbound IP resources of the cluster NAT gateway.	ManagedClusterManagedOutboundIPProfile_STATUS Optional

ManagedClusterNodeResourceGroupProfile_RestrictionLevel

Used by: ManagedClusterNodeResourceGroupProfile.

Value	Description
“ReadOnly”
“Unrestricted”

ManagedClusterNodeResourceGroupProfile_RestrictionLevel_STATUS

Used by: ManagedClusterNodeResourceGroupProfile_STATUS.

Value	Description
“ReadOnly”
“Unrestricted”

ManagedClusterOperatorConfigMaps

Used by: ManagedClusterOperatorSpec.

Property	Description	Type
oidcIssuerProfile	indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be created.	genruntime.ConfigMapDestination Optional

ManagedClusterOperatorSecrets

Used by: ManagedClusterOperatorSpec.

Property	Description	Type
adminCredentials	indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure.	genruntime.SecretDestination Optional
userCredentials	indicates where the UserCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure.	genruntime.SecretDestination Optional

ManagedClusterPodIdentity

Details about the pod identity assigned to the Managed Cluster.

Used by: ManagedClusterPodIdentityProfile.

Property	Description	Type
bindingSelector	The binding selector to use for the AzureIdentityBinding resource.	string Optional
identity	The user assigned identity details.	UserAssignedIdentity Required
name	The name of the pod identity.	string Required
namespace	The namespace of the pod identity.	string Required

ManagedClusterPodIdentity_STATUS

Details about the pod identity assigned to the Managed Cluster.

Used by: ManagedClusterPodIdentityProfile_STATUS.

Property	Description	Type
bindingSelector	The binding selector to use for the AzureIdentityBinding resource.	string Optional
identity	The user assigned identity details.	UserAssignedIdentity_STATUS Optional
name	The name of the pod identity.	string Optional
namespace	The namespace of the pod identity.	string Optional
provisioningInfo		ManagedClusterPodIdentity_ProvisioningInfo_STATUS Optional
provisioningState	The current provisioning state of the pod identity.	ManagedClusterPodIdentity_ProvisioningState_STATUS Optional

ManagedClusterPodIdentityException

See disable AAD Pod Identity for a specific Pod/Application for more details.

Used by: ManagedClusterPodIdentityProfile.

Property	Description	Type
name	The name of the pod identity exception.	string Required
namespace	The namespace of the pod identity exception.	string Required
podLabels	The pod labels to match.	map[string]string Required

ManagedClusterPodIdentityException_STATUS

See disable AAD Pod Identity for a specific Pod/Application for more details.

Used by: ManagedClusterPodIdentityProfile_STATUS.

Property	Description	Type
name	The name of the pod identity exception.	string Optional
namespace	The namespace of the pod identity exception.	string Optional
podLabels	The pod labels to match.	map[string]string Optional

ManagedClusterProperties_AutoScalerProfile_Expander

Used by: ManagedClusterProperties_AutoScalerProfile.

Value	Description
“least-waste”
“most-pods”
“priority”
“random”

ManagedClusterProperties_AutoScalerProfile_Expander_STATUS

Used by: ManagedClusterProperties_AutoScalerProfile_STATUS.

Value	Description
“least-waste”
“most-pods”
“priority”
“random”

ManagedClusterSecurityProfileDefender

Microsoft Defender settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property	Description	Type
logAnalyticsWorkspaceResourceReference	Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty.	genruntime.ResourceReference Optional
securityMonitoring	Microsoft Defender threat detection for Cloud settings for the security profile.	ManagedClusterSecurityProfileDefenderSecurityMonitoring Optional

ManagedClusterSecurityProfileDefender_STATUS

Microsoft Defender settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property	Description	Type
logAnalyticsWorkspaceResourceId	Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty.	string Optional
securityMonitoring	Microsoft Defender threat detection for Cloud settings for the security profile.	ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS Optional

ManagedClusterSecurityProfileImageCleaner

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property	Description	Type
enabled	Whether to enable Image Cleaner on AKS cluster.	bool Optional
intervalHours	Image Cleaner scanning interval in hours.	int Optional

ManagedClusterSecurityProfileImageCleaner_STATUS

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property	Description	Type
enabled	Whether to enable Image Cleaner on AKS cluster.	bool Optional
intervalHours	Image Cleaner scanning interval in hours.	int Optional

ManagedClusterSecurityProfileWorkloadIdentity

Workload identity settings for the security profile.

Used by: ManagedClusterSecurityProfile.

Property	Description	Type
enabled	Whether to enable workload identity.	bool Optional

ManagedClusterSecurityProfileWorkloadIdentity_STATUS

Workload identity settings for the security profile.

Used by: ManagedClusterSecurityProfile_STATUS.

Property	Description	Type
enabled	Whether to enable workload identity.	bool Optional

ManagedClusterSKU_Name

Used by: ManagedClusterSKU.

Value	Description
“Base”

ManagedClusterSKU_Name_STATUS

Used by: ManagedClusterSKU_STATUS.

Value	Description
“Base”

ManagedClusterSKU_Tier

Used by: ManagedClusterSKU.

Value	Description
“Free”
“Premium”
“Standard”

ManagedClusterSKU_Tier_STATUS

Used by: ManagedClusterSKU_STATUS.

Value	Description
“Free”
“Premium”
“Standard”

ManagedClusterStorageProfileBlobCSIDriver

AzureBlob CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property	Description	Type
enabled	Whether to enable AzureBlob CSI Driver. The default value is false.	bool Optional

ManagedClusterStorageProfileBlobCSIDriver_STATUS

AzureBlob CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property	Description	Type
enabled	Whether to enable AzureBlob CSI Driver. The default value is false.	bool Optional

ManagedClusterStorageProfileDiskCSIDriver

AzureDisk CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property	Description	Type
enabled	Whether to enable AzureDisk CSI Driver. The default value is true.	bool Optional

ManagedClusterStorageProfileDiskCSIDriver_STATUS

AzureDisk CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property	Description	Type
enabled	Whether to enable AzureDisk CSI Driver. The default value is true.	bool Optional

ManagedClusterStorageProfileFileCSIDriver

AzureFile CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property	Description	Type
enabled	Whether to enable AzureFile CSI Driver. The default value is true.	bool Optional

ManagedClusterStorageProfileFileCSIDriver_STATUS

AzureFile CSI Driver settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property	Description	Type
enabled	Whether to enable AzureFile CSI Driver. The default value is true.	bool Optional

ManagedClusterStorageProfileSnapshotController

Snapshot Controller settings for the storage profile.

Used by: ManagedClusterStorageProfile.

Property	Description	Type
enabled	Whether to enable Snapshot Controller. The default value is true.	bool Optional

ManagedClusterStorageProfileSnapshotController_STATUS

Snapshot Controller settings for the storage profile.

Used by: ManagedClusterStorageProfile_STATUS.

Property	Description	Type
enabled	Whether to enable Snapshot Controller. The default value is true.	bool Optional

ManagedClusterWindowsProfile_LicenseType

Used by: ManagedClusterWindowsProfile.

Value	Description
“None”
“Windows_Server”

ManagedClusterWindowsProfile_LicenseType_STATUS

Used by: ManagedClusterWindowsProfile_STATUS.

Value	Description
“None”
“Windows_Server”

ManagedClusterWorkloadAutoScalerProfileKeda

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile.

Property	Description	Type
enabled	Whether to enable KEDA.	bool Required

ManagedClusterWorkloadAutoScalerProfileKeda_STATUS

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.

Property	Description	Type
enabled	Whether to enable KEDA.	bool Optional

ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile.

Property	Description	Type
enabled	Whether to enable VPA. Default value is false.	bool Required

ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.

Property	Description	Type
enabled	Whether to enable VPA. Default value is false.	bool Optional

PortRange

The port range.

Used by: AgentPoolNetworkProfile.

Property	Description	Type
portEnd	The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart.	int Optional
portStart	The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd.	int Optional
protocol	The network protocol of the port.	PortRange_Protocol Optional

PortRange_STATUS

The port range.

Used by: AgentPoolNetworkProfile_STATUS.

Property	Description	Type
portEnd	The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart.	int Optional
portStart	The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd.	int Optional
protocol	The network protocol of the port.	PortRange_Protocol_STATUS Optional

PowerState_Code

Used by: PowerState.

Value	Description
“Running”
“Stopped”

PowerState_Code_STATUS

Used by: PowerState_STATUS.

Value	Description
“Running”
“Stopped”

Schedule

One and only one of the schedule types should be specified. Choose either ‘daily’, ‘weekly’, ‘absoluteMonthly’ or ‘relativeMonthly’ for your maintenance schedule.

Used by: MaintenanceWindow.

Property	Description	Type
absoluteMonthly	For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.	AbsoluteMonthlySchedule Optional
daily	For schedules like: ‘recur every day’ or ‘recur every 3 days’.	DailySchedule Optional
relativeMonthly	For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.	RelativeMonthlySchedule Optional
weekly	For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.	WeeklySchedule Optional

Schedule_STATUS

One and only one of the schedule types should be specified. Choose either ‘daily’, ‘weekly’, ‘absoluteMonthly’ or ‘relativeMonthly’ for your maintenance schedule.

Used by: MaintenanceWindow_STATUS.

Property	Description	Type
absoluteMonthly	For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.	AbsoluteMonthlySchedule_STATUS Optional
daily	For schedules like: ‘recur every day’ or ‘recur every 3 days’.	DailySchedule_STATUS Optional
relativeMonthly	For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.	RelativeMonthlySchedule_STATUS Optional
weekly	For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.	WeeklySchedule_STATUS Optional

ServiceMeshProfile_Mode

Used by: ServiceMeshProfile.

Value	Description
“Disabled”
“Istio”

ServiceMeshProfile_Mode_STATUS

Used by: ServiceMeshProfile_STATUS.

Value	Description
“Disabled”
“Istio”

SysctlConfig

Sysctl settings for Linux agent nodes.

Used by: LinuxOSConfig.

Property	Description	Type
fsAioMaxNr	Sysctl setting fs.aio-max-nr.	int Optional
fsFileMax	Sysctl setting fs.file-max.	int Optional
fsInotifyMaxUserWatches	Sysctl setting fs.inotify.max_user_watches.	int Optional
fsNrOpen	Sysctl setting fs.nr_open.	int Optional
kernelThreadsMax	Sysctl setting kernel.threads-max.	int Optional
netCoreNetdevMaxBacklog	Sysctl setting net.core.netdev_max_backlog.	int Optional
netCoreOptmemMax	Sysctl setting net.core.optmem_max.	int Optional
netCoreRmemDefault	Sysctl setting net.core.rmem_default.	int Optional
netCoreRmemMax	Sysctl setting net.core.rmem_max.	int Optional
netCoreSomaxconn	Sysctl setting net.core.somaxconn.	int Optional
netCoreWmemDefault	Sysctl setting net.core.wmem_default.	int Optional
netCoreWmemMax	Sysctl setting net.core.wmem_max.	int Optional
netIpv4IpLocalPortRange	Sysctl setting net.ipv4.ip_local_port_range.	string Optional
netIpv4NeighDefaultGcThresh1	Sysctl setting net.ipv4.neigh.default.gc_thresh1.	int Optional
netIpv4NeighDefaultGcThresh2	Sysctl setting net.ipv4.neigh.default.gc_thresh2.	int Optional
netIpv4NeighDefaultGcThresh3	Sysctl setting net.ipv4.neigh.default.gc_thresh3.	int Optional
netIpv4TcpFinTimeout	Sysctl setting net.ipv4.tcp_fin_timeout.	int Optional
netIpv4TcpkeepaliveIntvl	Sysctl setting net.ipv4.tcp_keepalive_intvl.	int Optional
netIpv4TcpKeepaliveProbes	Sysctl setting net.ipv4.tcp_keepalive_probes.	int Optional
netIpv4TcpKeepaliveTime	Sysctl setting net.ipv4.tcp_keepalive_time.	int Optional
netIpv4TcpMaxSynBacklog	Sysctl setting net.ipv4.tcp_max_syn_backlog.	int Optional
netIpv4TcpMaxTwBuckets	Sysctl setting net.ipv4.tcp_max_tw_buckets.	int Optional
netIpv4TcpTwReuse	Sysctl setting net.ipv4.tcp_tw_reuse.	bool Optional
netNetfilterNfConntrackBuckets	Sysctl setting net.netfilter.nf_conntrack_buckets.	int Optional
netNetfilterNfConntrackMax	Sysctl setting net.netfilter.nf_conntrack_max.	int Optional
vmMaxMapCount	Sysctl setting vm.max_map_count.	int Optional
vmSwappiness	Sysctl setting vm.swappiness.	int Optional
vmVfsCachePressure	Sysctl setting vm.vfs_cache_pressure.	int Optional

SysctlConfig_STATUS

Sysctl settings for Linux agent nodes.

Used by: LinuxOSConfig_STATUS.

Property	Description	Type
fsAioMaxNr	Sysctl setting fs.aio-max-nr.	int Optional
fsFileMax	Sysctl setting fs.file-max.	int Optional
fsInotifyMaxUserWatches	Sysctl setting fs.inotify.max_user_watches.	int Optional
fsNrOpen	Sysctl setting fs.nr_open.	int Optional
kernelThreadsMax	Sysctl setting kernel.threads-max.	int Optional
netCoreNetdevMaxBacklog	Sysctl setting net.core.netdev_max_backlog.	int Optional
netCoreOptmemMax	Sysctl setting net.core.optmem_max.	int Optional
netCoreRmemDefault	Sysctl setting net.core.rmem_default.	int Optional
netCoreRmemMax	Sysctl setting net.core.rmem_max.	int Optional
netCoreSomaxconn	Sysctl setting net.core.somaxconn.	int Optional
netCoreWmemDefault	Sysctl setting net.core.wmem_default.	int Optional
netCoreWmemMax	Sysctl setting net.core.wmem_max.	int Optional
netIpv4IpLocalPortRange	Sysctl setting net.ipv4.ip_local_port_range.	string Optional
netIpv4NeighDefaultGcThresh1	Sysctl setting net.ipv4.neigh.default.gc_thresh1.	int Optional
netIpv4NeighDefaultGcThresh2	Sysctl setting net.ipv4.neigh.default.gc_thresh2.	int Optional
netIpv4NeighDefaultGcThresh3	Sysctl setting net.ipv4.neigh.default.gc_thresh3.	int Optional
netIpv4TcpFinTimeout	Sysctl setting net.ipv4.tcp_fin_timeout.	int Optional
netIpv4TcpkeepaliveIntvl	Sysctl setting net.ipv4.tcp_keepalive_intvl.	int Optional
netIpv4TcpKeepaliveProbes	Sysctl setting net.ipv4.tcp_keepalive_probes.	int Optional
netIpv4TcpKeepaliveTime	Sysctl setting net.ipv4.tcp_keepalive_time.	int Optional
netIpv4TcpMaxSynBacklog	Sysctl setting net.ipv4.tcp_max_syn_backlog.	int Optional
netIpv4TcpMaxTwBuckets	Sysctl setting net.ipv4.tcp_max_tw_buckets.	int Optional
netIpv4TcpTwReuse	Sysctl setting net.ipv4.tcp_tw_reuse.	bool Optional
netNetfilterNfConntrackBuckets	Sysctl setting net.netfilter.nf_conntrack_buckets.	int Optional
netNetfilterNfConntrackMax	Sysctl setting net.netfilter.nf_conntrack_max.	int Optional
vmMaxMapCount	Sysctl setting vm.max_map_count.	int Optional
vmSwappiness	Sysctl setting vm.swappiness.	int Optional
vmVfsCachePressure	Sysctl setting vm.vfs_cache_pressure.	int Optional

SystemData_CreatedByType_STATUS

Used by: SystemData_STATUS.

Value	Description
“Application”
“Key”
“ManagedIdentity”
“User”

SystemData_LastModifiedByType_STATUS

Used by: SystemData_STATUS.

Value	Description
“Application”
“Key”
“ManagedIdentity”
“User”

UpgradeOverrideSettings

Settings for overrides when upgrading a cluster.

Used by: ClusterUpgradeSettings.

Property	Description	Type
forceUpgrade	Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution.	bool Optional
until	Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect.	string Optional

UpgradeOverrideSettings_STATUS

Settings for overrides when upgrading a cluster.

Used by: ClusterUpgradeSettings_STATUS.

Property	Description	Type
forceUpgrade	Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution.	bool Optional
until	Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect.	string Optional

UserAssignedIdentityDetails

Information about the user assigned identity for the resource

Used by: ManagedClusterIdentity.

Property	Description	Type
reference		genruntime.ResourceReference Optional

WeekDay

The weekday enum.

Used by: RelativeMonthlySchedule, TimeInWeek, and WeeklySchedule.

Value	Description
“Friday”
“Monday”
“Saturday”
“Sunday”
“Thursday”
“Tuesday”
“Wednesday”

WeekDay_STATUS

The weekday enum.

Used by: RelativeMonthlySchedule_STATUS, TimeInWeek_STATUS, and WeeklySchedule_STATUS.

Value	Description
“Friday”
“Monday”
“Saturday”
“Sunday”
“Thursday”
“Tuesday”
“Wednesday”

WindowsGmsaProfile

Windows gMSA Profile in the managed cluster.

Used by: ManagedClusterWindowsProfile.

Property	Description	Type
dnsServer	Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.	string Optional
enabled	Specifies whether to enable Windows gMSA in the managed cluster.	bool Optional
rootDomainName	Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.	string Optional

WindowsGmsaProfile_STATUS

Windows gMSA Profile in the managed cluster.

Used by: ManagedClusterWindowsProfile_STATUS.

Property	Description	Type
dnsServer	Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.	string Optional
enabled	Specifies whether to enable Windows gMSA in the managed cluster.	bool Optional
rootDomainName	Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.	string Optional

AbsoluteMonthlySchedule

For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.

Used by: Schedule.

Property	Description	Type
dayOfMonth	The date of the month.	int Required
intervalMonths	Specifies the number of months between each set of occurrences.	int Required

AbsoluteMonthlySchedule_STATUS

For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.

Used by: Schedule_STATUS.

Property	Description	Type
dayOfMonth	The date of the month.	int Optional
intervalMonths	Specifies the number of months between each set of occurrences.	int Optional

AdvancedNetworkingObservability

Observability profile to enable advanced network metrics and flow logs with historical contexts.

Used by: AdvancedNetworking.

Property	Description	Type
enabled	Indicates the enablement of Advanced Networking observability functionalities on clusters.	bool Optional

AdvancedNetworkingObservability_STATUS

Observability profile to enable advanced network metrics and flow logs with historical contexts.

Used by: AdvancedNetworking_STATUS.

Property	Description	Type
enabled	Indicates the enablement of Advanced Networking observability functionalities on clusters.	bool Optional

AdvancedNetworkingSecurity

Security profile to enable security features on cilium based cluster.

Used by: AdvancedNetworking.

Property	Description	Type
enabled	This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false.	bool Optional

AdvancedNetworkingSecurity_STATUS

Security profile to enable security features on cilium based cluster.

Used by: AdvancedNetworking_STATUS.

Property	Description	Type
enabled	This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false.	bool Optional

AzureKeyVaultKms_KeyVaultNetworkAccess

Used by: AzureKeyVaultKms.

Value	Description
“Private”
“Public”

AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS

Used by: AzureKeyVaultKms_STATUS.

Value	Description
“Private”
“Public”

ContainerServiceSshPublicKey

Contains information about SSH certificate public key data.

Used by: ContainerServiceSshConfiguration.

Property	Description	Type
keyData	Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.	string Required

ContainerServiceSshPublicKey_STATUS

Contains information about SSH certificate public key data.

Used by: ContainerServiceSshConfiguration_STATUS.

Property	Description	Type
keyData	Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.	string Optional

DailySchedule

For schedules like: ‘recur every day’ or ‘recur every 3 days’.

Used by: Schedule.

Property	Description	Type
intervalDays	Specifies the number of days between each set of occurrences.	int Required

DailySchedule_STATUS

For schedules like: ‘recur every day’ or ‘recur every 3 days’.

Used by: Schedule_STATUS.

Property	Description	Type
intervalDays	Specifies the number of days between each set of occurrences.	int Optional

IstioCertificateAuthority

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Used by: IstioServiceMesh.

Property	Description	Type
plugin	Plugin certificates information for Service Mesh.	IstioPluginCertificateAuthority Optional

IstioCertificateAuthority_STATUS

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Used by: IstioServiceMesh_STATUS.

Property	Description	Type
plugin	Plugin certificates information for Service Mesh.	IstioPluginCertificateAuthority_STATUS Optional

IstioComponents

Istio components configuration.

Used by: IstioServiceMesh.

Property	Description	Type
egressGateways	Istio egress gateways.	IstioEgressGateway[] Optional
ingressGateways	Istio ingress gateways.	IstioIngressGateway[] Optional

IstioComponents_STATUS

Istio components configuration.

Used by: IstioServiceMesh_STATUS.

Property	Description	Type
egressGateways	Istio egress gateways.	IstioEgressGateway_STATUS[] Optional
ingressGateways	Istio ingress gateways.	IstioIngressGateway_STATUS[] Optional

ManagedClusterAzureMonitorProfileKubeStateMetrics

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

Used by: ManagedClusterAzureMonitorProfileMetrics.

Property	Description	Type
metricAnnotationsAllowList	Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels.	string Optional
metricLabelsAllowlist	Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels.	string Optional

ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS

Used by: ManagedClusterAzureMonitorProfileMetrics_STATUS.

Property	Description	Type
metricAnnotationsAllowList	Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels.	string Optional
metricLabelsAllowlist	Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels.	string Optional

ManagedClusterLoadBalancerProfile_BackendPoolType

Used by: ManagedClusterLoadBalancerProfile.

Value	Description
“NodeIP”
“NodeIPConfiguration”

ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Value	Description
“NodeIP”
“NodeIPConfiguration”

ManagedClusterLoadBalancerProfile_ManagedOutboundIPs

Used by: ManagedClusterLoadBalancerProfile.

Property	Description	Type
count	The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.	int Optional
countIPv6	The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.	int Optional

ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property	Description	Type
count	The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.	int Optional
countIPv6	The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.	int Optional

ManagedClusterLoadBalancerProfile_OutboundIPPrefixes

Used by: ManagedClusterLoadBalancerProfile.

Property	Description	Type
publicIPPrefixes	A list of public IP prefix resources.	ResourceReference[] Optional

ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property	Description	Type
publicIPPrefixes	A list of public IP prefix resources.	ResourceReference_STATUS[] Optional

ManagedClusterLoadBalancerProfile_OutboundIPs

Used by: ManagedClusterLoadBalancerProfile.

Property	Description	Type
publicIPs	A list of public IP resources.	ResourceReference[] Optional

ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS

Used by: ManagedClusterLoadBalancerProfile_STATUS.

Property	Description	Type
publicIPs	A list of public IP resources.	ResourceReference_STATUS[] Optional

ManagedClusterManagedOutboundIPProfile

Profile of the managed outbound IP resources of the managed cluster.

Used by: ManagedClusterNATGatewayProfile.

Property	Description	Type
count	The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.	int Optional

ManagedClusterManagedOutboundIPProfile_STATUS

Profile of the managed outbound IP resources of the managed cluster.

Used by: ManagedClusterNATGatewayProfile_STATUS.

Property	Description	Type
count	The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.	int Optional

ManagedClusterPodIdentity_ProvisioningInfo_STATUS

Used by: ManagedClusterPodIdentity_STATUS.

Property	Description	Type
error	Pod identity assignment error (if any).	ManagedClusterPodIdentityProvisioningError_STATUS Optional

ManagedClusterPodIdentity_ProvisioningState_STATUS

Used by: ManagedClusterPodIdentity_STATUS.

Value	Description
“Assigned”
“Canceled”
“Deleting”
“Failed”
“Succeeded”
“Updating”

ManagedClusterSecurityProfileDefenderSecurityMonitoring

Microsoft Defender settings for the security profile threat detection.

Used by: ManagedClusterSecurityProfileDefender.

Property	Description	Type
enabled	Whether to enable Defender threat detection	bool Optional

ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS

Microsoft Defender settings for the security profile threat detection.

Used by: ManagedClusterSecurityProfileDefender_STATUS.

Property	Description	Type
enabled	Whether to enable Defender threat detection	bool Optional

PortRange_Protocol

Used by: PortRange.

Value	Description
“TCP”
“UDP”

PortRange_Protocol_STATUS

Used by: PortRange_STATUS.

Value	Description
“TCP”
“UDP”

RelativeMonthlySchedule

For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.

Used by: Schedule.

Property	Description	Type
dayOfWeek	Specifies on which day of the week the maintenance occurs.	WeekDay Required
intervalMonths	Specifies the number of months between each set of occurrences.	int Required
weekIndex	Specifies on which week of the month the dayOfWeek applies.	RelativeMonthlySchedule_WeekIndex Required

RelativeMonthlySchedule_STATUS

For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.

Used by: Schedule_STATUS.

Property	Description	Type
dayOfWeek	Specifies on which day of the week the maintenance occurs.	WeekDay_STATUS Optional
intervalMonths	Specifies the number of months between each set of occurrences.	int Optional
weekIndex	Specifies on which week of the month the dayOfWeek applies.	RelativeMonthlySchedule_WeekIndex_STATUS Optional

ResourceReference

A reference to an Azure resource.

Used by: ManagedClusterLoadBalancerProfile, ManagedClusterLoadBalancerProfile_OutboundIPPrefixes, ManagedClusterLoadBalancerProfile_OutboundIPs, and ManagedClusterNATGatewayProfile.

Property	Description	Type
reference	The fully qualified Azure resource id.	genruntime.ResourceReference Optional

ResourceReference_STATUS

A reference to an Azure resource.

Used by: ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_STATUS, ManagedClusterLoadBalancerProfile_OutboundIPs_STATUS, ManagedClusterLoadBalancerProfile_STATUS, and ManagedClusterNATGatewayProfile_STATUS.

Property	Description	Type
id	The fully qualified Azure resource id.	string Optional

WeeklySchedule

For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.

Used by: Schedule.

Property	Description	Type
dayOfWeek	Specifies on which day of the week the maintenance occurs.	WeekDay Required
intervalWeeks	Specifies the number of weeks between each set of occurrences.	int Required

WeeklySchedule_STATUS

For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.

Used by: Schedule_STATUS.

Property	Description	Type
dayOfWeek	Specifies on which day of the week the maintenance occurs.	WeekDay_STATUS Optional
intervalWeeks	Specifies the number of weeks between each set of occurrences.	int Optional

IstioEgressGateway

Istio egress gateway configuration.

Used by: IstioComponents.

Property	Description	Type
enabled	Whether to enable the egress gateway.	bool Required

IstioEgressGateway_STATUS

Istio egress gateway configuration.

Used by: IstioComponents_STATUS.

Property	Description	Type
enabled	Whether to enable the egress gateway.	bool Optional

IstioIngressGateway

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Used by: IstioComponents.

Property	Description	Type
enabled	Whether to enable the ingress gateway.	bool Required
mode	Mode of an ingress gateway.	IstioIngressGateway_Mode Required

IstioIngressGateway_STATUS

Used by: IstioComponents_STATUS.

Property	Description	Type
enabled	Whether to enable the ingress gateway.	bool Optional
mode	Mode of an ingress gateway.	IstioIngressGateway_Mode_STATUS Optional

IstioPluginCertificateAuthority

Plugin certificates information for Service Mesh.

Used by: IstioCertificateAuthority.

Property	Description	Type
certChainObjectName	Certificate chain object name in Azure Key Vault.	string Optional
certObjectName	Intermediate certificate object name in Azure Key Vault.	string Optional
keyObjectName	Intermediate certificate private key object name in Azure Key Vault.	string Optional
keyVaultReference	The resource ID of the Key Vault.	genruntime.ResourceReference Optional
rootCertObjectName	Root certificate object name in Azure Key Vault.	string Optional

IstioPluginCertificateAuthority_STATUS

Plugin certificates information for Service Mesh.

Used by: IstioCertificateAuthority_STATUS.

Property	Description	Type
certChainObjectName	Certificate chain object name in Azure Key Vault.	string Optional
certObjectName	Intermediate certificate object name in Azure Key Vault.	string Optional
keyObjectName	Intermediate certificate private key object name in Azure Key Vault.	string Optional
keyVaultId	The resource ID of the Key Vault.	string Optional
rootCertObjectName	Root certificate object name in Azure Key Vault.	string Optional

ManagedClusterPodIdentityProvisioningError_STATUS

An error response from the pod identity provisioning.

Used by: ManagedClusterPodIdentity_ProvisioningInfo_STATUS.

Property	Description	Type
error	Details about the error.	ManagedClusterPodIdentityProvisioningErrorBody_STATUS Optional

RelativeMonthlySchedule_WeekIndex

Used by: RelativeMonthlySchedule.

Value	Description
“First”
“Fourth”
“Last”
“Second”
“Third”

RelativeMonthlySchedule_WeekIndex_STATUS

Used by: RelativeMonthlySchedule_STATUS.

Value	Description
“First”
“Fourth”
“Last”
“Second”
“Third”

IstioIngressGateway_Mode

Used by: IstioIngressGateway.

Value	Description
“External”
“Internal”

IstioIngressGateway_Mode_STATUS

Used by: IstioIngressGateway_STATUS.

Value	Description
“External”
“Internal”

ManagedClusterPodIdentityProvisioningErrorBody_STATUS

An error response from the pod identity provisioning.

Used by: ManagedClusterPodIdentityProvisioningError_STATUS.

Property	Description	Type
code	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.	string Optional
details	A list of additional details about the error.	ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled[] Optional
message	A message describing the error, intended to be suitable for display in a user interface.	string Optional
target	The target of the particular error. For example, the name of the property in error.	string Optional

ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled

Used by: ManagedClusterPodIdentityProvisioningErrorBody_STATUS.

Property	Description	Type
code	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.	string Optional
message	A message describing the error, intended to be suitable for display in a user interface.	string Optional
target	The target of the particular error. For example, the name of the property in error.	string Optional