containerservice.azure.com/v20251002preview
APIVersion
| Value | Description |
|---|---|
| “2025-10-02-preview” |
MaintenanceConfiguration
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName}
Used by: MaintenanceConfigurationList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | MaintenanceConfiguration_Spec Optional |
|
| status | MaintenanceConfiguration_STATUS Optional |
MaintenanceConfiguration_Spec
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| maintenanceWindow | Maintenance window for the maintenance configuration. | MaintenanceWindow Optional |
| notAllowedTime | Time slots on which upgrade is not allowed. | TimeSpan[] Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | MaintenanceConfigurationOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| timeInWeek | Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. | TimeInWeek[] Optional |
MaintenanceConfiguration_STATUS
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| maintenanceWindow | Maintenance window for the maintenance configuration. | MaintenanceWindow_STATUS Optional |
| name | The name of the resource | string Optional |
| notAllowedTime | Time slots on which upgrade is not allowed. | TimeSpan_STATUS[] Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| timeInWeek | Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. | TimeInWeek_STATUS[] Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
MaintenanceConfigurationList
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/maintenanceConfigurations/{configName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | MaintenanceConfiguration[] Optional |
ManagedCluster
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}
Used by: ManagedClusterList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | ManagedCluster_Spec Optional |
|
| status | ManagedCluster_STATUS Optional |
ManagedCluster_Spec
| Property | Description | Type |
|---|---|---|
| aadProfile | The Azure Active Directory configuration. | ManagedClusterAADProfile Optional |
| addonProfiles | The profile of managed cluster add-on. | map[string]ManagedClusterAddonProfile Optional |
| agentPoolProfiles | The agent pool properties. | ManagedClusterAgentPoolProfile[] Optional |
| aiToolchainOperatorProfile | AI toolchain operator settings that apply to the whole cluster. | ManagedClusterAIToolchainOperatorProfile Optional |
| apiServerAccessProfile | The access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile Optional |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile Optional |
| autoUpgradeProfile | The auto upgrade configuration. | ManagedClusterAutoUpgradeProfile Optional |
| azureMonitorProfile | Azure Monitor addon profiles for monitoring the managed cluster. | ManagedClusterAzureMonitorProfile Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| bootstrapProfile | Profile of the cluster bootstrap configuration. | ManagedClusterBootstrapProfile Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. | CreationData Optional |
| disableLocalAccounts | If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. | bool Optional |
| diskEncryptionSetReference | The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ | genruntime.ResourceReference Optional |
| dnsPrefix | The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created. | string Optional |
| enableNamespaceResources | Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See https://aka.ms/NamespaceARMResource for more details on Namespace as a ARM Resource. | bool Optional |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool Optional |
| extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation Optional |
| fqdnSubdomain | The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created. | string Optional |
| hostedSystemProfile | Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. | ManagedClusterHostedSystemProfile Optional |
| httpProxyConfig | Configurations for provisioning the cluster with HTTP proxy servers. | ManagedClusterHTTPProxyConfig Optional |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity Optional |
| identityProfile | The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. | map[string]UserAssignedIdentity Optional |
| ingressProfile | Ingress profile for the managed cluster. | ManagedClusterIngressProfile Optional |
| kind | This is primarily used to expose different UI experiences in the portal for different kinds | string Optional |
| kubernetesVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. | string Optional |
| linuxProfile | The profile for Linux VMs in the Managed Cluster. | ContainerServiceLinuxProfile Optional |
| location | The geo-location where the resource lives | string Required |
| metricsProfile | Optional cluster metrics configuration. | ManagedClusterMetricsProfile Optional |
| networkProfile | The network configuration profile. | ContainerServiceNetworkProfile Optional |
| nodeProvisioningProfile | Node provisioning settings that apply to the whole cluster. | ManagedClusterNodeProvisioningProfile Optional |
| nodeResourceGroup | The name of the resource group containing agent pool nodes. | string Optional |
| nodeResourceGroupProfile | Profile of the node resource group configuration. | ManagedClusterNodeResourceGroupProfile Optional |
| oidcIssuerProfile | The OIDC issuer profile of the Managed Cluster. | ManagedClusterOIDCIssuerProfile Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ManagedClusterOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| podIdentityProfile | The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration. | ManagedClusterPodIdentityProfile Optional |
| privateLinkResources | Private link resources associated with the cluster. | PrivateLinkResource[] Optional |
| publicNetworkAccess | PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS | PublicNetworkAccess Optional |
| schedulerProfile | Profile of the pod scheduler configuration. | SchedulerProfile Optional |
| securityProfile | Security profile for the managed cluster. | ManagedClusterSecurityProfile Optional |
| serviceMeshProfile | Service mesh profile for a managed cluster. | ServiceMeshProfile Optional |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile Optional |
| sku | The managed cluster SKU. | ManagedClusterSKU Optional |
| storageProfile | Storage profile for the managed cluster. | ManagedClusterStorageProfile Optional |
| supportPlan | The support plan for the Managed Cluster. If unspecified, the default is KubernetesOfficial. |
KubernetesSupportPlan Optional |
| tags | Resource tags. | map[string]string Optional |
| upgradeSettings | Settings for upgrading a cluster. | ClusterUpgradeSettings Optional |
| windowsProfile | The profile for Windows VMs in the Managed Cluster. | ManagedClusterWindowsProfile Optional |
| workloadAutoScalerProfile | Workload Auto-scaler profile for the managed cluster. | ManagedClusterWorkloadAutoScalerProfile Optional |
ManagedCluster_STATUS
| Property | Description | Type |
|---|---|---|
| aadProfile | The Azure Active Directory configuration. | ManagedClusterAADProfile_STATUS Optional |
| addonProfiles | The profile of managed cluster add-on. | map[string]ManagedClusterAddonProfile_STATUS Optional |
| agentPoolProfiles | The agent pool properties. | ManagedClusterAgentPoolProfile_STATUS[] Optional |
| aiToolchainOperatorProfile | AI toolchain operator settings that apply to the whole cluster. | ManagedClusterAIToolchainOperatorProfile_STATUS Optional |
| apiServerAccessProfile | The access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile_STATUS Optional |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile_STATUS Optional |
| autoUpgradeProfile | The auto upgrade configuration. | ManagedClusterAutoUpgradeProfile_STATUS Optional |
| azureMonitorProfile | Azure Monitor addon profiles for monitoring the managed cluster. | ManagedClusterAzureMonitorProfile_STATUS Optional |
| azurePortalFQDN | The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. | string Optional |
| bootstrapProfile | Profile of the cluster bootstrap configuration. | ManagedClusterBootstrapProfile_STATUS Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. | CreationData_STATUS Optional |
| currentKubernetesVersion | The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. | string Optional |
| disableLocalAccounts | If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. | bool Optional |
| diskEncryptionSetID | The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ | string Optional |
| dnsPrefix | The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created. | string Optional |
| enableNamespaceResources | Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See https://aka.ms/NamespaceARMResource for more details on Namespace as a ARM Resource. | bool Optional |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool Optional |
| eTag | If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header fields. | string Optional |
| extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation_STATUS Optional |
| fqdn | The FQDN of the master pool. | string Optional |
| fqdnSubdomain | The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created. | string Optional |
| hostedSystemProfile | Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. | ManagedClusterHostedSystemProfile_STATUS Optional |
| httpProxyConfig | Configurations for provisioning the cluster with HTTP proxy servers. | ManagedClusterHTTPProxyConfig_STATUS Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity_STATUS Optional |
| identityProfile | The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. | map[string]UserAssignedIdentity_STATUS Optional |
| ingressProfile | Ingress profile for the managed cluster. | ManagedClusterIngressProfile_STATUS Optional |
| kind | This is primarily used to expose different UI experiences in the portal for different kinds | string Optional |
| kubernetesVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. | string Optional |
| linuxProfile | The profile for Linux VMs in the Managed Cluster. | ContainerServiceLinuxProfile_STATUS Optional |
| location | The geo-location where the resource lives | string Optional |
| maxAgentPools | The max number of agent pools for the managed cluster. | int Optional |
| metricsProfile | Optional cluster metrics configuration. | ManagedClusterMetricsProfile_STATUS Optional |
| name | The name of the resource | string Optional |
| networkProfile | The network configuration profile. | ContainerServiceNetworkProfile_STATUS Optional |
| nodeProvisioningProfile | Node provisioning settings that apply to the whole cluster. | ManagedClusterNodeProvisioningProfile_STATUS Optional |
| nodeResourceGroup | The name of the resource group containing agent pool nodes. | string Optional |
| nodeResourceGroupProfile | Profile of the node resource group configuration. | ManagedClusterNodeResourceGroupProfile_STATUS Optional |
| oidcIssuerProfile | The OIDC issuer profile of the Managed Cluster. | ManagedClusterOIDCIssuerProfile_STATUS Optional |
| podIdentityProfile | The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration. | ManagedClusterPodIdentityProfile_STATUS Optional |
| powerState | The Power State of the cluster. | PowerState_STATUS Optional |
| privateFQDN | The FQDN of private cluster. | string Optional |
| privateLinkResources | Private link resources associated with the cluster. | PrivateLinkResource_STATUS[] Optional |
| provisioningState | The current provisioning state. | string Optional |
| publicNetworkAccess | PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS | PublicNetworkAccess_STATUS Optional |
| resourceUID | The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) | string Optional |
| schedulerProfile | Profile of the pod scheduler configuration. | SchedulerProfile_STATUS Optional |
| securityProfile | Security profile for the managed cluster. | ManagedClusterSecurityProfile_STATUS Optional |
| serviceMeshProfile | Service mesh profile for a managed cluster. | ServiceMeshProfile_STATUS Optional |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile_STATUS Optional |
| sku | The managed cluster SKU. | ManagedClusterSKU_STATUS Optional |
| status | Contains read-only information about the Managed Cluster. | ManagedClusterStatus_STATUS Optional |
| storageProfile | Storage profile for the managed cluster. | ManagedClusterStorageProfile_STATUS Optional |
| supportPlan | The support plan for the Managed Cluster. If unspecified, the default is KubernetesOfficial. |
KubernetesSupportPlan_STATUS Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| tags | Resource tags. | map[string]string Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
| upgradeSettings | Settings for upgrading a cluster. | ClusterUpgradeSettings_STATUS Optional |
| windowsProfile | The profile for Windows VMs in the Managed Cluster. | ManagedClusterWindowsProfile_STATUS Optional |
| workloadAutoScalerProfile | Workload Auto-scaler profile for the managed cluster. | ManagedClusterWorkloadAutoScalerProfile_STATUS Optional |
ManagedClusterList
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | ManagedCluster[] Optional |
ManagedClustersAgentPool
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}
Used by: ManagedClustersAgentPoolList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | ManagedClustersAgentPool_Spec Optional |
|
| status | ManagedClustersAgentPool_STATUS Optional |
ManagedClustersAgentPool_Spec
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| capacityReservationGroupReference | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | genruntime.ResourceReference Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile Optional |
| hostGroupReference | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | genruntime.ResourceReference Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode Optional |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixReference | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | genruntime.ResourceReference Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ManagedClustersAgentPoolOperatorSpec Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfileProperties_OsType Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode Optional |
| podSubnetReference | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState Optional |
| proximityPlacementGroupReference | The ID for Proximity Placement Group. | genruntime.ResourceReference Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfileProperties_ScaleSetPriority Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of Agent Pool. | AgentPoolType Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetReference | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime Optional |
ManagedClustersAgentPool_STATUS
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile_STATUS Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| capacityReservationGroupID | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | string Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData_STATUS Optional |
| currentOrchestratorVersion | The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. | string Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| eTag | Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal eTag convention. | string Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile_STATUS Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile_STATUS Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile_STATUS Optional |
| hostGroupID | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | string Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig_STATUS Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType_STATUS Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig_STATUS Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile_STATUS Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode_STATUS Optional |
| name | The name of the resource | string Optional |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile_STATUS Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile_STATUS Optional |
| nodeImageVersion | The version of node image | string Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixID | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | string Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType_STATUS Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU_STATUS Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfileProperties_OsType_STATUS Optional |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode_STATUS Optional |
| podSubnetID | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState_STATUS Optional |
| properties_type | The type of Agent Pool. | AgentPoolType_STATUS Optional |
| provisioningState | The current deployment or provisioning state. | string Optional |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode_STATUS Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy_STATUS Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfileProperties_ScaleSetPriority_STATUS Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile_STATUS Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| status | Contains read-only information about the Agent Pool. | AgentPoolStatus_STATUS Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings_STATUS Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings_STATUS Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy_STATUS Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes_STATUS[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile_STATUS Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetID | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile_STATUS Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime_STATUS Optional |
ManagedClustersAgentPoolList
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/agentPools/{agentPoolName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | ManagedClustersAgentPool[] Optional |
TrustedAccessRoleBinding
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}
Used by: TrustedAccessRoleBindingList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | TrustedAccessRoleBinding_Spec Optional |
|
| status | TrustedAccessRoleBinding_STATUS Optional |
TrustedAccessRoleBinding_Spec
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | TrustedAccessRoleBindingOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| roles | A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. | string[] Required |
| sourceResourceReference | The ARM resource ID of source resource that trusted access is configured for. | genruntime.ResourceReference Required |
TrustedAccessRoleBinding_STATUS
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| name | The name of the resource | string Optional |
| provisioningState | The current provisioning state of trusted access role binding. | TrustedAccessRoleBindingProvisioningState_STATUS Optional |
| roles | A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. | string[] Optional |
| sourceResourceId | The ARM resource ID of source resource that trusted access is configured for. | string Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
TrustedAccessRoleBindingList
Generator information: - Generated from: /containerservice/resource-manager/Microsoft.ContainerService/aks/preview/2025-10-02-preview/managedClusters.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | TrustedAccessRoleBinding[] Optional |
MaintenanceConfiguration_Spec
Used by: MaintenanceConfiguration.
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| maintenanceWindow | Maintenance window for the maintenance configuration. | MaintenanceWindow Optional |
| notAllowedTime | Time slots on which upgrade is not allowed. | TimeSpan[] Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | MaintenanceConfigurationOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| timeInWeek | Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. | TimeInWeek[] Optional |
MaintenanceConfiguration_STATUS
Used by: MaintenanceConfiguration.
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| maintenanceWindow | Maintenance window for the maintenance configuration. | MaintenanceWindow_STATUS Optional |
| name | The name of the resource | string Optional |
| notAllowedTime | Time slots on which upgrade is not allowed. | TimeSpan_STATUS[] Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| timeInWeek | Time slots during the week when planned maintenance is allowed to proceed. If two array entries specify the same day of the week, the applied configuration is the union of times in both entries. | TimeInWeek_STATUS[] Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
ManagedCluster_Spec
Used by: ManagedCluster.
| Property | Description | Type |
|---|---|---|
| aadProfile | The Azure Active Directory configuration. | ManagedClusterAADProfile Optional |
| addonProfiles | The profile of managed cluster add-on. | map[string]ManagedClusterAddonProfile Optional |
| agentPoolProfiles | The agent pool properties. | ManagedClusterAgentPoolProfile[] Optional |
| aiToolchainOperatorProfile | AI toolchain operator settings that apply to the whole cluster. | ManagedClusterAIToolchainOperatorProfile Optional |
| apiServerAccessProfile | The access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile Optional |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile Optional |
| autoUpgradeProfile | The auto upgrade configuration. | ManagedClusterAutoUpgradeProfile Optional |
| azureMonitorProfile | Azure Monitor addon profiles for monitoring the managed cluster. | ManagedClusterAzureMonitorProfile Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| bootstrapProfile | Profile of the cluster bootstrap configuration. | ManagedClusterBootstrapProfile Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. | CreationData Optional |
| disableLocalAccounts | If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. | bool Optional |
| diskEncryptionSetReference | The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ | genruntime.ResourceReference Optional |
| dnsPrefix | The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created. | string Optional |
| enableNamespaceResources | Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See https://aka.ms/NamespaceARMResource for more details on Namespace as a ARM Resource. | bool Optional |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool Optional |
| extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation Optional |
| fqdnSubdomain | The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created. | string Optional |
| hostedSystemProfile | Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. | ManagedClusterHostedSystemProfile Optional |
| httpProxyConfig | Configurations for provisioning the cluster with HTTP proxy servers. | ManagedClusterHTTPProxyConfig Optional |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity Optional |
| identityProfile | The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. | map[string]UserAssignedIdentity Optional |
| ingressProfile | Ingress profile for the managed cluster. | ManagedClusterIngressProfile Optional |
| kind | This is primarily used to expose different UI experiences in the portal for different kinds | string Optional |
| kubernetesVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. | string Optional |
| linuxProfile | The profile for Linux VMs in the Managed Cluster. | ContainerServiceLinuxProfile Optional |
| location | The geo-location where the resource lives | string Required |
| metricsProfile | Optional cluster metrics configuration. | ManagedClusterMetricsProfile Optional |
| networkProfile | The network configuration profile. | ContainerServiceNetworkProfile Optional |
| nodeProvisioningProfile | Node provisioning settings that apply to the whole cluster. | ManagedClusterNodeProvisioningProfile Optional |
| nodeResourceGroup | The name of the resource group containing agent pool nodes. | string Optional |
| nodeResourceGroupProfile | Profile of the node resource group configuration. | ManagedClusterNodeResourceGroupProfile Optional |
| oidcIssuerProfile | The OIDC issuer profile of the Managed Cluster. | ManagedClusterOIDCIssuerProfile Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ManagedClusterOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource | genruntime.KnownResourceReference Required |
| podIdentityProfile | The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration. | ManagedClusterPodIdentityProfile Optional |
| privateLinkResources | Private link resources associated with the cluster. | PrivateLinkResource[] Optional |
| publicNetworkAccess | PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS | PublicNetworkAccess Optional |
| schedulerProfile | Profile of the pod scheduler configuration. | SchedulerProfile Optional |
| securityProfile | Security profile for the managed cluster. | ManagedClusterSecurityProfile Optional |
| serviceMeshProfile | Service mesh profile for a managed cluster. | ServiceMeshProfile Optional |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile Optional |
| sku | The managed cluster SKU. | ManagedClusterSKU Optional |
| storageProfile | Storage profile for the managed cluster. | ManagedClusterStorageProfile Optional |
| supportPlan | The support plan for the Managed Cluster. If unspecified, the default is KubernetesOfficial. |
KubernetesSupportPlan Optional |
| tags | Resource tags. | map[string]string Optional |
| upgradeSettings | Settings for upgrading a cluster. | ClusterUpgradeSettings Optional |
| windowsProfile | The profile for Windows VMs in the Managed Cluster. | ManagedClusterWindowsProfile Optional |
| workloadAutoScalerProfile | Workload Auto-scaler profile for the managed cluster. | ManagedClusterWorkloadAutoScalerProfile Optional |
ManagedCluster_STATUS
Managed cluster.
Used by: ManagedCluster.
| Property | Description | Type |
|---|---|---|
| aadProfile | The Azure Active Directory configuration. | ManagedClusterAADProfile_STATUS Optional |
| addonProfiles | The profile of managed cluster add-on. | map[string]ManagedClusterAddonProfile_STATUS Optional |
| agentPoolProfiles | The agent pool properties. | ManagedClusterAgentPoolProfile_STATUS[] Optional |
| aiToolchainOperatorProfile | AI toolchain operator settings that apply to the whole cluster. | ManagedClusterAIToolchainOperatorProfile_STATUS Optional |
| apiServerAccessProfile | The access profile for managed cluster API server. | ManagedClusterAPIServerAccessProfile_STATUS Optional |
| autoScalerProfile | Parameters to be applied to the cluster-autoscaler when enabled | ManagedClusterPropertiesAutoScalerProfile_STATUS Optional |
| autoUpgradeProfile | The auto upgrade configuration. | ManagedClusterAutoUpgradeProfile_STATUS Optional |
| azureMonitorProfile | Azure Monitor addon profiles for monitoring the managed cluster. | ManagedClusterAzureMonitorProfile_STATUS Optional |
| azurePortalFQDN | The special FQDN used by the Azure Portal to access the Managed Cluster. This FQDN is for use only by the Azure Portal and should not be used by other clients. The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly. | string Optional |
| bootstrapProfile | Profile of the cluster bootstrap configuration. | ManagedClusterBootstrapProfile_STATUS Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a snapshot. | CreationData_STATUS Optional |
| currentKubernetesVersion | The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used. | string Optional |
| disableLocalAccounts | If local accounts should be disabled on the Managed Cluster. If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts. | bool Optional |
| diskEncryptionSetID | The Resource ID of the disk encryption set to use for enabling encryption at rest. This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’ | string Optional |
| dnsPrefix | The DNS prefix of the Managed Cluster. This cannot be updated once the Managed Cluster has been created. | string Optional |
| enableNamespaceResources | Enable namespace as Azure resource. The default value is false. It can be enabled/disabled on creation and updating of the managed cluster. See https://aka.ms/NamespaceARMResource for more details on Namespace as a ARM Resource. | bool Optional |
| enableRBAC | Whether to enable Kubernetes Role-Based Access Control. | bool Optional |
| eTag | If eTag is provided in the response body, it may also be provided as a header per the normal etag convention. Entity tags are used for comparing two or more entities from the same requested resource. HTTP/1.1 uses entity tags in the etag (section 14.19), If-Match (section 14.24), If-None-Match (section 14.26), and If-Range (section 14.27) header fields. | string Optional |
| extendedLocation | The extended location of the Virtual Machine. | ExtendedLocation_STATUS Optional |
| fqdn | The FQDN of the master pool. | string Optional |
| fqdnSubdomain | The FQDN subdomain of the private cluster with custom private dns zone. This cannot be updated once the Managed Cluster has been created. | string Optional |
| hostedSystemProfile | Settings for hosted system addons. For more information, see https://aka.ms/aks/automatic/systemcomponents. | ManagedClusterHostedSystemProfile_STATUS Optional |
| httpProxyConfig | Configurations for provisioning the cluster with HTTP proxy servers. | ManagedClusterHTTPProxyConfig_STATUS Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| identity | The identity of the managed cluster, if configured. | ManagedClusterIdentity_STATUS Optional |
| identityProfile | The user identity associated with the managed cluster. This identity will be used by the kubelet. Only one user assigned identity is allowed. The only accepted key is “kubeletidentity”, with value of “resourceId”: “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}”. | map[string]UserAssignedIdentity_STATUS Optional |
| ingressProfile | Ingress profile for the managed cluster. | ManagedClusterIngressProfile_STATUS Optional |
| kind | This is primarily used to expose different UI experiences in the portal for different kinds | string Optional |
| kubernetesVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details. | string Optional |
| linuxProfile | The profile for Linux VMs in the Managed Cluster. | ContainerServiceLinuxProfile_STATUS Optional |
| location | The geo-location where the resource lives | string Optional |
| maxAgentPools | The max number of agent pools for the managed cluster. | int Optional |
| metricsProfile | Optional cluster metrics configuration. | ManagedClusterMetricsProfile_STATUS Optional |
| name | The name of the resource | string Optional |
| networkProfile | The network configuration profile. | ContainerServiceNetworkProfile_STATUS Optional |
| nodeProvisioningProfile | Node provisioning settings that apply to the whole cluster. | ManagedClusterNodeProvisioningProfile_STATUS Optional |
| nodeResourceGroup | The name of the resource group containing agent pool nodes. | string Optional |
| nodeResourceGroupProfile | Profile of the node resource group configuration. | ManagedClusterNodeResourceGroupProfile_STATUS Optional |
| oidcIssuerProfile | The OIDC issuer profile of the Managed Cluster. | ManagedClusterOIDCIssuerProfile_STATUS Optional |
| podIdentityProfile | The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on AAD pod identity integration. | ManagedClusterPodIdentityProfile_STATUS Optional |
| powerState | The Power State of the cluster. | PowerState_STATUS Optional |
| privateFQDN | The FQDN of private cluster. | string Optional |
| privateLinkResources | Private link resources associated with the cluster. | PrivateLinkResource_STATUS[] Optional |
| provisioningState | The current provisioning state. | string Optional |
| publicNetworkAccess | PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS | PublicNetworkAccess_STATUS Optional |
| resourceUID | The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence) | string Optional |
| schedulerProfile | Profile of the pod scheduler configuration. | SchedulerProfile_STATUS Optional |
| securityProfile | Security profile for the managed cluster. | ManagedClusterSecurityProfile_STATUS Optional |
| serviceMeshProfile | Service mesh profile for a managed cluster. | ServiceMeshProfile_STATUS Optional |
| servicePrincipalProfile | Information about a service principal identity for the cluster to use for manipulating Azure APIs. | ManagedClusterServicePrincipalProfile_STATUS Optional |
| sku | The managed cluster SKU. | ManagedClusterSKU_STATUS Optional |
| status | Contains read-only information about the Managed Cluster. | ManagedClusterStatus_STATUS Optional |
| storageProfile | Storage profile for the managed cluster. | ManagedClusterStorageProfile_STATUS Optional |
| supportPlan | The support plan for the Managed Cluster. If unspecified, the default is KubernetesOfficial. |
KubernetesSupportPlan_STATUS Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| tags | Resource tags. | map[string]string Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
| upgradeSettings | Settings for upgrading a cluster. | ClusterUpgradeSettings_STATUS Optional |
| windowsProfile | The profile for Windows VMs in the Managed Cluster. | ManagedClusterWindowsProfile_STATUS Optional |
| workloadAutoScalerProfile | Workload Auto-scaler profile for the managed cluster. | ManagedClusterWorkloadAutoScalerProfile_STATUS Optional |
ManagedClustersAgentPool_Spec
Used by: ManagedClustersAgentPool.
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| capacityReservationGroupReference | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | genruntime.ResourceReference Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile Optional |
| hostGroupReference | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | genruntime.ResourceReference Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode Optional |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixReference | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | genruntime.ResourceReference Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | ManagedClustersAgentPoolOperatorSpec Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfileProperties_OsType Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode Optional |
| podSubnetReference | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState Optional |
| proximityPlacementGroupReference | The ID for Proximity Placement Group. | genruntime.ResourceReference Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfileProperties_ScaleSetPriority Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of Agent Pool. | AgentPoolType Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetReference | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime Optional |
ManagedClustersAgentPool_STATUS
Used by: ManagedClustersAgentPool.
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile_STATUS Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| capacityReservationGroupID | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | string Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData_STATUS Optional |
| currentOrchestratorVersion | The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. | string Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| eTag | Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal eTag convention. | string Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile_STATUS Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile_STATUS Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile_STATUS Optional |
| hostGroupID | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | string Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig_STATUS Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType_STATUS Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig_STATUS Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile_STATUS Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode_STATUS Optional |
| name | The name of the resource | string Optional |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile_STATUS Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile_STATUS Optional |
| nodeImageVersion | The version of node image | string Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixID | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | string Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType_STATUS Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU_STATUS Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfileProperties_OsType_STATUS Optional |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode_STATUS Optional |
| podSubnetID | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState_STATUS Optional |
| properties_type | The type of Agent Pool. | AgentPoolType_STATUS Optional |
| provisioningState | The current deployment or provisioning state. | string Optional |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode_STATUS Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy_STATUS Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfileProperties_ScaleSetPriority_STATUS Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile_STATUS Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| status | Contains read-only information about the Agent Pool. | AgentPoolStatus_STATUS Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings_STATUS Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings_STATUS Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy_STATUS Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes_STATUS[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile_STATUS Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetID | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile_STATUS Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime_STATUS Optional |
TrustedAccessRoleBinding_Spec
Used by: TrustedAccessRoleBinding.
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | TrustedAccessRoleBindingOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a containerservice.azure.com/ManagedCluster resource | genruntime.KnownResourceReference Required |
| roles | A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. | string[] Required |
| sourceResourceReference | The ARM resource ID of source resource that trusted access is configured for. | genruntime.ResourceReference Required |
TrustedAccessRoleBinding_STATUS
Used by: TrustedAccessRoleBinding.
| Property | Description | Type |
|---|---|---|
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| id | Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}” | string Optional |
| name | The name of the resource | string Optional |
| provisioningState | The current provisioning state of trusted access role binding. | TrustedAccessRoleBindingProvisioningState_STATUS Optional |
| roles | A list of roles to bind, each item is a resource type qualified role name. For example: ‘Microsoft.MachineLearningServices/workspaces/reader’. | string[] Optional |
| sourceResourceId | The ARM resource ID of source resource that trusted access is configured for. | string Optional |
| systemData | Azure Resource Manager metadata containing createdBy and modifiedBy information. | SystemData_STATUS Optional |
| type | The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts” | string Optional |
AgentPoolArtifactStreamingProfile
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| enabled | Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. | bool Optional |
AgentPoolArtifactStreamingProfile_STATUS
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Artifact streaming speeds up the cold-start of containers on a node through on-demand image loading. To use this feature, container images must also enable artifact streaming on ACR. If not specified, the default is false. | bool Optional |
AgentPoolBlueGreenUpgradeSettings
Settings for blue-green upgrade on an agentpool
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| batchSoakDurationInMinutes | The soak duration after draining a batch of nodes, i.e., the amount of time (in minutes) to wait after draining a batch of nodes before moving on the next batch. If not specified, the default is 15 minutes. | int Optional |
| drainBatchSize | The number or percentage of nodes to drain in batch during blue-green upgrade. Must be a non-zero number. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total number of blue nodes of the initial upgrade operation. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| drainTimeoutInMinutes | The drain timeout for a node, i.e., the amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. | int Optional |
| finalSoakDurationInMinutes | The soak duration for a node pool, i.e., the amount of time (in minutes) to wait after all old nodes are drained before we remove the old nodes. If not specified, the default is 60 minutes. Only applicable for blue-green upgrade strategy. | int Optional |
AgentPoolBlueGreenUpgradeSettings_STATUS
Settings for blue-green upgrade on an agentpool
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| batchSoakDurationInMinutes | The soak duration after draining a batch of nodes, i.e., the amount of time (in minutes) to wait after draining a batch of nodes before moving on the next batch. If not specified, the default is 15 minutes. | int Optional |
| drainBatchSize | The number or percentage of nodes to drain in batch during blue-green upgrade. Must be a non-zero number. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total number of blue nodes of the initial upgrade operation. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| drainTimeoutInMinutes | The drain timeout for a node, i.e., the amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. | int Optional |
| finalSoakDurationInMinutes | The soak duration for a node pool, i.e., the amount of time (in minutes) to wait after all old nodes are drained before we remove the old nodes. If not specified, the default is 60 minutes. Only applicable for blue-green upgrade strategy. | int Optional |
AgentPoolGatewayProfile
Profile of the managed cluster gateway agent pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| publicIPPrefixSize | The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31](/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. | int Optional |
AgentPoolGatewayProfile_STATUS
Profile of the managed cluster gateway agent pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| publicIPPrefixSize | The Gateway agent pool associates one public IPPrefix for each static egress gateway to provide public egress. The size of Public IPPrefix should be selected by the user. Each node in the agent pool is assigned with one IP from the IPPrefix. The IPPrefix size thus serves as a cap on the size of the Gateway agent pool. Due to Azure public IPPrefix size limitation, the valid value range is [28, 31](/31 = 2 nodes/IPs, /30 = 4 nodes/IPs, /29 = 8 nodes/IPs, /28 = 16 nodes/IPs). The default value is 31. | int Optional |
AgentPoolMode
The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Gateway” | |
| “Machines” | |
| “ManagedSystem” | |
| “System” | |
| “User” |
AgentPoolMode_STATUS
The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Gateway” | |
| “Machines” | |
| “ManagedSystem” | |
| “System” | |
| “User” |
AgentPoolNetworkProfile
Network settings of an agent pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| allowedHostPorts | The port ranges that are allowed to access. The specified ranges are allowed to overlap. | PortRange[] Optional |
| applicationSecurityGroupsReferences | The IDs of the application security groups which agent pool will associate when created. | genruntime.ResourceReference[] Optional |
| nodePublicIPTags | IPTags of instance-level public IPs. | IPTag[] Optional |
AgentPoolNetworkProfile_STATUS
Network settings of an agent pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| allowedHostPorts | The port ranges that are allowed to access. The specified ranges are allowed to overlap. | PortRange_STATUS[] Optional |
| applicationSecurityGroups | The IDs of the application security groups which agent pool will associate when created. | string[] Optional |
| nodePublicIPTags | IPTags of instance-level public IPs. | IPTag_STATUS[] Optional |
AgentPoolSecurityProfile
The security settings of an agent pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| enableSecureBoot | Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. | bool Optional |
| enableVTPM | vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. | bool Optional |
| sshAccess | SSH access method of an agent pool. | AgentPoolSSHAccess Optional |
AgentPoolSecurityProfile_STATUS
The security settings of an agent pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| enableSecureBoot | Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. | bool Optional |
| enableVTPM | vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false. | bool Optional |
| sshAccess | SSH access method of an agent pool. | AgentPoolSSHAccess_STATUS Optional |
AgentPoolStatus_STATUS
Contains read-only information about the Agent Pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| provisioningError | The error detail information of the agent pool. Preserves the detailed info of failure. If there was no error, this field is omitted. | ErrorDetail_STATUS Optional |
AgentPoolType
The type of Agent Pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “AvailabilitySet” | |
| “VirtualMachineScaleSets” | |
| “VirtualMachines” |
AgentPoolType_STATUS
The type of Agent Pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “AvailabilitySet” | |
| “VirtualMachineScaleSets” | |
| “VirtualMachines” |
AgentPoolUpgradeSettings
Settings for upgrading an agentpool
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| drainTimeoutInMinutes | The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. | int Optional |
| maxBlockedNodes | The maximum number or percentage of extra nodes that are allowed to be blocked in the agent pool during an upgrade when undrainable node behavior is Cordon. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is maxSurge. This must always be greater than or equal to maxSurge. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| maxSurge | The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| maxUnavailable | The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. 1) or a percentage (e.g. ‘5%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| nodeSoakDurationInMinutes | The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. | int Optional |
| undrainableNodeBehavior | Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. | UndrainableNodeBehavior Optional |
AgentPoolUpgradeSettings_STATUS
Settings for upgrading an agentpool
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| drainTimeoutInMinutes | The drain timeout for a node. The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes. | int Optional |
| maxBlockedNodes | The maximum number or percentage of extra nodes that are allowed to be blocked in the agent pool during an upgrade when undrainable node behavior is Cordon. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is maxSurge. This must always be greater than or equal to maxSurge. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| maxSurge | The maximum number or percentage of nodes that are surged during upgrade. This can either be set to an integer (e.g. 5) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| maxUnavailable | The maximum number or percentage of nodes that can be simultaneously unavailable during upgrade. This can either be set to an integer (e.g. 1) or a percentage (e.g. ‘5%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 0. For more information, including best practices, see: https://learn.microsoft.com/en-us/azure/aks/upgrade-cluster |
string Optional |
| nodeSoakDurationInMinutes | The soak duration for a node. The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes. | int Optional |
| undrainableNodeBehavior | Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes. | UndrainableNodeBehavior_STATUS Optional |
AgentPoolWindowsProfile
The Windows agent pool’s specific profile.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| disableOutboundNat | Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. | bool Optional |
AgentPoolWindowsProfile_STATUS
The Windows agent pool’s specific profile.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| disableOutboundNat | Whether to disable OutboundNAT in windows nodes. The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled. | bool Optional |
ClusterUpgradeSettings
Settings for upgrading a cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| overrideSettings | Settings for overrides. | UpgradeOverrideSettings Optional |
ClusterUpgradeSettings_STATUS
Settings for upgrading a cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| overrideSettings | Settings for overrides. | UpgradeOverrideSettings_STATUS Optional |
ContainerServiceLinuxProfile
Profile for Linux VMs in the container service cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| adminUsername | The administrator username to use for Linux VMs. | string Required |
| ssh | The SSH configuration for Linux-based VMs running on Azure. | ContainerServiceSshConfiguration Required |
ContainerServiceLinuxProfile_STATUS
Profile for Linux VMs in the container service cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| adminUsername | The administrator username to use for Linux VMs. | string Optional |
| ssh | The SSH configuration for Linux-based VMs running on Azure. | ContainerServiceSshConfiguration_STATUS Optional |
ContainerServiceNetworkProfile
Profile of network configuration.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| advancedNetworking | Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking. | AdvancedNetworking Optional |
| dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Optional |
| ipFamilies | The IP families used to specify IP versions available to the cluster. IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. | IPFamily[] Optional |
| kubeProxyConfig | Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v |
ContainerServiceNetworkProfileKubeProxyConfig Optional |
| loadBalancerProfile | Profile of the cluster load balancer. | ManagedClusterLoadBalancerProfile Optional |
| loadBalancerSku | The load balancer sku for the managed cluster. The default is standard. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs. |
LoadBalancerSku Optional |
| natGatewayProfile | Profile of the cluster NAT gateway. | ManagedClusterNATGatewayProfile Optional |
| networkDataplane | Network dataplane used in the Kubernetes cluster. | NetworkDataplane Optional |
| networkMode | The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than azure. |
NetworkMode Optional |
| networkPlugin | Network plugin used for building the Kubernetes network. | NetworkPlugin Optional |
| networkPluginMode | The mode the network plugin should use. | NetworkPluginMode Optional |
| networkPolicy | Network policy used for building the Kubernetes network. | NetworkPolicy Optional |
| outboundType | The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type. | ContainerServiceNetworkProfile_OutboundType Optional |
| podCidr | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | string Optional |
| podCidrs | The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. | string[] Optional |
| podLinkLocalAccess | Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. if not specified, the default is IMDS. |
PodLinkLocalAccess Optional |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Optional |
| serviceCidrs | The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges. | string[] Optional |
| staticEgressGatewayProfile | The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, see https://aka.ms/aks/static-egress-gateway. | ManagedClusterStaticEgressGatewayProfile Optional |
ContainerServiceNetworkProfile_STATUS
Profile of network configuration.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| advancedNetworking | Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking. | AdvancedNetworking_STATUS Optional |
| dnsServiceIP | An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | string Optional |
| ipFamilies | The IP families used to specify IP versions available to the cluster. IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6. | IPFamily_STATUS[] Optional |
| kubeProxyConfig | Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v |
ContainerServiceNetworkProfileKubeProxyConfig_STATUS Optional |
| loadBalancerProfile | Profile of the cluster load balancer. | ManagedClusterLoadBalancerProfile_STATUS Optional |
| loadBalancerSku | The load balancer sku for the managed cluster. The default is standard. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs. |
LoadBalancerSku_STATUS Optional |
| natGatewayProfile | Profile of the cluster NAT gateway. | ManagedClusterNATGatewayProfile_STATUS Optional |
| networkDataplane | Network dataplane used in the Kubernetes cluster. | NetworkDataplane_STATUS Optional |
| networkMode | The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than azure. |
NetworkMode_STATUS Optional |
| networkPlugin | Network plugin used for building the Kubernetes network. | NetworkPlugin_STATUS Optional |
| networkPluginMode | The mode the network plugin should use. | NetworkPluginMode_STATUS Optional |
| networkPolicy | Network policy used for building the Kubernetes network. | NetworkPolicy_STATUS Optional |
| outboundType | The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type. | ContainerServiceNetworkProfile_OutboundType_STATUS Optional |
| podCidr | A CIDR notation IP range from which to assign pod IPs when kubenet is used. | string Optional |
| podCidrs | The CIDR notation IP ranges from which to assign pod IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. | string[] Optional |
| podLinkLocalAccess | Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. if not specified, the default is IMDS. |
PodLinkLocalAccess_STATUS Optional |
| serviceCidr | A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. | string Optional |
| serviceCidrs | The CIDR notation IP ranges from which to assign service cluster IPs. One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges. | string[] Optional |
| staticEgressGatewayProfile | The profile for Static Egress Gateway addon. For more details about Static Egress Gateway, see https://aka.ms/aks/static-egress-gateway. | ManagedClusterStaticEgressGatewayProfile_STATUS Optional |
CreationData
Data used when creating a target resource from a source resource.
Used by: ManagedCluster_Spec, ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| sourceResourceReference | This is the ARM ID of the source object to be used to create the target object. | genruntime.ResourceReference Optional |
CreationData_STATUS
Data used when creating a target resource from a source resource.
Used by: ManagedCluster_STATUS, ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| sourceResourceId | This is the ARM ID of the source object to be used to create the target object. | string Optional |
ExtendedLocation
The complex type of the extended location.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| name | The name of the extended location. | string Optional |
| type | The type of the extended location. | ExtendedLocationTypes Optional |
ExtendedLocation_STATUS
The complex type of the extended location.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| name | The name of the extended location. | string Optional |
| type | The type of the extended location. | ExtendedLocationTypes_STATUS Optional |
GPUInstanceProfile
GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “MIG1g” | |
| “MIG2g” | |
| “MIG3g” | |
| “MIG4g” | |
| “MIG7g” |
GPUInstanceProfile_STATUS
GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “MIG1g” | |
| “MIG2g” | |
| “MIG3g” | |
| “MIG4g” | |
| “MIG7g” |
GPUProfile
GPU settings for the Agent Pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| driver | Whether to install GPU drivers. When it’s not specified, default is Install. | GPUDriver Optional |
| driverType | Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility. | DriverType Optional |
GPUProfile_STATUS
GPU settings for the Agent Pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| driver | Whether to install GPU drivers. When it’s not specified, default is Install. | GPUDriver_STATUS Optional |
| driverType | Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility. | DriverType_STATUS Optional |
KubeletConfig
Kubelet configurations of agent nodes. See AKS custom node configuration for more details.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| allowedUnsafeSysctls | Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). |
string[] Optional |
| containerLogMaxFiles | The maximum number of container log files that can be present for a container. The number must be ≥ 2. | int Optional |
| containerLogMaxSizeMB | The maximum size (e.g. 10Mi) of container log file before it is rotated. | int Optional |
| cpuCfsQuota | If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true. | bool Optional |
| cpuCfsQuotaPeriod | The CPU CFS quota period value. The default is 100ms. Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: 300ms, 2h45m. Supported units are ns, us, ms, s, m, and h. |
string Optional |
| cpuManagerPolicy | The CPU Manager policy to use. The default is none. See Kubernetes CPU management policies for more information. Allowed values are none and static. |
string Optional |
| failSwapOn | If set to true it will make the Kubelet fail to start if swap is enabled on the node. | bool Optional |
| imageGcHighThreshold | The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85% | int Optional |
| imageGcLowThreshold | The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80% | int Optional |
| podMaxPids | The maximum number of processes per pod. | int Optional |
| seccompDefault | Specifies the default seccomp profile applied to all workloads. If not specified, Unconfined will be used by default. |
SeccompDefault Optional |
| topologyManagerPolicy | The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is none. Allowed values are none, ‘best-effort’, restricted, and ‘single-numa-node’. |
string Optional |
KubeletConfig_STATUS
Kubelet configurations of agent nodes. See AKS custom node configuration for more details.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| allowedUnsafeSysctls | Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *). |
string[] Optional |
| containerLogMaxFiles | The maximum number of container log files that can be present for a container. The number must be ≥ 2. | int Optional |
| containerLogMaxSizeMB | The maximum size (e.g. 10Mi) of container log file before it is rotated. | int Optional |
| cpuCfsQuota | If CPU CFS quota enforcement is enabled for containers that specify CPU limits. The default is true. | bool Optional |
| cpuCfsQuotaPeriod | The CPU CFS quota period value. The default is 100ms. Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: 300ms, 2h45m. Supported units are ns, us, ms, s, m, and h. |
string Optional |
| cpuManagerPolicy | The CPU Manager policy to use. The default is none. See Kubernetes CPU management policies for more information. Allowed values are none and static. |
string Optional |
| failSwapOn | If set to true it will make the Kubelet fail to start if swap is enabled on the node. | bool Optional |
| imageGcHighThreshold | The percent of disk usage after which image garbage collection is always run. To disable image garbage collection, set to 100. The default is 85% | int Optional |
| imageGcLowThreshold | The percent of disk usage before which image garbage collection is never run. This cannot be set higher than imageGcHighThreshold. The default is 80% | int Optional |
| podMaxPids | The maximum number of processes per pod. | int Optional |
| seccompDefault | Specifies the default seccomp profile applied to all workloads. If not specified, Unconfined will be used by default. |
SeccompDefault_STATUS Optional |
| topologyManagerPolicy | The Topology Manager policy to use. For more information see Kubernetes Topology Manager. The default is none. Allowed values are none, ‘best-effort’, restricted, and ‘single-numa-node’. |
string Optional |
KubeletDiskType
Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “OS” | |
| “Temporary” |
KubeletDiskType_STATUS
Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “OS” | |
| “Temporary” |
KubernetesSupportPlan
Different support tiers for AKS managed clusters
Used by: ManagedCluster_Spec.
| Value | Description |
|---|---|
| “AKSLongTermSupport” | |
| “KubernetesOfficial” |
KubernetesSupportPlan_STATUS
Different support tiers for AKS managed clusters
Used by: ManagedCluster_STATUS.
| Value | Description |
|---|---|
| “AKSLongTermSupport” | |
| “KubernetesOfficial” |
LinuxOSConfig
OS configurations of Linux agent nodes. See AKS custom node configuration for more details.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| swapFileSizeMB | The size in MB of a swap file that will be created on each node. | int Optional |
| sysctls | Sysctl settings for Linux agent nodes. | SysctlConfig Optional |
| transparentHugePageDefrag | Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are always, defer, ‘defer+madvise’, madvise and never. The default is madvise. For more information see Transparent Hugepages. |
string Optional |
| transparentHugePageEnabled | Whether transparent hugepages are enabled. Valid values are always, madvise, and never. The default is always. For more information see Transparent Hugepages. |
string Optional |
LinuxOSConfig_STATUS
OS configurations of Linux agent nodes. See AKS custom node configuration for more details.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| swapFileSizeMB | The size in MB of a swap file that will be created on each node. | int Optional |
| sysctls | Sysctl settings for Linux agent nodes. | SysctlConfig_STATUS Optional |
| transparentHugePageDefrag | Whether the kernel should make aggressive use of memory compaction to make more hugepages available. Valid values are always, defer, ‘defer+madvise’, madvise and never. The default is madvise. For more information see Transparent Hugepages. |
string Optional |
| transparentHugePageEnabled | Whether transparent hugepages are enabled. Valid values are always, madvise, and never. The default is always. For more information see Transparent Hugepages. |
string Optional |
LocalDNSProfile
Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| kubeDNSOverrides | KubeDNS overrides apply to DNS traffic from pods with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic). | map[string]LocalDNSOverride Optional |
| mode | Mode of enablement for localDNS. | LocalDNSProfile_Mode Optional |
| vnetDNSOverrides | VnetDNS overrides apply to DNS traffic from pods with dnsPolicy:default or kubelet (referred to as VnetDNS traffic). | map[string]LocalDNSOverride Optional |
LocalDNSProfile_STATUS
Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| kubeDNSOverrides | KubeDNS overrides apply to DNS traffic from pods with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic). | map[string]LocalDNSOverride_STATUS Optional |
| mode | Mode of enablement for localDNS. | LocalDNSProfile_Mode_STATUS Optional |
| state | System-generated state of localDNS. | LocalDNSState_STATUS Optional |
| vnetDNSOverrides | VnetDNS overrides apply to DNS traffic from pods with dnsPolicy:default or kubelet (referred to as VnetDNS traffic). | map[string]LocalDNSOverride_STATUS Optional |
MaintenanceConfigurationOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: MaintenanceConfiguration_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
MaintenanceWindow
Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.
Used by: MaintenanceConfiguration_Spec.
| Property | Description | Type |
|---|---|---|
| durationHours | Length of maintenance window range from 4 to 24 hours. | int Required |
| notAllowedDates | Date ranges on which upgrade is not allowed. utcOffset applies to this field. For example, with ‘utcOffset: +02:00’ and dateSpan being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time. |
DateSpan[] Optional |
| schedule | Recurrence schedule for the maintenance window. | Schedule Required |
| startDate | The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. | string Optional |
| startTime | The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. utcOffset applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’. |
string Required |
| utcOffset | The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’. | string Optional |
MaintenanceWindow_STATUS
Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.
Used by: MaintenanceConfiguration_STATUS.
| Property | Description | Type |
|---|---|---|
| durationHours | Length of maintenance window range from 4 to 24 hours. | int Optional |
| notAllowedDates | Date ranges on which upgrade is not allowed. utcOffset applies to this field. For example, with ‘utcOffset: +02:00’ and dateSpan being ‘2022-12-23’ to ‘2023-01-03’, maintenance will be blocked from ‘2022-12-22 22:00’ to ‘2023-01-03 22:00’ in UTC time. |
DateSpan_STATUS[] Optional |
| schedule | Recurrence schedule for the maintenance window. | Schedule_STATUS Optional |
| startDate | The date the maintenance window activates. If the current date is before this date, the maintenance window is inactive and will not be used for upgrades. If not specified, the maintenance window will be active right away. | string Optional |
| startTime | The start time of the maintenance window. Accepted values are from ‘00:00’ to ‘23:59’. utcOffset applies to this field. For example: ‘02:00’ with ‘utcOffset: +02:00’ means UTC time ‘00:00’. |
string Optional |
| utcOffset | The UTC offset in format +/-HH:mm. For example, ‘+05:30’ for IST and ‘-07:00’ for PST. If not specified, the default is ‘+00:00’. | string Optional |
ManagedClusterAADProfile
AADProfile specifies attributes for Azure Active Directory integration. For more details see managed AAD on AKS.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| adminGroupObjectIDs | The list of AAD group object IDs that will have admin role of the cluster. | string[] Optional |
| clientAppID | (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| enableAzureRBAC | Whether to enable Azure RBAC for Kubernetes authorization. | bool Optional |
| managed | Whether to enable managed AAD. | bool Optional |
| serverAppID | (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| serverAppSecret | (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| tenantID | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | string Optional |
ManagedClusterAADProfile_STATUS
AADProfile specifies attributes for Azure Active Directory integration. For more details see managed AAD on AKS.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| adminGroupObjectIDs | The list of AAD group object IDs that will have admin role of the cluster. | string[] Optional |
| clientAppID | (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| enableAzureRBAC | Whether to enable Azure RBAC for Kubernetes authorization. | bool Optional |
| managed | Whether to enable managed AAD. | bool Optional |
| serverAppID | (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| serverAppSecret | (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy. | string Optional |
| tenantID | The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription. | string Optional |
ManagedClusterAddonProfile
A Kubernetes add-on profile for a managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| config | Key-value pairs for configuring an add-on. | map[string]string Optional |
| enabled | Whether the add-on is enabled or not. | bool Required |
ManagedClusterAddonProfile_STATUS
A Kubernetes add-on profile for a managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| config | Key-value pairs for configuring an add-on. | map[string]string Optional |
| enabled | Whether the add-on is enabled or not. | bool Optional |
| identity | Information of user assigned identity used by this add-on. | UserAssignedIdentity_STATUS Optional |
ManagedClusterAgentPoolProfile
Profile for the container service agent pool.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| capacityReservationGroupReference | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | genruntime.ResourceReference Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile Optional |
| hostGroupReference | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | genruntime.ResourceReference Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode Optional |
| name | Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool names must be 6 characters or less. | string Required |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixReference | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | genruntime.ResourceReference Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfile_OsType Optional |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode Optional |
| podSubnetReference | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState Optional |
| proximityPlacementGroupReference | The ID for Proximity Placement Group. | genruntime.ResourceReference Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfile_ScaleSetEvictionPolicy Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfile_ScaleSetPriority Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of Agent Pool. | AgentPoolType Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetReference | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | genruntime.ResourceReference Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime Optional |
ManagedClusterAgentPoolProfile_STATUS
Profile for the container service agent pool.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| artifactStreamingProfile | Configuration for using artifact streaming on AKS. | AgentPoolArtifactStreamingProfile_STATUS Optional |
| availabilityZones | The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is VirtualMachineScaleSets. |
string[] Optional |
| capacityReservationGroupID | The fully qualified resource ID of the Capacity Reservation Group to provide virtual machines from a reserved group of Virtual Machines. This is of the form: ‘/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Compute/capacityreservationgroups/{capacityReservationGroupName}’ Customers use it to create an agentpool with a specified CRG. For more information see Capacity Reservation | string Optional |
| count | Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. | int Optional |
| creationData | CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot. | CreationData_STATUS Optional |
| currentOrchestratorVersion | The version of Kubernetes the Agent Pool is running. If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used. | string Optional |
| enableAutoScaling | Whether to enable auto-scaler | bool Optional |
| enableEncryptionAtHost | Whether to enable host based OS and data drive encryption. This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption | bool Optional |
| enableFIPS | Whether to use a FIPS-enabled OS. See Add a FIPS-enabled node pool for more details. | bool Optional |
| enableNodePublicIP | Whether each node is allocated its own public IP. Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false. | bool Optional |
| enableUltraSSD | Whether to enable UltraSSD | bool Optional |
| eTag | Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal eTag convention. | string Optional |
| gatewayProfile | Profile specific to a managed agent pool in Gateway mode. This field cannot be set if agent pool mode is not Gateway. | AgentPoolGatewayProfile_STATUS Optional |
| gpuInstanceProfile | GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. | GPUInstanceProfile_STATUS Optional |
| gpuProfile | GPU settings for the Agent Pool. | GPUProfile_STATUS Optional |
| hostGroupID | The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from, used only in creation scenario and not allowed to changed once set. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts. | string Optional |
| kubeletConfig | The Kubelet configuration on the agent pool nodes. | KubeletConfig_STATUS Optional |
| kubeletDiskType | Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. | KubeletDiskType_STATUS Optional |
| linuxOSConfig | The OS configuration of Linux agent nodes. | LinuxOSConfig_STATUS Optional |
| localDNSProfile | Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns. | LocalDNSProfile_STATUS Optional |
| maxCount | The maximum number of nodes for auto-scaling | int Optional |
| maxPods | The maximum number of pods that can run on a node. | int Optional |
| messageOfTheDay | Message of the day for Linux nodes, base64-encoded. A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script). | string Optional |
| minCount | The minimum number of nodes for auto-scaling | int Optional |
| mode | The mode of an agent pool. A cluster must have at least one System Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools |
AgentPoolMode_STATUS Optional |
| name | Unique name of the agent pool profile in the context of the subscription and resource group. Windows agent pool names must be 6 characters or less. | string Optional |
| networkProfile | Network-related settings of an agent pool. | AgentPoolNetworkProfile_STATUS Optional |
| nodeCustomizationProfile | Settings to determine the node customization used to provision nodes in a pool. | NodeCustomizationProfile_STATUS Optional |
| nodeImageVersion | The version of node image | string Optional |
| nodeInitializationTaints | Taints added on the nodes during creation that will not be reconciled by AKS. These taints will not be reconciled by AKS and can be removed with a kubectl call. This field can be modified after node pool is created, but nodes will not be recreated with new taints until another operation that requires recreation (e.g. node image upgrade) happens. These taints allow for required configuration to run before the node is ready to accept workloads, for example ‘key1=value1:NoSchedule’ that then can be removed with kubectl taint nodes node1 key1=value1:NoSchedule- |
string[] Optional |
| nodeLabels | The node labels to be persisted across all nodes in agent pool. | map[string]string Optional |
| nodePublicIPPrefixID | The public IP prefix ID which VM nodes should use IPs from. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName} | string Optional |
| nodeTaints | The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. | string[] Optional |
| orchestratorVersion | The version of Kubernetes specified by the user. Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool. | string Optional |
| osDiskSizeGB | OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. | int Optional |
| osDiskType | The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS. |
OSDiskType_STATUS Optional |
| osSKU | Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. | OSSKU_STATUS Optional |
| osType | The operating system type. The default is Linux. | ManagedClusterAgentPoolProfile_OsType_STATUS Optional |
| podIPAllocationMode | Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual. |
PodIPAllocationMode_STATUS Optional |
| podSubnetID | The ID of the subnet which pods will join when launched. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| powerState | Whether the Agent Pool is running or stopped. When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded | PowerState_STATUS Optional |
| provisioningState | The current deployment or provisioning state. | string Optional |
| proximityPlacementGroupID | The ID for Proximity Placement Group. | string Optional |
| scaleDownMode | The scale down mode to use when scaling the Agent Pool. This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete. | ScaleDownMode_STATUS Optional |
| scaleSetEvictionPolicy | The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs | ManagedClusterAgentPoolProfile_ScaleSetEvictionPolicy_STATUS Optional |
| scaleSetPriority | The Virtual Machine Scale Set priority. | ManagedClusterAgentPoolProfile_ScaleSetPriority_STATUS Optional |
| securityProfile | The security settings of an agent pool. | AgentPoolSecurityProfile_STATUS Optional |
| spotMaxPrice | The max price (in US Dollars) you are willing to pay for spot instances. Possible values are any decimal value greater than zero or -1 which indicates default price to be up-to on-demand. Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing | float64 Optional |
| status | Contains read-only information about the Agent Pool. | AgentPoolStatus_STATUS Optional |
| tags | The tags to be persisted on the agent pool virtual machine scale set. | map[string]string Optional |
| type | The type of Agent Pool. | AgentPoolType_STATUS Optional |
| upgradeSettings | Settings for upgrading the agentpool | AgentPoolUpgradeSettings_STATUS Optional |
| upgradeSettingsBlueGreen | Settings for Blue-Green upgrade on the agentpool. Applies when upgrade strategy is set to BlueGreen. | AgentPoolBlueGreenUpgradeSettings_STATUS Optional |
| upgradeStrategy | Defines the upgrade strategy for the agent pool. The default is Rolling. | UpgradeStrategy_STATUS Optional |
| virtualMachineNodesStatus | The status of nodes in a VirtualMachines agent pool. | VirtualMachineNodes_STATUS[] Optional |
| virtualMachinesProfile | Specifications on VirtualMachines agent pool. | VirtualMachinesProfile_STATUS Optional |
| vmSize | The size of the agent pool VMs. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions | string Optional |
| vnetSubnetID | The ID of the subnet which agent pool nodes and optionally pods will join on startup. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName} | string Optional |
| windowsProfile | The Windows agent pool’s specific profile. | AgentPoolWindowsProfile_STATUS Optional |
| workloadRuntime | Determines the type of workload a node can run. | WorkloadRuntime_STATUS Optional |
ManagedClusterAgentPoolProfileProperties_OsType
Used by: ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Linux” | |
| “Windows” |
ManagedClusterAgentPoolProfileProperties_OsType_STATUS
Used by: ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Linux” | |
| “Windows” |
ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy
Used by: ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
ManagedClusterAgentPoolProfileProperties_ScaleSetEvictionPolicy_STATUS
Used by: ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
ManagedClusterAgentPoolProfileProperties_ScaleSetPriority
Used by: ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Regular” | |
| “Spot” |
ManagedClusterAgentPoolProfileProperties_ScaleSetPriority_STATUS
Used by: ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Regular” | |
| “Spot” |
ManagedClusterAIToolchainOperatorProfile
When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not. | bool Optional |
ManagedClusterAIToolchainOperatorProfile_STATUS
When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AI toolchain operator to the cluster. Indicates if AI toolchain operator enabled or not. | bool Optional |
ManagedClusterAPIServerAccessProfile
Access profile for managed cluster API server.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| authorizedIPRanges | The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges. | string[] Optional |
| disableRunCommand | Whether to disable run command for the cluster or not. | bool Optional |
| enablePrivateCluster | Whether to create the cluster as a private cluster or not. For more details, see Creating a private AKS cluster. | bool Optional |
| enablePrivateClusterPublicFQDN | Whether to create additional public FQDN for private cluster or not. | bool Optional |
| enableVnetIntegration | Whether to enable apiserver vnet integration for the cluster or not. See aka.ms/AksVnetIntegration for more details. | bool Optional |
| privateDNSZone | The private DNS zone mode for the cluster. The default is System. For more details see configure private DNS zone. Allowed values are system and none. |
string Optional |
| subnetReference | The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. | genruntime.ResourceReference Optional |
ManagedClusterAPIServerAccessProfile_STATUS
Access profile for managed cluster API server.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| authorizedIPRanges | The IP ranges authorized to access the Kubernetes API server. IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges. | string[] Optional |
| disableRunCommand | Whether to disable run command for the cluster or not. | bool Optional |
| enablePrivateCluster | Whether to create the cluster as a private cluster or not. For more details, see Creating a private AKS cluster. | bool Optional |
| enablePrivateClusterPublicFQDN | Whether to create additional public FQDN for private cluster or not. | bool Optional |
| enableVnetIntegration | Whether to enable apiserver vnet integration for the cluster or not. See aka.ms/AksVnetIntegration for more details. | bool Optional |
| privateDNSZone | The private DNS zone mode for the cluster. The default is System. For more details see configure private DNS zone. Allowed values are system and none. |
string Optional |
| subnetId | The subnet to be used when apiserver vnet integration is enabled. It is required when creating a new cluster with BYO Vnet, or when updating an existing cluster to enable apiserver vnet integration. | string Optional |
ManagedClusterAutoUpgradeProfile
Auto upgrade profile for a managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| nodeOSUpgradeChannel | Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage. | NodeOSUpgradeChannel Optional |
| upgradeChannel | The upgrade channel for auto upgrade. The default is none. For more information see setting the AKS cluster auto-upgrade channel. |
UpgradeChannel Optional |
ManagedClusterAutoUpgradeProfile_STATUS
Auto upgrade profile for a managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| nodeOSUpgradeChannel | Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage. | NodeOSUpgradeChannel_STATUS Optional |
| upgradeChannel | The upgrade channel for auto upgrade. The default is none. For more information see setting the AKS cluster auto-upgrade channel. |
UpgradeChannel_STATUS Optional |
ManagedClusterAzureMonitorProfile
Azure Monitor addon profiles for monitoring the managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| appMonitoring | Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoring Optional |
| containerInsights | Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. | ManagedClusterAzureMonitorProfileContainerInsights Optional |
| metrics | Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. | ManagedClusterAzureMonitorProfileMetrics Optional |
ManagedClusterAzureMonitorProfile_STATUS
Azure Monitor addon profiles for monitoring the managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| appMonitoring | Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoring_STATUS Optional |
| containerInsights | Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview. | ManagedClusterAzureMonitorProfileContainerInsights_STATUS Optional |
| metrics | Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview. | ManagedClusterAzureMonitorProfileMetrics_STATUS Optional |
ManagedClusterBootstrapProfile
The bootstrap profile.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| artifactSource | The artifact source. The source where the artifacts are downloaded from. | ManagedClusterBootstrapProfile_ArtifactSource Optional |
| containerRegistryReference | The resource Id of Azure Container Registry. The registry must have private network access, premium SKU and zone redundancy. | genruntime.ResourceReference Optional |
ManagedClusterBootstrapProfile_STATUS
The bootstrap profile.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| artifactSource | The artifact source. The source where the artifacts are downloaded from. | ManagedClusterBootstrapProfile_ArtifactSource_STATUS Optional |
| containerRegistryId | The resource Id of Azure Container Registry. The registry must have private network access, premium SKU and zone redundancy. | string Optional |
ManagedClusterHostedSystemProfile
Settings for hosted system addons.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable hosted system addons for the cluster. | bool Optional |
ManagedClusterHostedSystemProfile_STATUS
Settings for hosted system addons.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable hosted system addons for the cluster. | bool Optional |
ManagedClusterHTTPProxyConfig
Cluster HTTP proxy configuration.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable HTTP proxy. When disabled, the specified proxy configuration will be not be set on pods and nodes. | bool Optional |
| httpProxy | The HTTP proxy server endpoint to use. | string Optional |
| httpsProxy | The HTTPS proxy server endpoint to use. | string Optional |
| noProxy | The endpoints that should not go through proxy. | string[] Optional |
| trustedCa | Alternative CA cert to use for connecting to proxy servers. | string Optional |
ManagedClusterHTTPProxyConfig_STATUS
Cluster HTTP proxy configuration.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| effectiveNoProxy | A read-only list of all endpoints for which traffic should not be sent to the proxy. This list is a superset of noProxy and values injected by AKS. | string[] Optional |
| enabled | Whether to enable HTTP proxy. When disabled, the specified proxy configuration will be not be set on pods and nodes. | bool Optional |
| httpProxy | The HTTP proxy server endpoint to use. | string Optional |
| httpsProxy | The HTTPS proxy server endpoint to use. | string Optional |
| noProxy | The endpoints that should not go through proxy. | string[] Optional |
| trustedCa | Alternative CA cert to use for connecting to proxy servers. | string Optional |
ManagedClusterIdentity
Identity for the managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| delegatedResources | The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. | map[string]DelegatedResource Optional |
| type | The type of identity used for the managed cluster. For more information see use managed identities in AKS. | ResourceIdentityType Optional |
| userAssignedIdentities | The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. | UserAssignedIdentityDetails[] Optional |
ManagedClusterIdentity_STATUS
Identity for the managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| delegatedResources | The delegated identity resources assigned to this managed cluster. This can only be set by another Azure Resource Provider, and managed cluster only accept one delegated identity resource. Internal use only. | map[string]DelegatedResource_STATUS Optional |
| principalId | The principal id of the system assigned identity which is used by master components. | string Optional |
| tenantId | The tenant id of the system assigned identity which is used by master components. | string Optional |
| type | The type of identity used for the managed cluster. For more information see use managed identities in AKS. | ResourceIdentityType_STATUS Optional |
| userAssignedIdentities | The user identity associated with the managed cluster. This identity will be used in control plane. Only one user assigned identity is allowed. The keys must be ARM resource IDs in the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}’. | map[string]ManagedServiceIdentityUserAssignedIdentitiesValue_STATUS Optional |
ManagedClusterIngressProfile
Ingress profile for the container service cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| applicationLoadBalancer | Settings for the managed Application Load Balancer installation | ManagedClusterIngressProfileApplicationLoadBalancer Optional |
| gatewayAPI | Settings for the managed Gateway API installation | ManagedClusterIngressProfileGatewayConfiguration Optional |
| webAppRouting | App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. | ManagedClusterIngressProfileWebAppRouting Optional |
ManagedClusterIngressProfile_STATUS
Ingress profile for the container service cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| applicationLoadBalancer | Settings for the managed Application Load Balancer installation | ManagedClusterIngressProfileApplicationLoadBalancer_STATUS Optional |
| gatewayAPI | Settings for the managed Gateway API installation | ManagedClusterIngressProfileGatewayConfiguration_STATUS Optional |
| webAppRouting | App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default. | ManagedClusterIngressProfileWebAppRouting_STATUS Optional |
ManagedClusterMetricsProfile
The metrics profile for the ManagedCluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| costAnalysis | The configuration for detailed per-Kubernetes resource cost analysis. | ManagedClusterCostAnalysis Optional |
ManagedClusterMetricsProfile_STATUS
The metrics profile for the ManagedCluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| costAnalysis | The configuration for detailed per-Kubernetes resource cost analysis. | ManagedClusterCostAnalysis_STATUS Optional |
ManagedClusterNodeProvisioningProfile
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| defaultNodePools | The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no effect unless mode is Auto. Warning: Changing this from Auto to None on an existing cluster will cause the default Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, the default is Auto. For more information see aka.ms/aks/nap#node-pools. |
ManagedClusterNodeProvisioningProfile_DefaultNodePools Optional |
| mode | The node provisioning mode. If not specified, the default is Manual. | NodeProvisioningMode Optional |
ManagedClusterNodeProvisioningProfile_STATUS
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| defaultNodePools | The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no effect unless mode is Auto. Warning: Changing this from Auto to None on an existing cluster will cause the default Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, the default is Auto. For more information see aka.ms/aks/nap#node-pools. |
ManagedClusterNodeProvisioningProfile_DefaultNodePools_STATUS Optional |
| mode | The node provisioning mode. If not specified, the default is Manual. | NodeProvisioningMode_STATUS Optional |
ManagedClusterNodeResourceGroupProfile
Node resource group lockdown profile for a managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| restrictionLevel | The restriction level applied to the cluster’s node resource group. If not specified, the default is Unrestricted |
RestrictionLevel Optional |
ManagedClusterNodeResourceGroupProfile_STATUS
Node resource group lockdown profile for a managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| restrictionLevel | The restriction level applied to the cluster’s node resource group. If not specified, the default is Unrestricted |
RestrictionLevel_STATUS Optional |
ManagedClusterOIDCIssuerProfile
The OIDC issuer profile of the Managed Cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| enabled | Whether the OIDC issuer is enabled. | bool Optional |
ManagedClusterOIDCIssuerProfile_STATUS
The OIDC issuer profile of the Managed Cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether the OIDC issuer is enabled. | bool Optional |
| issuerURL | The OIDC issuer url of the Managed Cluster. | string Optional |
ManagedClusterOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| configMaps | configures where to place operator written ConfigMaps. | ManagedClusterOperatorConfigMaps Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
| secrets | configures where to place Azure generated secrets. | ManagedClusterOperatorSecrets Optional |
ManagedClusterPodIdentityProfile
The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on pod identity integration.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| allowNetworkPluginKubenet | Whether pod identity is allowed to run on clusters with Kubenet networking. Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information. | bool Optional |
| enabled | Whether the pod identity addon is enabled. | bool Optional |
| userAssignedIdentities | The pod identities to use in the cluster. | ManagedClusterPodIdentity[] Optional |
| userAssignedIdentityExceptions | The pod identity exceptions to allow. | ManagedClusterPodIdentityException[] Optional |
ManagedClusterPodIdentityProfile_STATUS
The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on pod identity integration.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| allowNetworkPluginKubenet | Whether pod identity is allowed to run on clusters with Kubenet networking. Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information. | bool Optional |
| enabled | Whether the pod identity addon is enabled. | bool Optional |
| userAssignedIdentities | The pod identities to use in the cluster. | ManagedClusterPodIdentity_STATUS[] Optional |
| userAssignedIdentityExceptions | The pod identity exceptions to allow. | ManagedClusterPodIdentityException_STATUS[] Optional |
ManagedClusterPropertiesAutoScalerProfile
Parameters to be applied to the cluster-autoscaler when enabled
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| balance-similar-node-groups | Detects similar node pools and balances the number of nodes between them. Valid values are true and false |
string Optional |
| daemonset-eviction-for-empty-nodes | DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. | bool Optional |
| daemonset-eviction-for-occupied-nodes | DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. | bool Optional |
| expander | The expander to use when scaling up. If not specified, the default is random. See expanders for more information. |
Expander Optional |
| ignore-daemonsets-utilization | Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If set to true, the resources used by daemonset will be taken into account when making scaling down decisions. | bool Optional |
| max-empty-bulk-delete | The maximum number of empty nodes that can be deleted at the same time. This must be a positive integer. The default is 10. | string Optional |
| max-graceful-termination-sec | The maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. The default is 600. | string Optional |
| max-node-provision-time | The maximum time the autoscaler waits for a node to be provisioned. The default is 15m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| max-total-unready-percentage | The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. | string Optional |
| new-pod-scale-up-delay | Ignore unscheduled pods before they’re a certain age. For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is 0s. Values must be an integer followed by a unit (s for seconds, m for minutes, h for hours, etc). |
string Optional |
| ok-total-unready-count | The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an integer. The default is 3. | string Optional |
| scale-down-delay-after-add | How long after scale up that scale down evaluation resumes. The default is 10m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-delay-after-delete | How long after node deletion that scale down evaluation resumes. The default is the scan-interval. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-delay-after-failure | How long after scale down failure that scale down evaluation resumes. The default is 3m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-unneeded-time | How long a node should be unneeded before it is eligible for scale down. The default is 10m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-unready-time | How long an unready node should be unneeded before it is eligible for scale down. The default is 20m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-utilization-threshold | Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. The default is 0.5. |
string Optional |
| scan-interval | How often cluster is reevaluated for scale up or down. The default is 10. Values must be an integer number of seconds. |
string Optional |
| skip-nodes-with-local-storage | If cluster autoscaler will skip deleting nodes with pods with local storage, for example, EmptyDir or HostPath. The default is true. | string Optional |
| skip-nodes-with-system-pods | If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet or mirror pods). The default is true. | string Optional |
ManagedClusterPropertiesAutoScalerProfile_STATUS
Parameters to be applied to the cluster-autoscaler when enabled
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| balance-similar-node-groups | Detects similar node pools and balances the number of nodes between them. Valid values are true and false |
string Optional |
| daemonset-eviction-for-empty-nodes | DaemonSet pods will be gracefully terminated from empty nodes. If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. | bool Optional |
| daemonset-eviction-for-occupied-nodes | DaemonSet pods will be gracefully terminated from non-empty nodes. If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted. | bool Optional |
| expander | The expander to use when scaling up. If not specified, the default is random. See expanders for more information. |
Expander_STATUS Optional |
| ignore-daemonsets-utilization | Should CA ignore DaemonSet pods when calculating resource utilization for scaling down. If set to true, the resources used by daemonset will be taken into account when making scaling down decisions. | bool Optional |
| max-empty-bulk-delete | The maximum number of empty nodes that can be deleted at the same time. This must be a positive integer. The default is 10. | string Optional |
| max-graceful-termination-sec | The maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. The default is 600. | string Optional |
| max-node-provision-time | The maximum time the autoscaler waits for a node to be provisioned. The default is 15m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| max-total-unready-percentage | The maximum percentage of unready nodes in the cluster. After this percentage is exceeded, cluster autoscaler halts operations. The default is 45. The maximum is 100 and the minimum is 0. | string Optional |
| new-pod-scale-up-delay | Ignore unscheduled pods before they’re a certain age. For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is 0s. Values must be an integer followed by a unit (s for seconds, m for minutes, h for hours, etc). |
string Optional |
| ok-total-unready-count | The number of allowed unready nodes, irrespective of max-total-unready-percentage. This must be an integer. The default is 3. | string Optional |
| scale-down-delay-after-add | How long after scale up that scale down evaluation resumes. The default is 10m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-delay-after-delete | How long after node deletion that scale down evaluation resumes. The default is the scan-interval. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-delay-after-failure | How long after scale down failure that scale down evaluation resumes. The default is 3m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-unneeded-time | How long a node should be unneeded before it is eligible for scale down. The default is 10m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-unready-time | How long an unready node should be unneeded before it is eligible for scale down. The default is 20m. Values must be an integer followed by an m. No unit of time other than minutes (m) is supported. |
string Optional |
| scale-down-utilization-threshold | Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. The default is 0.5. |
string Optional |
| scan-interval | How often cluster is reevaluated for scale up or down. The default is 10. Values must be an integer number of seconds. |
string Optional |
| skip-nodes-with-local-storage | If cluster autoscaler will skip deleting nodes with pods with local storage, for example, EmptyDir or HostPath. The default is true. | string Optional |
| skip-nodes-with-system-pods | If cluster autoscaler will skip deleting nodes with pods from kube-system (except for DaemonSet or mirror pods). The default is true. | string Optional |
ManagedClustersAgentPoolOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
ManagedClusterSecurityProfile
Security profile for the container service cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| azureKeyVaultKms | Azure Key Vault key management service settings for the security profile. | AzureKeyVaultKms Optional |
| customCATrustCertificates | A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in the cluster. For more information see Custom CA Trust Certificates. | string[] Optional |
| defender | Microsoft Defender settings for the security profile. | ManagedClusterSecurityProfileDefender Optional |
| imageCleaner | Image Cleaner settings for the security profile. | ManagedClusterSecurityProfileImageCleaner Optional |
| imageIntegrity | Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This will not have any effect unless Azure Policy is applied to enforce image signatures. See https://aka.ms/aks/image-integrity for how to use this feature via policy. | ManagedClusterSecurityProfileImageIntegrity Optional |
| kubernetesResourceObjectEncryptionProfile | Encryption at rest of Kubernetes resource objects. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption | KubernetesResourceObjectEncryptionProfile Optional |
| nodeRestriction | Node Restriction settings for the security profile. | ManagedClusterSecurityProfileNodeRestriction Optional |
| workloadIdentity | Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. | ManagedClusterSecurityProfileWorkloadIdentity Optional |
ManagedClusterSecurityProfile_STATUS
Security profile for the container service cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| azureKeyVaultKms | Azure Key Vault key management service settings for the security profile. | AzureKeyVaultKms_STATUS Optional |
| customCATrustCertificates | A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in the cluster. For more information see Custom CA Trust Certificates. | string[] Optional |
| defender | Microsoft Defender settings for the security profile. | ManagedClusterSecurityProfileDefender_STATUS Optional |
| imageCleaner | Image Cleaner settings for the security profile. | ManagedClusterSecurityProfileImageCleaner_STATUS Optional |
| imageIntegrity | Image integrity is a feature that works with Azure Policy to verify image integrity by signature. This will not have any effect unless Azure Policy is applied to enforce image signatures. See https://aka.ms/aks/image-integrity for how to use this feature via policy. | ManagedClusterSecurityProfileImageIntegrity_STATUS Optional |
| kubernetesResourceObjectEncryptionProfile | Encryption at rest of Kubernetes resource objects. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption | KubernetesResourceObjectEncryptionProfile_STATUS Optional |
| nodeRestriction | Node Restriction settings for the security profile. | ManagedClusterSecurityProfileNodeRestriction_STATUS Optional |
| workloadIdentity | Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details. | ManagedClusterSecurityProfileWorkloadIdentity_STATUS Optional |
ManagedClusterServicePrincipalProfile
Information about a service principal identity for the cluster to use for manipulating Azure APIs.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| clientId | The ID for the service principal. | string Required |
| secret | The secret password associated with the service principal in plain text. | genruntime.SecretReference Optional |
ManagedClusterServicePrincipalProfile_STATUS
Information about a service principal identity for the cluster to use for manipulating Azure APIs.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| clientId | The ID for the service principal. | string Optional |
ManagedClusterSKU
The SKU of a Managed Cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| name | The name of a managed cluster SKU. | ManagedClusterSKUName Optional |
| tier | The tier of a managed cluster SKU. If not specified, the default is Free. See AKS Pricing Tier for more details. |
ManagedClusterSKUTier Optional |
ManagedClusterSKU_STATUS
The SKU of a Managed Cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| name | The name of a managed cluster SKU. | ManagedClusterSKUName_STATUS Optional |
| tier | The tier of a managed cluster SKU. If not specified, the default is Free. See AKS Pricing Tier for more details. |
ManagedClusterSKUTier_STATUS Optional |
ManagedClusterStatus_STATUS
Contains read-only information about the Managed Cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| provisioningError | The error details information of the managed cluster. Preserves the detailed info of failure. If there was no error, this field is omitted. | ErrorDetail_STATUS Optional |
ManagedClusterStorageProfile
Storage profile for the container service cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| blobCSIDriver | AzureBlob CSI Driver settings for the storage profile. | ManagedClusterStorageProfileBlobCSIDriver Optional |
| diskCSIDriver | AzureDisk CSI Driver settings for the storage profile. | ManagedClusterStorageProfileDiskCSIDriver Optional |
| fileCSIDriver | AzureFile CSI Driver settings for the storage profile. | ManagedClusterStorageProfileFileCSIDriver Optional |
| snapshotController | Snapshot Controller settings for the storage profile. | ManagedClusterStorageProfileSnapshotController Optional |
ManagedClusterStorageProfile_STATUS
Storage profile for the container service cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| blobCSIDriver | AzureBlob CSI Driver settings for the storage profile. | ManagedClusterStorageProfileBlobCSIDriver_STATUS Optional |
| diskCSIDriver | AzureDisk CSI Driver settings for the storage profile. | ManagedClusterStorageProfileDiskCSIDriver_STATUS Optional |
| fileCSIDriver | AzureFile CSI Driver settings for the storage profile. | ManagedClusterStorageProfileFileCSIDriver_STATUS Optional |
| snapshotController | Snapshot Controller settings for the storage profile. | ManagedClusterStorageProfileSnapshotController_STATUS Optional |
ManagedClusterWindowsProfile
Profile for Windows VMs in the managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| adminPassword | Specifies the password of the administrator account. Minimum-length: 8 characters Max-length: 123 characters Complexity requirements: 3 out of 4 conditions below need to be fulfilled Has lower characters Has upper characters Has a digit Has a special character (Regex match [\W_]) Disallowed values: “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!” | genruntime.SecretReference Optional |
| adminUsername | Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters | string Required |
| enableCSIProxy | Whether to enable CSI proxy. For more details on CSI proxy, see the CSI proxy GitHub repo. | bool Optional |
| gmsaProfile | The Windows gMSA Profile in the Managed Cluster. | WindowsGmsaProfile Optional |
| licenseType | The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details. | LicenseType Optional |
ManagedClusterWindowsProfile_STATUS
Profile for Windows VMs in the managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| adminUsername | Specifies the name of the administrator account. Restriction: Cannot end in “.” Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”. Minimum-length: 1 character Max-length: 20 characters | string Optional |
| enableCSIProxy | Whether to enable CSI proxy. For more details on CSI proxy, see the CSI proxy GitHub repo. | bool Optional |
| gmsaProfile | The Windows gMSA Profile in the Managed Cluster. | WindowsGmsaProfile_STATUS Optional |
| licenseType | The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details. | LicenseType_STATUS Optional |
ManagedClusterWorkloadAutoScalerProfile
Workload Auto-scaler profile for the managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| keda | KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. | ManagedClusterWorkloadAutoScalerProfileKeda Optional |
| verticalPodAutoscaler | VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. | ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler Optional |
ManagedClusterWorkloadAutoScalerProfile_STATUS
Workload Auto-scaler profile for the managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| keda | KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile. | ManagedClusterWorkloadAutoScalerProfileKeda_STATUS Optional |
| verticalPodAutoscaler | VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile. | ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS Optional |
NodeCustomizationProfile
Settings to determine the node customization used to provision nodes in a pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| nodeCustomizationReference | The resource ID of the node customization resource to use. This can be a version. Omitting the version will use the latest version of the node customization. | genruntime.ResourceReference Optional |
NodeCustomizationProfile_STATUS
Settings to determine the node customization used to provision nodes in a pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| nodeCustomizationId | The resource ID of the node customization resource to use. This can be a version. Omitting the version will use the latest version of the node customization. | string Optional |
OSDiskType
The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Ephemeral” | |
| “Managed” |
OSDiskType_STATUS
The OS disk type to be used for machines in the agent pool. The default is Ephemeral if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to Managed. May not be changed after creation. For more information see Ephemeral OS.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Ephemeral” | |
| “Managed” |
OSSKU
Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “AzureLinux” | |
| “AzureLinux3” | |
| “CBLMariner” | |
| “Flatcar” | |
| “Mariner” | |
| “Ubuntu” | |
| “Ubuntu2204” | |
| “Ubuntu2404” | |
| “Windows2019” | |
| “Windows2022” | |
| “Windows2025” | |
| “WindowsAnnual” |
OSSKU_STATUS
Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “AzureLinux” | |
| “AzureLinux3” | |
| “CBLMariner” | |
| “Flatcar” | |
| “Mariner” | |
| “Ubuntu” | |
| “Ubuntu2204” | |
| “Ubuntu2404” | |
| “Windows2019” | |
| “Windows2022” | |
| “Windows2025” | |
| “WindowsAnnual” |
PodIPAllocationMode
Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “DynamicIndividual” | |
| “StaticBlock” |
PodIPAllocationMode_STATUS
Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is DynamicIndividual.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “DynamicIndividual” | |
| “StaticBlock” |
PowerState
Describes the Power State of the cluster
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| code | Tells whether the cluster is Running or Stopped | Code Optional |
PowerState_STATUS
Describes the Power State of the cluster
Used by: ManagedCluster_STATUS, ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| code | Tells whether the cluster is Running or Stopped | Code_STATUS Optional |
PrivateLinkResource
A private link resource
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| groupId | The group ID of the resource. | string Optional |
| name | The name of the private link resource. | string Optional |
| reference | The ID of the private link resource. | genruntime.ResourceReference Optional |
| requiredMembers | The RequiredMembers of the resource | string[] Optional |
| type | The resource type. | string Optional |
PrivateLinkResource_STATUS
A private link resource
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| groupId | The group ID of the resource. | string Optional |
| id | The ID of the private link resource. | string Optional |
| name | The name of the private link resource. | string Optional |
| privateLinkServiceID | The private link service ID of the resource, this field is exposed only to NRP internally. | string Optional |
| requiredMembers | The RequiredMembers of the resource | string[] Optional |
| type | The resource type. | string Optional |
PublicNetworkAccess
PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS
Used by: ManagedCluster_Spec.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” | |
| “SecuredByPerimeter” |
PublicNetworkAccess_STATUS
PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS
Used by: ManagedCluster_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” | |
| “SecuredByPerimeter” |
ScaleDownMode
Describes how VMs are added to or removed from Agent Pools. See billing states.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
ScaleDownMode_STATUS
Describes how VMs are added to or removed from Agent Pools. See billing states.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
SchedulerProfile
The pod scheduler profile for the cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| schedulerInstanceProfiles | Mapping of each scheduler instance to its profile. | SchedulerProfileSchedulerInstanceProfiles Optional |
SchedulerProfile_STATUS
The pod scheduler profile for the cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| schedulerInstanceProfiles | Mapping of each scheduler instance to its profile. | SchedulerProfileSchedulerInstanceProfiles_STATUS Optional |
ServiceMeshProfile
Service mesh profile for a managed cluster.
Used by: ManagedCluster_Spec.
| Property | Description | Type |
|---|---|---|
| istio | Istio service mesh configuration. | IstioServiceMesh Optional |
| mode | Mode of the service mesh. | ServiceMeshMode Required |
ServiceMeshProfile_STATUS
Service mesh profile for a managed cluster.
Used by: ManagedCluster_STATUS.
| Property | Description | Type |
|---|---|---|
| istio | Istio service mesh configuration. | IstioServiceMesh_STATUS Optional |
| mode | Mode of the service mesh. | ServiceMeshMode_STATUS Optional |
SystemData_STATUS
Metadata pertaining to creation and last modification of the resource.
Used by: MaintenanceConfiguration_STATUS, ManagedCluster_STATUS, ManagedClustersAgentPool_STATUS, and TrustedAccessRoleBinding_STATUS.
| Property | Description | Type |
|---|---|---|
| createdAt | The timestamp of resource creation (UTC). | string Optional |
| createdBy | The identity that created the resource. | string Optional |
| createdByType | The type of identity that created the resource. | SystemData_CreatedByType_STATUS Optional |
| lastModifiedAt | The timestamp of resource last modification (UTC) | string Optional |
| lastModifiedBy | The identity that last modified the resource. | string Optional |
| lastModifiedByType | The type of identity that last modified the resource. | SystemData_LastModifiedByType_STATUS Optional |
TimeInWeek
Time in a week.
Used by: MaintenanceConfiguration_Spec.
| Property | Description | Type |
|---|---|---|
| day | The day of the week. | WeekDay Optional |
| hourSlots | A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range. | HourInDay[] Optional |
TimeInWeek_STATUS
Time in a week.
Used by: MaintenanceConfiguration_STATUS.
| Property | Description | Type |
|---|---|---|
| day | The day of the week. | WeekDay_STATUS Optional |
| hourSlots | A list of hours in the day used to identify a time range. Each integer hour represents a time range beginning at 0m after the hour ending at the next hour (non-inclusive). 0 corresponds to 00:00 UTC, 23 corresponds to 23:00 UTC. Specifying [0, 1] means the 00:00 - 02:00 UTC time range. | int[] Optional |
TimeSpan
A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.
Used by: MaintenanceConfiguration_Spec.
| Property | Description | Type |
|---|---|---|
| end | The end of a time span | string Optional |
| start | The start of a time span | string Optional |
TimeSpan_STATUS
A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.
Used by: MaintenanceConfiguration_STATUS.
| Property | Description | Type |
|---|---|---|
| end | The end of a time span | string Optional |
| start | The start of a time span | string Optional |
TrustedAccessRoleBindingOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: TrustedAccessRoleBinding_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
TrustedAccessRoleBindingProvisioningState_STATUS
The current provisioning state of trusted access role binding.
Used by: TrustedAccessRoleBinding_STATUS.
| Value | Description |
|---|---|
| “Canceled” | |
| “Deleting” | |
| “Failed” | |
| “Succeeded” | |
| “Updating” |
UpgradeStrategy
Defines the upgrade strategy for the agent pool. The default is Rolling.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “BlueGreen” | |
| “Rolling” |
UpgradeStrategy_STATUS
Defines the upgrade strategy for the agent pool. The default is Rolling.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “BlueGreen” | |
| “Rolling” |
UserAssignedIdentity
Details about a user assigned identity.
Used by: ManagedCluster_Spec, ManagedClusterPodIdentity, and ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem.
| Property | Description | Type |
|---|---|---|
| clientId | The client ID of the user assigned identity. | string Optional |
| clientIdFromConfig | The client ID of the user assigned identity. | genruntime.ConfigMapReference Optional |
| objectId | The object ID of the user assigned identity. | string Optional |
| objectIdFromConfig | The object ID of the user assigned identity. | genruntime.ConfigMapReference Optional |
| resourceReference | The resource ID of the user assigned identity. | genruntime.ResourceReference Optional |
UserAssignedIdentity_STATUS
Details about a user assigned identity.
Used by: ManagedCluster_STATUS, ManagedClusterAddonProfile_STATUS, ManagedClusterIngressProfileApplicationLoadBalancer_STATUS, ManagedClusterIngressProfileWebAppRouting_STATUS, ManagedClusterPodIdentity_STATUS, and ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem_STATUS.
| Property | Description | Type |
|---|---|---|
| clientId | The client ID of the user assigned identity. | string Optional |
| objectId | The object ID of the user assigned identity. | string Optional |
| resourceId | The resource ID of the user assigned identity. | string Optional |
VirtualMachineNodes
Current status on a group of nodes of the same vm size.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| count | Number of nodes. | int Optional |
| size | The VM size of the agents used to host this group of nodes. | string Optional |
VirtualMachineNodes_STATUS
Current status on a group of nodes of the same vm size.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| count | Number of nodes. | int Optional |
| size | The VM size of the agents used to host this group of nodes. | string Optional |
VirtualMachinesProfile
Specifications on VirtualMachines agent pool.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Property | Description | Type |
|---|---|---|
| scale | Specifications on how to scale a VirtualMachines agent pool. | ScaleProfile Optional |
VirtualMachinesProfile_STATUS
Specifications on VirtualMachines agent pool.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Property | Description | Type |
|---|---|---|
| scale | Specifications on how to scale a VirtualMachines agent pool. | ScaleProfile_STATUS Optional |
WorkloadRuntime
Determines the type of workload a node can run.
Used by: ManagedClusterAgentPoolProfile, and ManagedClustersAgentPool_Spec.
| Value | Description |
|---|---|
| “KataMshvVmIsolation” | |
| “KataVmIsolation” | |
| “OCIContainer” | |
| “WasmWasi” |
WorkloadRuntime_STATUS
Determines the type of workload a node can run.
Used by: ManagedClusterAgentPoolProfile_STATUS, and ManagedClustersAgentPool_STATUS.
| Value | Description |
|---|---|
| “KataMshvVmIsolation” | |
| “KataVmIsolation” | |
| “OCIContainer” | |
| “WasmWasi” |
AdvancedNetworking
Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.
Used by: ContainerServiceNetworkProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false. | bool Optional |
| observability | Observability profile to enable advanced network metrics and flow logs with historical contexts. | AdvancedNetworkingObservability Optional |
| performance | Profile to enable performance-enhancing features on clusters that use Azure CNI powered by Cilium. | AdvancedNetworkingPerformance Optional |
| security | Security profile to enable security features on cilium based cluster. | AdvancedNetworkingSecurity Optional |
AdvancedNetworking_STATUS
Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.
Used by: ContainerServiceNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false. | bool Optional |
| observability | Observability profile to enable advanced network metrics and flow logs with historical contexts. | AdvancedNetworkingObservability_STATUS Optional |
| performance | Profile to enable performance-enhancing features on clusters that use Azure CNI powered by Cilium. | AdvancedNetworkingPerformance_STATUS Optional |
| security | Security profile to enable security features on cilium based cluster. | AdvancedNetworkingSecurity_STATUS Optional |
AgentPoolSSHAccess
SSH access method of an agent pool.
Used by: AgentPoolSecurityProfile.
| Value | Description |
|---|---|
| “Disabled” | |
| “EntraId” | |
| “LocalUser” |
AgentPoolSSHAccess_STATUS
SSH access method of an agent pool.
Used by: AgentPoolSecurityProfile_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “EntraId” | |
| “LocalUser” |
AzureKeyVaultKms
Azure Key Vault key management service settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Azure Key Vault key management service. The default is false. | bool Optional |
| keyId | Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty. | string Optional |
| keyVaultNetworkAccess | Network access of the key vault. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. |
AzureKeyVaultKms_KeyVaultNetworkAccess Optional |
| keyVaultResourceReference | Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty. |
genruntime.ResourceReference Optional |
AzureKeyVaultKms_STATUS
Azure Key Vault key management service settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Azure Key Vault key management service. The default is false. | bool Optional |
| keyId | Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty. | string Optional |
| keyVaultNetworkAccess | Network access of the key vault. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. |
AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS Optional |
| keyVaultResourceId | Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty. |
string Optional |
Code
Tells whether the cluster is Running or Stopped
Used by: PowerState.
| Value | Description |
|---|---|
| “Running” | |
| “Stopped” |
Code_STATUS
Tells whether the cluster is Running or Stopped
Used by: PowerState_STATUS.
| Value | Description |
|---|---|
| “Running” | |
| “Stopped” |
ContainerServiceNetworkProfile_OutboundType
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “loadBalancer” | |
| “managedNATGateway” | |
| “none” | |
| “userAssignedNATGateway” | |
| “userDefinedRouting” |
ContainerServiceNetworkProfile_OutboundType_STATUS
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “loadBalancer” | |
| “managedNATGateway” | |
| “none” | |
| “userAssignedNATGateway” | |
| “userDefinedRouting” |
ContainerServiceNetworkProfileKubeProxyConfig
Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v
Used by: ContainerServiceNetworkProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable on kube-proxy on the cluster (if no kubeProxyConfig exists, kube-proxy is enabled in AKS by default without these customizations). |
bool Optional |
| ipvsConfig | Holds configuration customizations for IPVS. May only be specified if mode is set to IPVS. |
ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig Optional |
| mode | Specify which proxy mode to use (IPTABLES, IPVS or NFTABLES) |
Mode Optional |
ContainerServiceNetworkProfileKubeProxyConfig_STATUS
Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v
Used by: ContainerServiceNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable on kube-proxy on the cluster (if no kubeProxyConfig exists, kube-proxy is enabled in AKS by default without these customizations). |
bool Optional |
| ipvsConfig | Holds configuration customizations for IPVS. May only be specified if mode is set to IPVS. |
ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig_STATUS Optional |
| mode | Specify which proxy mode to use (IPTABLES, IPVS or NFTABLES) |
Mode_STATUS Optional |
ContainerServiceSshConfiguration
SSH configuration for Linux-based VMs running on Azure.
Used by: ContainerServiceLinuxProfile.
| Property | Description | Type |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified. | ContainerServiceSshPublicKey[] Required |
ContainerServiceSshConfiguration_STATUS
SSH configuration for Linux-based VMs running on Azure.
Used by: ContainerServiceLinuxProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| publicKeys | The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified. | ContainerServiceSshPublicKey_STATUS[] Optional |
DateSpan
A date range. For example, between ‘2022-12-23’ and ‘2023-01-05’.
Used by: MaintenanceWindow.
| Property | Description | Type |
|---|---|---|
| end | The end date of the date span. | string Required |
| start | The start date of the date span. | string Required |
DateSpan_STATUS
A date range. For example, between ‘2022-12-23’ and ‘2023-01-05’.
Used by: MaintenanceWindow_STATUS.
| Property | Description | Type |
|---|---|---|
| end | The end date of the date span. | string Optional |
| start | The start date of the date span. | string Optional |
DelegatedResource
Delegated resource properties - internal use only.
Used by: ManagedClusterIdentity.
| Property | Description | Type |
|---|---|---|
| location | The source resource location - internal use only. | string Optional |
| referralResource | The delegation id of the referral delegation (optional) - internal use only. | string Optional |
| resourceReference | The ARM resource id of the delegated resource - internal use only. | genruntime.ResourceReference Optional |
| tenantId | The tenant id of the delegated resource - internal use only. | string Optional |
DelegatedResource_STATUS
Delegated resource properties - internal use only.
Used by: ManagedClusterIdentity_STATUS.
| Property | Description | Type |
|---|---|---|
| location | The source resource location - internal use only. | string Optional |
| referralResource | The delegation id of the referral delegation (optional) - internal use only. | string Optional |
| resourceId | The ARM resource id of the delegated resource - internal use only. | string Optional |
| tenantId | The tenant id of the delegated resource - internal use only. | string Optional |
DriverType
Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.
Used by: GPUProfile.
| Value | Description |
|---|---|
| “CUDA” | |
| “GRID” |
DriverType_STATUS
Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.
Used by: GPUProfile_STATUS.
| Value | Description |
|---|---|
| “CUDA” | |
| “GRID” |
ErrorDetail_STATUS
The error detail.
Used by: AgentPoolStatus_STATUS, and ManagedClusterStatus_STATUS.
| Property | Description | Type |
|---|---|---|
| additionalInfo | The error additional info. | ErrorAdditionalInfo_STATUS[] Optional |
| code | The error code. | string Optional |
| details | The error details. | ErrorDetail_STATUS_Unrolled[] Optional |
| message | The error message. | string Optional |
| target | The error target. | string Optional |
Expander
The expander to use when scaling up. If not specified, the default is random. See expanders for more information.
Used by: ManagedClusterPropertiesAutoScalerProfile.
| Value | Description |
|---|---|
| “least-waste” | |
| “most-pods” | |
| “priority” | |
| “random” |
Expander_STATUS
The expander to use when scaling up. If not specified, the default is random. See expanders for more information.
Used by: ManagedClusterPropertiesAutoScalerProfile_STATUS.
| Value | Description |
|---|---|
| “least-waste” | |
| “most-pods” | |
| “priority” | |
| “random” |
ExtendedLocationTypes
The type of extendedLocation.
Used by: ExtendedLocation.
| Value | Description |
|---|---|
| “EdgeZone” |
ExtendedLocationTypes_STATUS
The type of extendedLocation.
Used by: ExtendedLocation_STATUS.
| Value | Description |
|---|---|
| “EdgeZone” |
GPUDriver
Whether to install GPU drivers. When it’s not specified, default is Install.
Used by: GPUProfile.
| Value | Description |
|---|---|
| “Install” | |
| “None” |
GPUDriver_STATUS
Whether to install GPU drivers. When it’s not specified, default is Install.
Used by: GPUProfile_STATUS.
| Value | Description |
|---|---|
| “Install” | |
| “None” |
HourInDay
Used by: TimeInWeek.
IPFamily
To determine if address belongs IPv4 or IPv6 family
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “IPv4” | |
| “IPv6” |
IPFamily_STATUS
To determine if address belongs IPv4 or IPv6 family
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “IPv4” | |
| “IPv6” |
IPTag
Contains the IPTag associated with the object.
Used by: AgentPoolNetworkProfile.
| Property | Description | Type |
|---|---|---|
| ipTagType | The IP tag type. Example: RoutingPreference. | string Optional |
| tag | The value of the IP tag associated with the public IP. Example: Internet. | string Optional |
IPTag_STATUS
Contains the IPTag associated with the object.
Used by: AgentPoolNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| ipTagType | The IP tag type. Example: RoutingPreference. | string Optional |
| tag | The value of the IP tag associated with the public IP. Example: Internet. | string Optional |
IstioServiceMesh
Istio service mesh configuration.
Used by: ServiceMeshProfile.
| Property | Description | Type |
|---|---|---|
| certificateAuthority | Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca | IstioCertificateAuthority Optional |
| components | Istio components configuration. | IstioComponents Optional |
| revisions | The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade | string[] Optional |
IstioServiceMesh_STATUS
Istio service mesh configuration.
Used by: ServiceMeshProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| certificateAuthority | Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca | IstioCertificateAuthority_STATUS Optional |
| components | Istio components configuration. | IstioComponents_STATUS Optional |
| revisions | The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade | string[] Optional |
KubernetesResourceObjectEncryptionProfile
Encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| infrastructureEncryption | Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. | KubernetesResourceObjectEncryptionProfile_InfrastructureEncryption Optional |
KubernetesResourceObjectEncryptionProfile_STATUS
Encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| infrastructureEncryption | Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption. | KubernetesResourceObjectEncryptionProfile_InfrastructureEncryption_STATUS Optional |
LicenseType
The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
Used by: ManagedClusterWindowsProfile.
| Value | Description |
|---|---|
| “None” | |
| “Windows_Server” |
LicenseType_STATUS
The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
Used by: ManagedClusterWindowsProfile_STATUS.
| Value | Description |
|---|---|
| “None” | |
| “Windows_Server” |
LoadBalancerSku
The load balancer sku for the managed cluster. The default is standard. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “basic” | |
| “standard” |
LoadBalancerSku_STATUS
The load balancer sku for the managed cluster. The default is standard. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “basic” | |
| “standard” |
LocalDNSOverride
Overrides for localDNS profile.
Used by: LocalDNSProfile, and LocalDNSProfile.
| Property | Description | Type |
|---|---|---|
| cacheDurationInSeconds | Cache max TTL in seconds. See cache plugin for more information. | int Optional |
| forwardDestination | Destination server for DNS queries to be forwarded from localDNS. | LocalDNSOverride_ForwardDestination Optional |
| forwardPolicy | Forward policy for selecting upstream DNS server. See forward plugin for more information. | LocalDNSOverride_ForwardPolicy Optional |
| maxConcurrent | Maximum number of concurrent queries. See forward plugin for more information. | int Optional |
| protocol | Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server. | LocalDNSOverride_Protocol Optional |
| queryLogging | Log level for DNS queries in localDNS. | LocalDNSOverride_QueryLogging Optional |
| serveStale | Policy for serving stale data. See cache plugin for more information. | LocalDNSOverride_ServeStale Optional |
| serveStaleDurationInSeconds | Serve stale duration in seconds. See cache plugin for more information. | int Optional |
LocalDNSOverride_STATUS
Overrides for localDNS profile.
Used by: LocalDNSProfile_STATUS, and LocalDNSProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| cacheDurationInSeconds | Cache max TTL in seconds. See cache plugin for more information. | int Optional |
| forwardDestination | Destination server for DNS queries to be forwarded from localDNS. | LocalDNSOverride_ForwardDestination_STATUS Optional |
| forwardPolicy | Forward policy for selecting upstream DNS server. See forward plugin for more information. | LocalDNSOverride_ForwardPolicy_STATUS Optional |
| maxConcurrent | Maximum number of concurrent queries. See forward plugin for more information. | int Optional |
| protocol | Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server. | LocalDNSOverride_Protocol_STATUS Optional |
| queryLogging | Log level for DNS queries in localDNS. | LocalDNSOverride_QueryLogging_STATUS Optional |
| serveStale | Policy for serving stale data. See cache plugin for more information. | LocalDNSOverride_ServeStale_STATUS Optional |
| serveStaleDurationInSeconds | Serve stale duration in seconds. See cache plugin for more information. | int Optional |
LocalDNSProfile_Mode
Used by: LocalDNSProfile.
| Value | Description |
|---|---|
| “Disabled” | |
| “Preferred” | |
| “Required” |
LocalDNSProfile_Mode_STATUS
Used by: LocalDNSProfile_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Preferred” | |
| “Required” |
LocalDNSState_STATUS
System-generated state of localDNS.
Used by: LocalDNSProfile_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ManagedClusterAgentPoolProfile_OsType
Used by: ManagedClusterAgentPoolProfile.
| Value | Description |
|---|---|
| “Linux” | |
| “Windows” |
ManagedClusterAgentPoolProfile_OsType_STATUS
Used by: ManagedClusterAgentPoolProfile_STATUS.
| Value | Description |
|---|---|
| “Linux” | |
| “Windows” |
ManagedClusterAgentPoolProfile_ScaleSetEvictionPolicy
Used by: ManagedClusterAgentPoolProfile.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
ManagedClusterAgentPoolProfile_ScaleSetEvictionPolicy_STATUS
Used by: ManagedClusterAgentPoolProfile_STATUS.
| Value | Description |
|---|---|
| “Deallocate” | |
| “Delete” |
ManagedClusterAgentPoolProfile_ScaleSetPriority
Used by: ManagedClusterAgentPoolProfile.
| Value | Description |
|---|---|
| “Regular” | |
| “Spot” |
ManagedClusterAgentPoolProfile_ScaleSetPriority_STATUS
Used by: ManagedClusterAgentPoolProfile_STATUS.
| Value | Description |
|---|---|
| “Regular” | |
| “Spot” |
ManagedClusterAzureMonitorProfileAppMonitoring
Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfile.
| Property | Description | Type |
|---|---|---|
| autoInstrumentation | Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation Optional |
| openTelemetryLogs | Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs Optional |
| openTelemetryMetrics | Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics Optional |
ManagedClusterAzureMonitorProfileAppMonitoring_STATUS
Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| autoInstrumentation | Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS Optional |
| openTelemetryLogs | Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS Optional |
| openTelemetryMetrics | Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview. | ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS Optional |
ManagedClusterAzureMonitorProfileContainerInsights
Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview.
Used by: ManagedClusterAzureMonitorProfile.
| Property | Description | Type |
|---|---|---|
| disableCustomMetrics | Indicates whether custom metrics collection has to be disabled or not. If not specified the default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is false | bool Optional |
| disablePrometheusMetricsScraping | Indicates whether prometheus metrics scraping is disabled or not. If not specified the default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field is false | bool Optional |
| enabled | Indicates if Azure Monitor Container Insights Logs Addon is enabled or not. | bool Optional |
| logAnalyticsWorkspaceResourceReference | Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure Monitor Container Insights Logs. | genruntime.ResourceReference Optional |
| syslogPort | The syslog host port. If not specified, the default port is 28330. | int Optional |
ManagedClusterAzureMonitorProfileContainerInsights_STATUS
Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview.
Used by: ManagedClusterAzureMonitorProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| disableCustomMetrics | Indicates whether custom metrics collection has to be disabled or not. If not specified the default is false. No custom metrics will be emitted if this field is false but the container insights enabled field is false | bool Optional |
| disablePrometheusMetricsScraping | Indicates whether prometheus metrics scraping is disabled or not. If not specified the default is false. No prometheus metrics will be emitted if this field is false but the container insights enabled field is false | bool Optional |
| enabled | Indicates if Azure Monitor Container Insights Logs Addon is enabled or not. | bool Optional |
| logAnalyticsWorkspaceResourceId | Fully Qualified ARM Resource Id of Azure Log Analytics Workspace for storing Azure Monitor Container Insights Logs. | string Optional |
| syslogPort | The syslog host port. If not specified, the default port is 28330. | int Optional |
ManagedClusterAzureMonitorProfileMetrics
Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.
Used by: ManagedClusterAzureMonitorProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. | bool Required |
| kubeStateMetrics | Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. | ManagedClusterAzureMonitorProfileKubeStateMetrics Optional |
ManagedClusterAzureMonitorProfileMetrics_STATUS
Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.
Used by: ManagedClusterAzureMonitorProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling. | bool Optional |
| kubeStateMetrics | Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details. | ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS Optional |
ManagedClusterBootstrapProfile_ArtifactSource
Used by: ManagedClusterBootstrapProfile.
| Value | Description |
|---|---|
| “Cache” | |
| “Direct” |
ManagedClusterBootstrapProfile_ArtifactSource_STATUS
Used by: ManagedClusterBootstrapProfile_STATUS.
| Value | Description |
|---|---|
| “Cache” | |
| “Direct” |
ManagedClusterCostAnalysis
The cost analysis configuration for the cluster
Used by: ManagedClusterMetricsProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable cost analysis. The Managed Cluster sku.tier must be set to Standard or Premium to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. |
bool Optional |
ManagedClusterCostAnalysis_STATUS
The cost analysis configuration for the cluster
Used by: ManagedClusterMetricsProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable cost analysis. The Managed Cluster sku.tier must be set to Standard or Premium to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis. |
bool Optional |
ManagedClusterIngressProfileApplicationLoadBalancer
Application Load Balancer settings for the ingress profile.
Used by: ManagedClusterIngressProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Application Load Balancer. | bool Optional |
ManagedClusterIngressProfileApplicationLoadBalancer_STATUS
Application Load Balancer settings for the ingress profile.
Used by: ManagedClusterIngressProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Application Load Balancer. | bool Optional |
| identity | Managed identity of the Application Load Balancer add-on. This is the identity that should be granted permissions to manage the associated Application Gateway for Containers resource. | UserAssignedIdentity_STATUS Optional |
ManagedClusterIngressProfileGatewayConfiguration
Used by: ManagedClusterIngressProfile.
| Property | Description | Type |
|---|---|---|
| installation | Configuration for the managed Gateway API installation. If not specified, the default is Disabled. See https://aka.ms/k8s-gateway-api for more details. |
ManagedGatewayType Optional |
ManagedClusterIngressProfileGatewayConfiguration_STATUS
Used by: ManagedClusterIngressProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| installation | Configuration for the managed Gateway API installation. If not specified, the default is Disabled. See https://aka.ms/k8s-gateway-api for more details. |
ManagedGatewayType_STATUS Optional |
ManagedClusterIngressProfileWebAppRouting
Application Routing add-on settings for the ingress profile.
Used by: ManagedClusterIngressProfile.
| Property | Description | Type |
|---|---|---|
| defaultDomain | Configuration for the Default Domain. This is a unique, autogenerated domain that comes with a signed TLS Certificate allowing for secure HTTPS. See the Default Domain documentation for more instructions. | ManagedClusterIngressDefaultDomainProfile Optional |
| dnsZoneResourceReferences | Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. | genruntime.ResourceReference[] Optional |
| enabled | Whether to enable the Application Routing add-on. | bool Optional |
| nginx | Configuration for the default NginxIngressController. See more at https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. | ManagedClusterIngressProfileNginx Optional |
ManagedClusterIngressProfileWebAppRouting_STATUS
Application Routing add-on settings for the ingress profile.
Used by: ManagedClusterIngressProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| defaultDomain | Configuration for the Default Domain. This is a unique, autogenerated domain that comes with a signed TLS Certificate allowing for secure HTTPS. See the Default Domain documentation for more instructions. | ManagedClusterIngressDefaultDomainProfile_STATUS Optional |
| dnsZoneResourceIds | Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group. | string[] Optional |
| enabled | Whether to enable the Application Routing add-on. | bool Optional |
| identity | Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See this overview of the add-on for more instructions. | UserAssignedIdentity_STATUS Optional |
| nginx | Configuration for the default NginxIngressController. See more at https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller. | ManagedClusterIngressProfileNginx_STATUS Optional |
ManagedClusterLoadBalancerProfile
Profile of the managed cluster load balancer.
Used by: ContainerServiceNetworkProfile.
| Property | Description | Type |
|---|---|---|
| allocatedOutboundPorts | The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. | int Optional |
| backendPoolType | The type of the managed inbound Load Balancer BackendPool. | ManagedClusterLoadBalancerProfile_BackendPoolType Optional |
| clusterServiceLoadBalancerHealthProbeMode | The health probing behavior for External Traffic Policy Cluster services. | ManagedClusterLoadBalancerProfile_ClusterServiceLoadBalancerHealthProbeMode Optional |
| enableMultipleStandardLoadBalancers | Enable multiple standard load balancers per AKS cluster or not. | bool Optional |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. | int Optional |
| managedOutboundIPs | Desired managed outbound IPs for the cluster load balancer. | ManagedClusterLoadBalancerProfileManagedOutboundIPs Optional |
| outboundIPPrefixes | Desired outbound IP Prefix resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPPrefixes Optional |
| outboundIPs | Desired outbound IP resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPs Optional |
ManagedClusterLoadBalancerProfile_STATUS
Profile of the managed cluster load balancer.
Used by: ContainerServiceNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| allocatedOutboundPorts | The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports. | int Optional |
| backendPoolType | The type of the managed inbound Load Balancer BackendPool. | ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS Optional |
| clusterServiceLoadBalancerHealthProbeMode | The health probing behavior for External Traffic Policy Cluster services. | ManagedClusterLoadBalancerProfile_ClusterServiceLoadBalancerHealthProbeMode_STATUS Optional |
| effectiveOutboundIPs | The effective outbound IP resources of the cluster load balancer. | ResourceReference_STATUS[] Optional |
| enableMultipleStandardLoadBalancers | Enable multiple standard load balancers per AKS cluster or not. | bool Optional |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes. | int Optional |
| managedOutboundIPs | Desired managed outbound IPs for the cluster load balancer. | ManagedClusterLoadBalancerProfileManagedOutboundIPs_STATUS Optional |
| outboundIPPrefixes | Desired outbound IP Prefix resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPPrefixes_STATUS Optional |
| outboundIPs | Desired outbound IP resources for the cluster load balancer. | ManagedClusterLoadBalancerProfileOutboundIPs_STATUS Optional |
ManagedClusterNATGatewayProfile
Profile of the managed cluster NAT gateway.
Used by: ContainerServiceNetworkProfile.
| Property | Description | Type |
|---|---|---|
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. | int Optional |
| managedOutboundIPProfile | Profile of the managed outbound IP resources of the cluster NAT gateway. | ManagedClusterManagedOutboundIPProfile Optional |
ManagedClusterNATGatewayProfile_STATUS
Profile of the managed cluster NAT gateway.
Used by: ContainerServiceNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| effectiveOutboundIPs | The effective outbound IP resources of the cluster NAT gateway. | ResourceReference_STATUS[] Optional |
| idleTimeoutInMinutes | Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes. | int Optional |
| managedOutboundIPProfile | Profile of the managed outbound IP resources of the cluster NAT gateway. | ManagedClusterManagedOutboundIPProfile_STATUS Optional |
ManagedClusterNodeProvisioningProfile_DefaultNodePools
Used by: ManagedClusterNodeProvisioningProfile.
| Value | Description |
|---|---|
| “Auto” | |
| “None” |
ManagedClusterNodeProvisioningProfile_DefaultNodePools_STATUS
Used by: ManagedClusterNodeProvisioningProfile_STATUS.
| Value | Description |
|---|---|
| “Auto” | |
| “None” |
ManagedClusterOperatorConfigMaps
Used by: ManagedClusterOperatorSpec.
| Property | Description | Type |
|---|---|---|
| oidcIssuerProfile | indicates where the OIDCIssuerProfile config map should be placed. If omitted, no config map will be created. | genruntime.ConfigMapDestination Optional |
ManagedClusterOperatorSecrets
Used by: ManagedClusterOperatorSpec.
| Property | Description | Type |
|---|---|---|
| adminCredentials | indicates where the AdminCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure. | genruntime.SecretDestination Optional |
| userCredentials | indicates where the UserCredentials secret should be placed. If omitted, the secret will not be retrieved from Azure. | genruntime.SecretDestination Optional |
ManagedClusterPodIdentity
Details about the pod identity assigned to the Managed Cluster.
Used by: ManagedClusterPodIdentityProfile.
| Property | Description | Type |
|---|---|---|
| bindingSelector | The binding selector to use for the AzureIdentityBinding resource. | string Optional |
| identity | The user assigned identity details. | UserAssignedIdentity Required |
| name | The name of the pod identity. | string Required |
| namespace | The namespace of the pod identity. | string Required |
ManagedClusterPodIdentity_STATUS
Details about the pod identity assigned to the Managed Cluster.
Used by: ManagedClusterPodIdentityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| bindingSelector | The binding selector to use for the AzureIdentityBinding resource. | string Optional |
| identity | The user assigned identity details. | UserAssignedIdentity_STATUS Optional |
| name | The name of the pod identity. | string Optional |
| namespace | The namespace of the pod identity. | string Optional |
| provisioningInfo | ManagedClusterPodIdentityProvisioningInfo_STATUS Optional |
|
| provisioningState | The current provisioning state of the pod identity. | ManagedClusterPodIdentityProvisioningState_STATUS Optional |
ManagedClusterPodIdentityException
A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server. See disable AAD Pod Identity for a specific Pod/Application for more details.
Used by: ManagedClusterPodIdentityProfile.
| Property | Description | Type |
|---|---|---|
| name | The name of the pod identity exception. | string Required |
| namespace | The namespace of the pod identity exception. | string Required |
| podLabels | The pod labels to match. | map[string]string Required |
ManagedClusterPodIdentityException_STATUS
A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server. See disable AAD Pod Identity for a specific Pod/Application for more details.
Used by: ManagedClusterPodIdentityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| name | The name of the pod identity exception. | string Optional |
| namespace | The namespace of the pod identity exception. | string Optional |
| podLabels | The pod labels to match. | map[string]string Optional |
ManagedClusterSecurityProfileDefender
Microsoft Defender settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| logAnalyticsWorkspaceResourceReference | Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty. | genruntime.ResourceReference Optional |
| securityGating | Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards. | ManagedClusterSecurityProfileDefenderSecurityGating Optional |
| securityMonitoring | Microsoft Defender threat detection for Cloud settings for the security profile. | ManagedClusterSecurityProfileDefenderSecurityMonitoring Optional |
ManagedClusterSecurityProfileDefender_STATUS
Microsoft Defender settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| logAnalyticsWorkspaceResourceId | Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty. | string Optional |
| securityGating | Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards. | ManagedClusterSecurityProfileDefenderSecurityGating_STATUS Optional |
| securityMonitoring | Microsoft Defender threat detection for Cloud settings for the security profile. | ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS Optional |
ManagedClusterSecurityProfileImageCleaner
Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Image Cleaner on AKS cluster. | bool Optional |
| intervalHours | Image Cleaner scanning interval in hours. | int Optional |
ManagedClusterSecurityProfileImageCleaner_STATUS
Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Image Cleaner on AKS cluster. | bool Optional |
| intervalHours | Image Cleaner scanning interval in hours. | int Optional |
ManagedClusterSecurityProfileImageIntegrity
Image integrity related settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable image integrity. The default value is false. | bool Optional |
ManagedClusterSecurityProfileImageIntegrity_STATUS
Image integrity related settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable image integrity. The default value is false. | bool Optional |
ManagedClusterSecurityProfileNodeRestriction
Node Restriction settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Node Restriction | bool Optional |
ManagedClusterSecurityProfileNodeRestriction_STATUS
Node Restriction settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Node Restriction | bool Optional |
ManagedClusterSecurityProfileWorkloadIdentity
Workload identity settings for the security profile.
Used by: ManagedClusterSecurityProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable workload identity. | bool Optional |
ManagedClusterSecurityProfileWorkloadIdentity_STATUS
Workload identity settings for the security profile.
Used by: ManagedClusterSecurityProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable workload identity. | bool Optional |
ManagedClusterSKUName
The name of a managed cluster SKU.
Used by: ManagedClusterSKU.
| Value | Description |
|---|---|
| “Automatic” | |
| “Base” |
ManagedClusterSKUName_STATUS
The name of a managed cluster SKU.
Used by: ManagedClusterSKU_STATUS.
| Value | Description |
|---|---|
| “Automatic” | |
| “Base” |
ManagedClusterSKUTier
The tier of a managed cluster SKU. If not specified, the default is Free. See AKS Pricing Tier for more details.
Used by: ManagedClusterSKU.
| Value | Description |
|---|---|
| “Free” | |
| “Premium” | |
| “Standard” |
ManagedClusterSKUTier_STATUS
The tier of a managed cluster SKU. If not specified, the default is Free. See AKS Pricing Tier for more details.
Used by: ManagedClusterSKU_STATUS.
| Value | Description |
|---|---|
| “Free” | |
| “Premium” | |
| “Standard” |
ManagedClusterStaticEgressGatewayProfile
The Static Egress Gateway addon configuration for the cluster.
Used by: ContainerServiceNetworkProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not. | bool Optional |
ManagedClusterStaticEgressGatewayProfile_STATUS
The Static Egress Gateway addon configuration for the cluster.
Used by: ContainerServiceNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Enable Static Egress Gateway addon. Indicates if Static Egress Gateway addon is enabled or not. | bool Optional |
ManagedClusterStorageProfileBlobCSIDriver
AzureBlob CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureBlob CSI Driver. The default value is false. | bool Optional |
ManagedClusterStorageProfileBlobCSIDriver_STATUS
AzureBlob CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureBlob CSI Driver. The default value is false. | bool Optional |
ManagedClusterStorageProfileDiskCSIDriver
AzureDisk CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureDisk CSI Driver. The default value is true. | bool Optional |
| version | The version of AzureDisk CSI Driver. The default value is v1. | string Optional |
ManagedClusterStorageProfileDiskCSIDriver_STATUS
AzureDisk CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureDisk CSI Driver. The default value is true. | bool Optional |
| version | The version of AzureDisk CSI Driver. The default value is v1. | string Optional |
ManagedClusterStorageProfileFileCSIDriver
AzureFile CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureFile CSI Driver. The default value is true. | bool Optional |
ManagedClusterStorageProfileFileCSIDriver_STATUS
AzureFile CSI Driver settings for the storage profile.
Used by: ManagedClusterStorageProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable AzureFile CSI Driver. The default value is true. | bool Optional |
ManagedClusterStorageProfileSnapshotController
Snapshot Controller settings for the storage profile.
Used by: ManagedClusterStorageProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Snapshot Controller. The default value is true. | bool Optional |
ManagedClusterStorageProfileSnapshotController_STATUS
Snapshot Controller settings for the storage profile.
Used by: ManagedClusterStorageProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Snapshot Controller. The default value is true. | bool Optional |
ManagedClusterWorkloadAutoScalerProfileKeda
KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.
Used by: ManagedClusterWorkloadAutoScalerProfile.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable KEDA. | bool Required |
ManagedClusterWorkloadAutoScalerProfileKeda_STATUS
KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.
Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable KEDA. | bool Optional |
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler
VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.
Used by: ManagedClusterWorkloadAutoScalerProfile.
| Property | Description | Type |
|---|---|---|
| addonAutoscaling | Whether VPA add-on is enabled and configured to scale AKS-managed add-ons. | ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_AddonAutoscaling Optional |
| enabled | Whether to enable VPA. Default value is false. | bool Required |
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS
VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.
Used by: ManagedClusterWorkloadAutoScalerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| addonAutoscaling | Whether VPA add-on is enabled and configured to scale AKS-managed add-ons. | ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_AddonAutoscaling_STATUS Optional |
| enabled | Whether to enable VPA. Default value is false. | bool Optional |
ManagedServiceIdentityUserAssignedIdentitiesValue_STATUS
Used by: ManagedClusterIdentity_STATUS.
| Property | Description | Type |
|---|---|---|
| clientId | The client id of user assigned identity. | string Optional |
| principalId | The principal id of user assigned identity. | string Optional |
NetworkDataplane
Network dataplane used in the Kubernetes cluster.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “azure” | |
| “cilium” |
NetworkDataplane_STATUS
Network dataplane used in the Kubernetes cluster.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “azure” | |
| “cilium” |
NetworkMode
The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than azure.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “bridge” | |
| “transparent” |
NetworkMode_STATUS
The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than azure.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “bridge” | |
| “transparent” |
NetworkPlugin
Network plugin used for building the Kubernetes network.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “azure” | |
| “kubenet” | |
| “none” |
NetworkPlugin_STATUS
Network plugin used for building the Kubernetes network.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “azure” | |
| “kubenet” | |
| “none” |
NetworkPluginMode
The mode the network plugin should use.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “overlay” |
NetworkPluginMode_STATUS
The mode the network plugin should use.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “overlay” |
NetworkPolicy
Network policy used for building the Kubernetes network.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “azure” | |
| “calico” | |
| “cilium” | |
| “none” |
NetworkPolicy_STATUS
Network policy used for building the Kubernetes network.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “azure” | |
| “calico” | |
| “cilium” | |
| “none” |
NodeOSUpgradeChannel
Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.
Used by: ManagedClusterAutoUpgradeProfile.
| Value | Description |
|---|---|
| “NodeImage” | |
| “None” | |
| “SecurityPatch” | |
| “Unmanaged” |
NodeOSUpgradeChannel_STATUS
Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.
Used by: ManagedClusterAutoUpgradeProfile_STATUS.
| Value | Description |
|---|---|
| “NodeImage” | |
| “None” | |
| “SecurityPatch” | |
| “Unmanaged” |
NodeProvisioningMode
The node provisioning mode. If not specified, the default is Manual.
Used by: ManagedClusterNodeProvisioningProfile.
| Value | Description |
|---|---|
| “Auto” | |
| “Manual” |
NodeProvisioningMode_STATUS
The node provisioning mode. If not specified, the default is Manual.
Used by: ManagedClusterNodeProvisioningProfile_STATUS.
| Value | Description |
|---|---|
| “Auto” | |
| “Manual” |
PodLinkLocalAccess
Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is IMDS.
Used by: ContainerServiceNetworkProfile.
| Value | Description |
|---|---|
| “IMDS” | |
| “None” |
PodLinkLocalAccess_STATUS
Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is IMDS.
Used by: ContainerServiceNetworkProfile_STATUS.
| Value | Description |
|---|---|
| “IMDS” | |
| “None” |
PortRange
The port range.
Used by: AgentPoolNetworkProfile.
| Property | Description | Type |
|---|---|---|
| portEnd | The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. | int Optional |
| portStart | The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. | int Optional |
| protocol | The network protocol of the port. | Protocol Optional |
PortRange_STATUS
The port range.
Used by: AgentPoolNetworkProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| portEnd | The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart. | int Optional |
| portStart | The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd. | int Optional |
| protocol | The network protocol of the port. | Protocol_STATUS Optional |
ResourceIdentityType
The type of identity used for the managed cluster. For more information see use managed identities in AKS.
Used by: ManagedClusterIdentity.
| Value | Description |
|---|---|
| “None” | |
| “SystemAssigned” | |
| “UserAssigned” |
ResourceIdentityType_STATUS
The type of identity used for the managed cluster. For more information see use managed identities in AKS.
Used by: ManagedClusterIdentity_STATUS.
| Value | Description |
|---|---|
| “None” | |
| “SystemAssigned” | |
| “UserAssigned” |
RestrictionLevel
The restriction level applied to the cluster’s node resource group. If not specified, the default is Unrestricted
Used by: ManagedClusterNodeResourceGroupProfile.
| Value | Description |
|---|---|
| “ReadOnly” | |
| “Unrestricted” |
RestrictionLevel_STATUS
The restriction level applied to the cluster’s node resource group. If not specified, the default is Unrestricted
Used by: ManagedClusterNodeResourceGroupProfile_STATUS.
| Value | Description |
|---|---|
| “ReadOnly” | |
| “Unrestricted” |
ScaleProfile
Specifications on how to scale a VirtualMachines agent pool.
Used by: VirtualMachinesProfile.
| Property | Description | Type |
|---|---|---|
| autoscale | Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. | AutoScaleProfile Optional |
| manual | Specifications on how to scale the VirtualMachines agent pool to a fixed size. | ManualScaleProfile[] Optional |
ScaleProfile_STATUS
Specifications on how to scale a VirtualMachines agent pool.
Used by: VirtualMachinesProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| autoscale | Specifications on how to auto-scale the VirtualMachines agent pool within a predefined size range. | AutoScaleProfile_STATUS Optional |
| manual | Specifications on how to scale the VirtualMachines agent pool to a fixed size. | ManualScaleProfile_STATUS[] Optional |
Schedule
One and only one of the schedule types should be specified. Choose either daily, weekly, absoluteMonthly or relativeMonthly for your maintenance schedule.
Used by: MaintenanceWindow.
| Property | Description | Type |
|---|---|---|
| absoluteMonthly | For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’. | AbsoluteMonthlySchedule Optional |
| daily | For schedules like: ‘recur every day’ or ‘recur every 3 days’. | DailySchedule Optional |
| relativeMonthly | For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’. | RelativeMonthlySchedule Optional |
| weekly | For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’. | WeeklySchedule Optional |
Schedule_STATUS
One and only one of the schedule types should be specified. Choose either daily, weekly, absoluteMonthly or relativeMonthly for your maintenance schedule.
Used by: MaintenanceWindow_STATUS.
| Property | Description | Type |
|---|---|---|
| absoluteMonthly | For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’. | AbsoluteMonthlySchedule_STATUS Optional |
| daily | For schedules like: ‘recur every day’ or ‘recur every 3 days’. | DailySchedule_STATUS Optional |
| relativeMonthly | For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’. | RelativeMonthlySchedule_STATUS Optional |
| weekly | For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’. | WeeklySchedule_STATUS Optional |
SchedulerProfileSchedulerInstanceProfiles
Mapping of each scheduler instance to its profile.
Used by: SchedulerProfile.
| Property | Description | Type |
|---|---|---|
| upstream | The scheduler profile for the upstream scheduler instance. | SchedulerInstanceProfile Optional |
SchedulerProfileSchedulerInstanceProfiles_STATUS
Mapping of each scheduler instance to its profile.
Used by: SchedulerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| upstream | The scheduler profile for the upstream scheduler instance. | SchedulerInstanceProfile_STATUS Optional |
SeccompDefault
Specifies the default seccomp profile applied to all workloads. If not specified, Unconfined will be used by default.
Used by: KubeletConfig.
| Value | Description |
|---|---|
| “RuntimeDefault” | |
| “Unconfined” |
SeccompDefault_STATUS
Specifies the default seccomp profile applied to all workloads. If not specified, Unconfined will be used by default.
Used by: KubeletConfig_STATUS.
| Value | Description |
|---|---|
| “RuntimeDefault” | |
| “Unconfined” |
ServiceMeshMode
Mode of the service mesh.
Used by: ServiceMeshProfile.
| Value | Description |
|---|---|
| “Disabled” | |
| “Istio” |
ServiceMeshMode_STATUS
Mode of the service mesh.
Used by: ServiceMeshProfile_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Istio” |
SysctlConfig
Sysctl settings for Linux agent nodes.
Used by: LinuxOSConfig.
| Property | Description | Type |
|---|---|---|
| fsAioMaxNr | Sysctl setting fs.aio-max-nr. | int Optional |
| fsFileMax | Sysctl setting fs.file-max. | int Optional |
| fsInotifyMaxUserWatches | Sysctl setting fs.inotify.max_user_watches. | int Optional |
| fsNrOpen | Sysctl setting fs.nr_open. | int Optional |
| kernelThreadsMax | Sysctl setting kernel.threads-max. | int Optional |
| netCoreNetdevMaxBacklog | Sysctl setting net.core.netdev_max_backlog. | int Optional |
| netCoreOptmemMax | Sysctl setting net.core.optmem_max. | int Optional |
| netCoreRmemDefault | Sysctl setting net.core.rmem_default. | int Optional |
| netCoreRmemMax | Sysctl setting net.core.rmem_max. | int Optional |
| netCoreSomaxconn | Sysctl setting net.core.somaxconn. | int Optional |
| netCoreWmemDefault | Sysctl setting net.core.wmem_default. | int Optional |
| netCoreWmemMax | Sysctl setting net.core.wmem_max. | int Optional |
| netIpv4IpLocalPortRange | Sysctl setting net.ipv4.ip_local_port_range. | string Optional |
| netIpv4NeighDefaultGcThresh1 | Sysctl setting net.ipv4.neigh.default.gc_thresh1. | int Optional |
| netIpv4NeighDefaultGcThresh2 | Sysctl setting net.ipv4.neigh.default.gc_thresh2. | int Optional |
| netIpv4NeighDefaultGcThresh3 | Sysctl setting net.ipv4.neigh.default.gc_thresh3. | int Optional |
| netIpv4TcpFinTimeout | Sysctl setting net.ipv4.tcp_fin_timeout. | int Optional |
| netIpv4TcpkeepaliveIntvl | Sysctl setting net.ipv4.tcp_keepalive_intvl. | int Optional |
| netIpv4TcpKeepaliveProbes | Sysctl setting net.ipv4.tcp_keepalive_probes. | int Optional |
| netIpv4TcpKeepaliveTime | Sysctl setting net.ipv4.tcp_keepalive_time. | int Optional |
| netIpv4TcpMaxSynBacklog | Sysctl setting net.ipv4.tcp_max_syn_backlog. | int Optional |
| netIpv4TcpMaxTwBuckets | Sysctl setting net.ipv4.tcp_max_tw_buckets. | int Optional |
| netIpv4TcpTwReuse | Sysctl setting net.ipv4.tcp_tw_reuse. | bool Optional |
| netNetfilterNfConntrackBuckets | Sysctl setting net.netfilter.nf_conntrack_buckets. | int Optional |
| netNetfilterNfConntrackMax | Sysctl setting net.netfilter.nf_conntrack_max. | int Optional |
| vmMaxMapCount | Sysctl setting vm.max_map_count. | int Optional |
| vmSwappiness | Sysctl setting vm.swappiness. | int Optional |
| vmVfsCachePressure | Sysctl setting vm.vfs_cache_pressure. | int Optional |
SysctlConfig_STATUS
Sysctl settings for Linux agent nodes.
Used by: LinuxOSConfig_STATUS.
| Property | Description | Type |
|---|---|---|
| fsAioMaxNr | Sysctl setting fs.aio-max-nr. | int Optional |
| fsFileMax | Sysctl setting fs.file-max. | int Optional |
| fsInotifyMaxUserWatches | Sysctl setting fs.inotify.max_user_watches. | int Optional |
| fsNrOpen | Sysctl setting fs.nr_open. | int Optional |
| kernelThreadsMax | Sysctl setting kernel.threads-max. | int Optional |
| netCoreNetdevMaxBacklog | Sysctl setting net.core.netdev_max_backlog. | int Optional |
| netCoreOptmemMax | Sysctl setting net.core.optmem_max. | int Optional |
| netCoreRmemDefault | Sysctl setting net.core.rmem_default. | int Optional |
| netCoreRmemMax | Sysctl setting net.core.rmem_max. | int Optional |
| netCoreSomaxconn | Sysctl setting net.core.somaxconn. | int Optional |
| netCoreWmemDefault | Sysctl setting net.core.wmem_default. | int Optional |
| netCoreWmemMax | Sysctl setting net.core.wmem_max. | int Optional |
| netIpv4IpLocalPortRange | Sysctl setting net.ipv4.ip_local_port_range. | string Optional |
| netIpv4NeighDefaultGcThresh1 | Sysctl setting net.ipv4.neigh.default.gc_thresh1. | int Optional |
| netIpv4NeighDefaultGcThresh2 | Sysctl setting net.ipv4.neigh.default.gc_thresh2. | int Optional |
| netIpv4NeighDefaultGcThresh3 | Sysctl setting net.ipv4.neigh.default.gc_thresh3. | int Optional |
| netIpv4TcpFinTimeout | Sysctl setting net.ipv4.tcp_fin_timeout. | int Optional |
| netIpv4TcpkeepaliveIntvl | Sysctl setting net.ipv4.tcp_keepalive_intvl. | int Optional |
| netIpv4TcpKeepaliveProbes | Sysctl setting net.ipv4.tcp_keepalive_probes. | int Optional |
| netIpv4TcpKeepaliveTime | Sysctl setting net.ipv4.tcp_keepalive_time. | int Optional |
| netIpv4TcpMaxSynBacklog | Sysctl setting net.ipv4.tcp_max_syn_backlog. | int Optional |
| netIpv4TcpMaxTwBuckets | Sysctl setting net.ipv4.tcp_max_tw_buckets. | int Optional |
| netIpv4TcpTwReuse | Sysctl setting net.ipv4.tcp_tw_reuse. | bool Optional |
| netNetfilterNfConntrackBuckets | Sysctl setting net.netfilter.nf_conntrack_buckets. | int Optional |
| netNetfilterNfConntrackMax | Sysctl setting net.netfilter.nf_conntrack_max. | int Optional |
| vmMaxMapCount | Sysctl setting vm.max_map_count. | int Optional |
| vmSwappiness | Sysctl setting vm.swappiness. | int Optional |
| vmVfsCachePressure | Sysctl setting vm.vfs_cache_pressure. | int Optional |
SystemData_CreatedByType_STATUS
Used by: SystemData_STATUS.
| Value | Description |
|---|---|
| “Application” | |
| “Key” | |
| “ManagedIdentity” | |
| “User” |
SystemData_LastModifiedByType_STATUS
Used by: SystemData_STATUS.
| Value | Description |
|---|---|
| “Application” | |
| “Key” | |
| “ManagedIdentity” | |
| “User” |
UndrainableNodeBehavior
Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes.
Used by: AgentPoolUpgradeSettings.
| Value | Description |
|---|---|
| “Cordon” | |
| “Schedule” |
UndrainableNodeBehavior_STATUS
Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes.
Used by: AgentPoolUpgradeSettings_STATUS.
| Value | Description |
|---|---|
| “Cordon” | |
| “Schedule” |
UpgradeChannel
The upgrade channel for auto upgrade. The default is none. For more information see setting the AKS cluster auto-upgrade channel.
Used by: ManagedClusterAutoUpgradeProfile.
| Value | Description |
|---|---|
| “node-image” | |
| “none” | |
| “patch” | |
| “rapid” | |
| “stable” |
UpgradeChannel_STATUS
The upgrade channel for auto upgrade. The default is none. For more information see setting the AKS cluster auto-upgrade channel.
Used by: ManagedClusterAutoUpgradeProfile_STATUS.
| Value | Description |
|---|---|
| “node-image” | |
| “none” | |
| “patch” | |
| “rapid” | |
| “stable” |
UpgradeOverrideSettings
Settings for overrides when upgrading a cluster.
Used by: ClusterUpgradeSettings.
| Property | Description | Type |
|---|---|---|
| forceUpgrade | Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution. | bool Optional |
| until | Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect. |
string Optional |
UpgradeOverrideSettings_STATUS
Settings for overrides when upgrading a cluster.
Used by: ClusterUpgradeSettings_STATUS.
| Property | Description | Type |
|---|---|---|
| forceUpgrade | Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution. | bool Optional |
| until | Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect. |
string Optional |
UserAssignedIdentityDetails
Information about the user assigned identity for the resource
Used by: ManagedClusterIdentity.
| Property | Description | Type |
|---|---|---|
| reference | genruntime.ResourceReference Optional |
WeekDay
The weekday enum.
Used by: RelativeMonthlySchedule, TimeInWeek, and WeeklySchedule.
| Value | Description |
|---|---|
| “Friday” | |
| “Monday” | |
| “Saturday” | |
| “Sunday” | |
| “Thursday” | |
| “Tuesday” | |
| “Wednesday” |
WeekDay_STATUS
The weekday enum.
Used by: RelativeMonthlySchedule_STATUS, TimeInWeek_STATUS, and WeeklySchedule_STATUS.
| Value | Description |
|---|---|
| “Friday” | |
| “Monday” | |
| “Saturday” | |
| “Sunday” | |
| “Thursday” | |
| “Tuesday” | |
| “Wednesday” |
WindowsGmsaProfile
Windows gMSA Profile in the managed cluster.
Used by: ManagedClusterWindowsProfile.
| Property | Description | Type |
|---|---|---|
| dnsServer | Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. | string Optional |
| enabled | Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster. | bool Optional |
| rootDomainName | Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. | string Optional |
WindowsGmsaProfile_STATUS
Windows gMSA Profile in the managed cluster.
Used by: ManagedClusterWindowsProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| dnsServer | Specifies the DNS server for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. | string Optional |
| enabled | Whether to enable Windows gMSA. Specifies whether to enable Windows gMSA in the managed cluster. | bool Optional |
| rootDomainName | Specifies the root domain name for Windows gMSA. Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster. | string Optional |
AbsoluteMonthlySchedule
For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.
Used by: Schedule.
| Property | Description | Type |
|---|---|---|
| dayOfMonth | The date of the month. | int Required |
| intervalMonths | Specifies the number of months between each set of occurrences. | int Required |
AbsoluteMonthlySchedule_STATUS
For schedules like: ‘recur every month on the 15th’ or ‘recur every 3 months on the 20th’.
Used by: Schedule_STATUS.
| Property | Description | Type |
|---|---|---|
| dayOfMonth | The date of the month. | int Optional |
| intervalMonths | Specifies the number of months between each set of occurrences. | int Optional |
AdvancedNetworkingObservability
Observability profile to enable advanced network metrics and flow logs with historical contexts.
Used by: AdvancedNetworking.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates the enablement of Advanced Networking observability functionalities on clusters. | bool Optional |
AdvancedNetworkingObservability_STATUS
Observability profile to enable advanced network metrics and flow logs with historical contexts.
Used by: AdvancedNetworking_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates the enablement of Advanced Networking observability functionalities on clusters. | bool Optional |
AdvancedNetworkingPerformance
Profile to enable performance-enhancing features on clusters that use Azure CNI powered by Cilium.
Used by: AdvancedNetworking.
| Property | Description | Type |
|---|---|---|
| accelerationMode | Enable advanced network acceleration options. This allows users to configure acceleration using BPF host routing. This can be enabled only with Cilium dataplane. If not specified, the default value is None (no acceleration). The acceleration mode can be changed on a pre-existing cluster. See https://aka.ms/acnsperformance for a detailed explanation | AdvancedNetworkingPerformance_AccelerationMode Optional |
AdvancedNetworkingPerformance_STATUS
Profile to enable performance-enhancing features on clusters that use Azure CNI powered by Cilium.
Used by: AdvancedNetworking_STATUS.
| Property | Description | Type |
|---|---|---|
| accelerationMode | Enable advanced network acceleration options. This allows users to configure acceleration using BPF host routing. This can be enabled only with Cilium dataplane. If not specified, the default value is None (no acceleration). The acceleration mode can be changed on a pre-existing cluster. See https://aka.ms/acnsperformance for a detailed explanation | AdvancedNetworkingPerformance_AccelerationMode_STATUS Optional |
AdvancedNetworkingSecurity
Security profile to enable security features on cilium based cluster.
Used by: AdvancedNetworking.
| Property | Description | Type |
|---|---|---|
| advancedNetworkPolicies | Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true. | AdvancedNetworkPolicies Optional |
| enabled | This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false. | bool Optional |
| transitEncryption | Encryption configuration for Cilium-based clusters. Once enabled all traffic between Cilium managed pods will be encrypted when it leaves the node boundary. | AdvancedNetworkingSecurityTransitEncryption Optional |
AdvancedNetworkingSecurity_STATUS
Security profile to enable security features on cilium based cluster.
Used by: AdvancedNetworking_STATUS.
| Property | Description | Type |
|---|---|---|
| advancedNetworkPolicies | Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true. | AdvancedNetworkPolicies_STATUS Optional |
| enabled | This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false. | bool Optional |
| transitEncryption | Encryption configuration for Cilium-based clusters. Once enabled all traffic between Cilium managed pods will be encrypted when it leaves the node boundary. | AdvancedNetworkingSecurityTransitEncryption_STATUS Optional |
AutoScaleProfile
Specifications on auto-scaling.
Used by: ScaleProfile.
| Property | Description | Type |
|---|---|---|
| maxCount | The maximum number of nodes of the specified sizes. | int Optional |
| minCount | The minimum number of nodes of the specified sizes. | int Optional |
| size | VM size that AKS will use when creating and scaling e.g. Standard_E4s_v3, Standard_E16s_v3 or Standard_D16s_v5. |
string Optional |
AutoScaleProfile_STATUS
Specifications on auto-scaling.
Used by: ScaleProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| maxCount | The maximum number of nodes of the specified sizes. | int Optional |
| minCount | The minimum number of nodes of the specified sizes. | int Optional |
| size | VM size that AKS will use when creating and scaling e.g. Standard_E4s_v3, Standard_E16s_v3 or Standard_D16s_v5. |
string Optional |
AzureKeyVaultKms_KeyVaultNetworkAccess
Used by: AzureKeyVaultKms.
| Value | Description |
|---|---|
| “Private” | |
| “Public” |
AzureKeyVaultKms_KeyVaultNetworkAccess_STATUS
Used by: AzureKeyVaultKms_STATUS.
| Value | Description |
|---|---|
| “Private” | |
| “Public” |
ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig
Holds configuration customizations for IPVS. May only be specified if mode is set to IPVS.
Used by: ContainerServiceNetworkProfileKubeProxyConfig.
| Property | Description | Type |
|---|---|---|
| scheduler | IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html. | IpvsScheduler Optional |
| tcpFinTimeoutSeconds | The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive integer value. | int Optional |
| tcpTimeoutSeconds | The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value. | int Optional |
| udpTimeoutSeconds | The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value. | int Optional |
ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig_STATUS
Holds configuration customizations for IPVS. May only be specified if mode is set to IPVS.
Used by: ContainerServiceNetworkProfileKubeProxyConfig_STATUS.
| Property | Description | Type |
|---|---|---|
| scheduler | IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html. | IpvsScheduler_STATUS Optional |
| tcpFinTimeoutSeconds | The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive integer value. | int Optional |
| tcpTimeoutSeconds | The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value. | int Optional |
| udpTimeoutSeconds | The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value. | int Optional |
ContainerServiceSshPublicKey
Contains information about SSH certificate public key data.
Used by: ContainerServiceSshConfiguration.
| Property | Description | Type |
|---|---|---|
| keyData | Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. | string Required |
ContainerServiceSshPublicKey_STATUS
Contains information about SSH certificate public key data.
Used by: ContainerServiceSshConfiguration_STATUS.
| Property | Description | Type |
|---|---|---|
| keyData | Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers. | string Optional |
DailySchedule
For schedules like: ‘recur every day’ or ‘recur every 3 days’.
Used by: Schedule.
| Property | Description | Type |
|---|---|---|
| intervalDays | Specifies the number of days between each set of occurrences. | int Required |
DailySchedule_STATUS
For schedules like: ‘recur every day’ or ‘recur every 3 days’.
Used by: Schedule_STATUS.
| Property | Description | Type |
|---|---|---|
| intervalDays | Specifies the number of days between each set of occurrences. | int Optional |
ErrorAdditionalInfo_STATUS
The resource management error additional info.
Used by: ErrorDetail_STATUS, and ErrorDetail_STATUS_Unrolled.
| Property | Description | Type |
|---|---|---|
| info | The additional info. | map[string]v1.JSON Optional |
| type | The additional info type. | string Optional |
ErrorDetail_STATUS_Unrolled
Used by: ErrorDetail_STATUS.
| Property | Description | Type |
|---|---|---|
| additionalInfo | The error additional info. | ErrorAdditionalInfo_STATUS[] Optional |
| code | The error code. | string Optional |
| message | The error message. | string Optional |
| target | The error target. | string Optional |
IstioCertificateAuthority
Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca
Used by: IstioServiceMesh.
| Property | Description | Type |
|---|---|---|
| plugin | Plugin certificates information for Service Mesh. | IstioPluginCertificateAuthority Optional |
IstioCertificateAuthority_STATUS
Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca
Used by: IstioServiceMesh_STATUS.
| Property | Description | Type |
|---|---|---|
| plugin | Plugin certificates information for Service Mesh. | IstioPluginCertificateAuthority_STATUS Optional |
IstioComponents
Istio components configuration.
Used by: IstioServiceMesh.
| Property | Description | Type |
|---|---|---|
| egressGateways | Istio egress gateways. | IstioEgressGateway[] Optional |
| ingressGateways | Istio ingress gateways. | IstioIngressGateway[] Optional |
| proxyRedirectionMechanism | Mode of traffic redirection. | ProxyRedirectionMechanism Optional |
IstioComponents_STATUS
Istio components configuration.
Used by: IstioServiceMesh_STATUS.
| Property | Description | Type |
|---|---|---|
| egressGateways | Istio egress gateways. | IstioEgressGateway_STATUS[] Optional |
| ingressGateways | Istio ingress gateways. | IstioIngressGateway_STATUS[] Optional |
| proxyRedirectionMechanism | Mode of traffic redirection. | ProxyRedirectionMechanism_STATUS Optional |
KubernetesResourceObjectEncryptionProfile_InfrastructureEncryption
Used by: KubernetesResourceObjectEncryptionProfile.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
KubernetesResourceObjectEncryptionProfile_InfrastructureEncryption_STATUS
Used by: KubernetesResourceObjectEncryptionProfile_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
LocalDNSOverride_ForwardDestination
Used by: LocalDNSOverride.
| Value | Description |
|---|---|
| “ClusterCoreDNS” | |
| “VnetDNS” |
LocalDNSOverride_ForwardDestination_STATUS
Used by: LocalDNSOverride_STATUS.
| Value | Description |
|---|---|
| “ClusterCoreDNS” | |
| “VnetDNS” |
LocalDNSOverride_ForwardPolicy
Used by: LocalDNSOverride.
| Value | Description |
|---|---|
| “Random” | |
| “RoundRobin” | |
| “Sequential” |
LocalDNSOverride_ForwardPolicy_STATUS
Used by: LocalDNSOverride_STATUS.
| Value | Description |
|---|---|
| “Random” | |
| “RoundRobin” | |
| “Sequential” |
LocalDNSOverride_Protocol
Used by: LocalDNSOverride.
| Value | Description |
|---|---|
| “ForceTCP” | |
| “PreferUDP” |
LocalDNSOverride_Protocol_STATUS
Used by: LocalDNSOverride_STATUS.
| Value | Description |
|---|---|
| “ForceTCP” | |
| “PreferUDP” |
LocalDNSOverride_QueryLogging
Used by: LocalDNSOverride.
| Value | Description |
|---|---|
| “Error” | |
| “Log” |
LocalDNSOverride_QueryLogging_STATUS
Used by: LocalDNSOverride_STATUS.
| Value | Description |
|---|---|
| “Error” | |
| “Log” |
LocalDNSOverride_ServeStale
Used by: LocalDNSOverride.
| Value | Description |
|---|---|
| “Disable” | |
| “Immediate” | |
| “Verify” |
LocalDNSOverride_ServeStale_STATUS
Used by: LocalDNSOverride_STATUS.
| Value | Description |
|---|---|
| “Disable” | |
| “Immediate” | |
| “Verify” |
ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation
Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Auto Instrumentation is enabled or not. | bool Optional |
ManagedClusterAzureMonitorProfileAppMonitoringAutoInstrumentation_STATUS
Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Auto Instrumentation is enabled or not. | bool Optional |
ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs
Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not. | bool Optional |
| port | The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331. | int Optional |
ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryLogs_STATUS
Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Open Telemetry Logs and traces is enabled or not. | bool Optional |
| port | The Open Telemetry host port for Open Telemetry logs and traces. If not specified, the default port is 28331. | int Optional |
ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics
Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Open Telemetry Metrics is enabled or not. | bool Optional |
| port | The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333. | int Optional |
ManagedClusterAzureMonitorProfileAppMonitoringOpenTelemetryMetrics_STATUS
Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.
Used by: ManagedClusterAzureMonitorProfileAppMonitoring_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Indicates if Application Monitoring Open Telemetry Metrics is enabled or not. | bool Optional |
| port | The Open Telemetry host port for Open Telemetry metrics. If not specified, the default port is 28333. | int Optional |
ManagedClusterAzureMonitorProfileKubeStateMetrics
Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.
Used by: ManagedClusterAzureMonitorProfileMetrics.
| Property | Description | Type |
|---|---|---|
| metricAnnotationsAllowList | Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels. | string Optional |
| metricLabelsAllowlist | Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels. | string Optional |
ManagedClusterAzureMonitorProfileKubeStateMetrics_STATUS
Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.
Used by: ManagedClusterAzureMonitorProfileMetrics_STATUS.
| Property | Description | Type |
|---|---|---|
| metricAnnotationsAllowList | Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels. | string Optional |
| metricLabelsAllowlist | Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels. | string Optional |
ManagedClusterIngressDefaultDomainProfile
Used by: ManagedClusterIngressProfileWebAppRouting.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Default Domain. | bool Optional |
ManagedClusterIngressDefaultDomainProfile_STATUS
Used by: ManagedClusterIngressProfileWebAppRouting_STATUS.
| Property | Description | Type |
|---|---|---|
| domainName | The unique fully qualified domain name assigned to the cluster. This will not change even if disabled then reenabled. | string Optional |
| enabled | Whether to enable Default Domain. | bool Optional |
ManagedClusterIngressProfileNginx
Used by: ManagedClusterIngressProfileWebAppRouting.
| Property | Description | Type |
|---|---|---|
| defaultIngressControllerType | Ingress type for the default NginxIngressController custom resource | NginxIngressControllerType Optional |
ManagedClusterIngressProfileNginx_STATUS
Used by: ManagedClusterIngressProfileWebAppRouting_STATUS.
| Property | Description | Type |
|---|---|---|
| defaultIngressControllerType | Ingress type for the default NginxIngressController custom resource | NginxIngressControllerType_STATUS Optional |
ManagedClusterLoadBalancerProfile_BackendPoolType
Used by: ManagedClusterLoadBalancerProfile.
| Value | Description |
|---|---|
| “NodeIP” | |
| “NodeIPConfiguration” |
ManagedClusterLoadBalancerProfile_BackendPoolType_STATUS
Used by: ManagedClusterLoadBalancerProfile_STATUS.
| Value | Description |
|---|---|
| “NodeIP” | |
| “NodeIPConfiguration” |
ManagedClusterLoadBalancerProfile_ClusterServiceLoadBalancerHealthProbeMode
Used by: ManagedClusterLoadBalancerProfile.
| Value | Description |
|---|---|
| “ServiceNodePort” | |
| “Shared” |
ManagedClusterLoadBalancerProfile_ClusterServiceLoadBalancerHealthProbeMode_STATUS
Used by: ManagedClusterLoadBalancerProfile_STATUS.
| Value | Description |
|---|---|
| “ServiceNodePort” | |
| “Shared” |
ManagedClusterLoadBalancerProfileManagedOutboundIPs
Desired managed outbound IPs for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile.
| Property | Description | Type |
|---|---|---|
| count | The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. | int Optional |
| countIPv6 | The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. | int Optional |
ManagedClusterLoadBalancerProfileManagedOutboundIPs_STATUS
Desired managed outbound IPs for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| count | The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1. | int Optional |
| countIPv6 | The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack. | int Optional |
ManagedClusterLoadBalancerProfileOutboundIPPrefixes
Desired outbound IP Prefix resources for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile.
| Property | Description | Type |
|---|---|---|
| publicIPPrefixes | A list of public IP prefix resources. | ResourceReference[] Optional |
ManagedClusterLoadBalancerProfileOutboundIPPrefixes_STATUS
Desired outbound IP Prefix resources for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| publicIPPrefixes | A list of public IP prefix resources. | ResourceReference_STATUS[] Optional |
ManagedClusterLoadBalancerProfileOutboundIPs
Desired outbound IP resources for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile.
| Property | Description | Type |
|---|---|---|
| publicIPs | A list of public IP resources. | ResourceReference[] Optional |
ManagedClusterLoadBalancerProfileOutboundIPs_STATUS
Desired outbound IP resources for the cluster load balancer.
Used by: ManagedClusterLoadBalancerProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| publicIPs | A list of public IP resources. | ResourceReference_STATUS[] Optional |
ManagedClusterManagedOutboundIPProfile
Profile of the managed outbound IP resources of the managed cluster.
Used by: ManagedClusterNATGatewayProfile.
| Property | Description | Type |
|---|---|---|
| count | The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. | int Optional |
ManagedClusterManagedOutboundIPProfile_STATUS
Profile of the managed outbound IP resources of the managed cluster.
Used by: ManagedClusterNATGatewayProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| count | The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. | int Optional |
ManagedClusterPodIdentityProvisioningInfo_STATUS
Used by: ManagedClusterPodIdentity_STATUS.
| Property | Description | Type |
|---|---|---|
| error | Pod identity assignment error (if any). | ManagedClusterPodIdentityProvisioningError_STATUS Optional |
ManagedClusterPodIdentityProvisioningState_STATUS
The current provisioning state of the pod identity.
Used by: ManagedClusterPodIdentity_STATUS.
| Value | Description |
|---|---|
| “Assigned” | |
| “Canceled” | |
| “Deleting” | |
| “Failed” | |
| “Succeeded” | |
| “Updating” |
ManagedClusterSecurityProfileDefenderSecurityGating
Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards.
Used by: ManagedClusterSecurityProfileDefender.
| Property | Description | Type |
|---|---|---|
| allowSecretAccess | In use only while registry access granted by secret rather than managed identity. Set whether to grant the Defender gating agent access to the cluster’s secrets for pulling images from registries. If secret access is denied and the registry requires pull secrets, the add-on will not perform any image validation. Default value is false. | bool Optional |
| enabled | Whether to enable Defender security gating. When enabled, the gating feature will scan container images and audit or block the deployment of images that do not meet security standards according to the configured security rules. | bool Optional |
| identities | List of identities that the admission controller will make use of in order to pull security artifacts from the registry. These are the same identities used by the cluster to pull container images. Each identity provided should have federated identity credential attached to it. | ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem[] Optional |
ManagedClusterSecurityProfileDefenderSecurityGating_STATUS
Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards.
Used by: ManagedClusterSecurityProfileDefender_STATUS.
| Property | Description | Type |
|---|---|---|
| allowSecretAccess | In use only while registry access granted by secret rather than managed identity. Set whether to grant the Defender gating agent access to the cluster’s secrets for pulling images from registries. If secret access is denied and the registry requires pull secrets, the add-on will not perform any image validation. Default value is false. | bool Optional |
| enabled | Whether to enable Defender security gating. When enabled, the gating feature will scan container images and audit or block the deployment of images that do not meet security standards according to the configured security rules. | bool Optional |
| identities | List of identities that the admission controller will make use of in order to pull security artifacts from the registry. These are the same identities used by the cluster to pull container images. Each identity provided should have federated identity credential attached to it. | ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem_STATUS[] Optional |
ManagedClusterSecurityProfileDefenderSecurityMonitoring
Microsoft Defender settings for the security profile threat detection.
Used by: ManagedClusterSecurityProfileDefender.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Defender threat detection | bool Optional |
ManagedClusterSecurityProfileDefenderSecurityMonitoring_STATUS
Microsoft Defender settings for the security profile threat detection.
Used by: ManagedClusterSecurityProfileDefender_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable Defender threat detection | bool Optional |
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_AddonAutoscaling
Used by: ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_AddonAutoscaling_STATUS
Used by: ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Enabled” |
ManagedGatewayType
Configuration for the managed Gateway API installation. If not specified, the default is Disabled. See https://aka.ms/k8s-gateway-api for more details.
Used by: ManagedClusterIngressProfileGatewayConfiguration.
| Value | Description |
|---|---|
| “Disabled” | |
| “Standard” |
ManagedGatewayType_STATUS
Configuration for the managed Gateway API installation. If not specified, the default is Disabled. See https://aka.ms/k8s-gateway-api for more details.
Used by: ManagedClusterIngressProfileGatewayConfiguration_STATUS.
| Value | Description |
|---|---|
| “Disabled” | |
| “Standard” |
ManualScaleProfile
Specifications on number of machines.
Used by: ScaleProfile.
| Property | Description | Type |
|---|---|---|
| count | Number of nodes. | int Optional |
| size | VM size that AKS will use when creating and scaling e.g. Standard_E4s_v3, Standard_E16s_v3 or Standard_D16s_v5. |
string Optional |
ManualScaleProfile_STATUS
Specifications on number of machines.
Used by: ScaleProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| count | Number of nodes. | int Optional |
| size | VM size that AKS will use when creating and scaling e.g. Standard_E4s_v3, Standard_E16s_v3 or Standard_D16s_v5. |
string Optional |
Mode
Specify which proxy mode to use (IPTABLES, IPVS or NFTABLES)
Used by: ContainerServiceNetworkProfileKubeProxyConfig.
| Value | Description |
|---|---|
| “IPTABLES” | |
| “IPVS” | |
| “NFTABLES” |
Mode_STATUS
Specify which proxy mode to use (IPTABLES, IPVS or NFTABLES)
Used by: ContainerServiceNetworkProfileKubeProxyConfig_STATUS.
| Value | Description |
|---|---|
| “IPTABLES” | |
| “IPVS” | |
| “NFTABLES” |
Protocol
The network protocol of the port.
Used by: PortRange.
| Value | Description |
|---|---|
| “TCP” | |
| “UDP” |
Protocol_STATUS
The network protocol of the port.
Used by: PortRange_STATUS.
| Value | Description |
|---|---|
| “TCP” | |
| “UDP” |
RelativeMonthlySchedule
For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.
Used by: Schedule.
| Property | Description | Type |
|---|---|---|
| dayOfWeek | Specifies on which day of the week the maintenance occurs. | WeekDay Required |
| intervalMonths | Specifies the number of months between each set of occurrences. | int Required |
| weekIndex | The week index. Specifies on which week of the month the dayOfWeek applies. | Type Required |
RelativeMonthlySchedule_STATUS
For schedules like: ‘recur every month on the first Monday’ or ‘recur every 3 months on last Friday’.
Used by: Schedule_STATUS.
| Property | Description | Type |
|---|---|---|
| dayOfWeek | Specifies on which day of the week the maintenance occurs. | WeekDay_STATUS Optional |
| intervalMonths | Specifies the number of months between each set of occurrences. | int Optional |
| weekIndex | The week index. Specifies on which week of the month the dayOfWeek applies. | Type_STATUS Optional |
ResourceReference_STATUS
A reference to an Azure resource.
Used by: ManagedClusterLoadBalancerProfile_STATUS, ManagedClusterLoadBalancerProfileOutboundIPPrefixes_STATUS, ManagedClusterLoadBalancerProfileOutboundIPs_STATUS, and ManagedClusterNATGatewayProfile_STATUS.
| Property | Description | Type |
|---|---|---|
| id | The fully qualified Azure resource id. | string Optional |
SchedulerInstanceProfile
The scheduler profile for a single scheduler instance.
Used by: SchedulerProfileSchedulerInstanceProfiles.
| Property | Description | Type |
|---|---|---|
| schedulerConfigMode | The config customization mode for this scheduler instance. | SchedulerConfigMode Optional |
SchedulerInstanceProfile_STATUS
The scheduler profile for a single scheduler instance.
Used by: SchedulerProfileSchedulerInstanceProfiles_STATUS.
| Property | Description | Type |
|---|---|---|
| schedulerConfigMode | The config customization mode for this scheduler instance. | SchedulerConfigMode_STATUS Optional |
WeeklySchedule
For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.
Used by: Schedule.
| Property | Description | Type |
|---|---|---|
| dayOfWeek | Specifies on which day of the week the maintenance occurs. | WeekDay Required |
| intervalWeeks | Specifies the number of weeks between each set of occurrences. | int Required |
WeeklySchedule_STATUS
For schedules like: ‘recur every Monday’ or ‘recur every 3 weeks on Wednesday’.
Used by: Schedule_STATUS.
| Property | Description | Type |
|---|---|---|
| dayOfWeek | Specifies on which day of the week the maintenance occurs. | WeekDay_STATUS Optional |
| intervalWeeks | Specifies the number of weeks between each set of occurrences. | int Optional |
AdvancedNetworkingPerformance_AccelerationMode
Used by: AdvancedNetworkingPerformance.
| Value | Description |
|---|---|
| “BpfVeth” | |
| “None” |
AdvancedNetworkingPerformance_AccelerationMode_STATUS
Used by: AdvancedNetworkingPerformance_STATUS.
| Value | Description |
|---|---|
| “BpfVeth” | |
| “None” |
AdvancedNetworkingSecurityTransitEncryption
Encryption configuration for Cilium-based clusters. Once enabled all traffic between Cilium managed pods will be encrypted when it leaves the node boundary.
Used by: AdvancedNetworkingSecurity.
| Property | Description | Type |
|---|---|---|
| type | Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None. | TransitEncryptionType Optional |
AdvancedNetworkingSecurityTransitEncryption_STATUS
Encryption configuration for Cilium-based clusters. Once enabled all traffic between Cilium managed pods will be encrypted when it leaves the node boundary.
Used by: AdvancedNetworkingSecurity_STATUS.
| Property | Description | Type |
|---|---|---|
| type | Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None. | TransitEncryptionType_STATUS Optional |
AdvancedNetworkPolicies
Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true.
Used by: AdvancedNetworkingSecurity.
| Value | Description |
|---|---|
| “FQDN” | |
| “L7” | |
| “None” |
AdvancedNetworkPolicies_STATUS
Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true.
Used by: AdvancedNetworkingSecurity_STATUS.
| Value | Description |
|---|---|
| “FQDN” | |
| “L7” | |
| “None” |
IpvsScheduler
IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.
Used by: ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig.
| Value | Description |
|---|---|
| “LeastConnection” | |
| “RoundRobin” |
IpvsScheduler_STATUS
IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.
Used by: ContainerServiceNetworkProfileKubeProxyConfigIpvsConfig_STATUS.
| Value | Description |
|---|---|
| “LeastConnection” | |
| “RoundRobin” |
IstioEgressGateway
Istio egress gateway configuration.
Used by: IstioComponents.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable the egress gateway. | bool Required |
| gatewayConfigurationName | Name of the gateway configuration custom resource for the Istio add-on egress gateway. Must be specified when enabling the Istio egress gateway. Must be deployed in the same namespace that the Istio egress gateway will be deployed in. | string Optional |
| name | Name of the Istio add-on egress gateway. | string Required |
| namespace | Namespace that the Istio add-on egress gateway should be deployed in. If unspecified, the default is aks-istio-egress. | string Optional |
IstioEgressGateway_STATUS
Istio egress gateway configuration.
Used by: IstioComponents_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable the egress gateway. | bool Optional |
| gatewayConfigurationName | Name of the gateway configuration custom resource for the Istio add-on egress gateway. Must be specified when enabling the Istio egress gateway. Must be deployed in the same namespace that the Istio egress gateway will be deployed in. | string Optional |
| name | Name of the Istio add-on egress gateway. | string Optional |
| namespace | Namespace that the Istio add-on egress gateway should be deployed in. If unspecified, the default is aks-istio-egress. | string Optional |
IstioIngressGateway
Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.
Used by: IstioComponents.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable the ingress gateway. | bool Required |
| mode | Mode of an ingress gateway. | IstioIngressGatewayMode Required |
IstioIngressGateway_STATUS
Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.
Used by: IstioComponents_STATUS.
| Property | Description | Type |
|---|---|---|
| enabled | Whether to enable the ingress gateway. | bool Optional |
| mode | Mode of an ingress gateway. | IstioIngressGatewayMode_STATUS Optional |
IstioPluginCertificateAuthority
Plugin certificates information for Service Mesh.
Used by: IstioCertificateAuthority.
| Property | Description | Type |
|---|---|---|
| certChainObjectName | Certificate chain object name in Azure Key Vault. | string Optional |
| certObjectName | Intermediate certificate object name in Azure Key Vault. | string Optional |
| keyObjectName | Intermediate certificate private key object name in Azure Key Vault. | string Optional |
| keyVaultReference | The resource ID of the Key Vault. | genruntime.ResourceReference Optional |
| rootCertObjectName | Root certificate object name in Azure Key Vault. | string Optional |
IstioPluginCertificateAuthority_STATUS
Plugin certificates information for Service Mesh.
Used by: IstioCertificateAuthority_STATUS.
| Property | Description | Type |
|---|---|---|
| certChainObjectName | Certificate chain object name in Azure Key Vault. | string Optional |
| certObjectName | Intermediate certificate object name in Azure Key Vault. | string Optional |
| keyObjectName | Intermediate certificate private key object name in Azure Key Vault. | string Optional |
| keyVaultId | The resource ID of the Key Vault. | string Optional |
| rootCertObjectName | Root certificate object name in Azure Key Vault. | string Optional |
ManagedClusterPodIdentityProvisioningError_STATUS
An error response from the pod identity provisioning.
Used by: ManagedClusterPodIdentityProvisioningInfo_STATUS.
| Property | Description | Type |
|---|---|---|
| error | Details about the error. | ManagedClusterPodIdentityProvisioningErrorBody_STATUS Optional |
ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem
Used by: ManagedClusterSecurityProfileDefenderSecurityGating.
| Property | Description | Type |
|---|---|---|
| azureContainerRegistry | The container registry for which the identity will be used; the identity specified here should have a federated identity credential attached to it. | string Optional |
| identity | The identity object used to access the registry | UserAssignedIdentity Optional |
ManagedClusterSecurityProfileDefenderSecurityGatingIdentitiesItem_STATUS
Used by: ManagedClusterSecurityProfileDefenderSecurityGating_STATUS.
| Property | Description | Type |
|---|---|---|
| azureContainerRegistry | The container registry for which the identity will be used; the identity specified here should have a federated identity credential attached to it. | string Optional |
| identity | The identity object used to access the registry | UserAssignedIdentity_STATUS Optional |
NginxIngressControllerType
Ingress type for the default NginxIngressController custom resource
Used by: ManagedClusterIngressProfileNginx.
| Value | Description |
|---|---|
| “AnnotationControlled” | |
| “External” | |
| “Internal” | |
| “None” |
NginxIngressControllerType_STATUS
Ingress type for the default NginxIngressController custom resource
Used by: ManagedClusterIngressProfileNginx_STATUS.
| Value | Description |
|---|---|
| “AnnotationControlled” | |
| “External” | |
| “Internal” | |
| “None” |
ProxyRedirectionMechanism
Mode of traffic redirection.
Used by: IstioComponents.
| Value | Description |
|---|---|
| “CNIChaining” | |
| “InitContainers” |
ProxyRedirectionMechanism_STATUS
Mode of traffic redirection.
Used by: IstioComponents_STATUS.
| Value | Description |
|---|---|
| “CNIChaining” | |
| “InitContainers” |
ResourceReference
A reference to an Azure resource.
Used by: ManagedClusterLoadBalancerProfileOutboundIPPrefixes, and ManagedClusterLoadBalancerProfileOutboundIPs.
| Property | Description | Type |
|---|---|---|
| reference | The fully qualified Azure resource id. | genruntime.ResourceReference Optional |
SchedulerConfigMode
The config customization mode for this scheduler instance.
Used by: SchedulerInstanceProfile.
| Value | Description |
|---|---|
| “Default” | |
| “ManagedByCRD” |
SchedulerConfigMode_STATUS
The config customization mode for this scheduler instance.
Used by: SchedulerInstanceProfile_STATUS.
| Value | Description |
|---|---|
| “Default” | |
| “ManagedByCRD” |
Type
The week index. Specifies on which week of the month the dayOfWeek applies.
Used by: RelativeMonthlySchedule.
| Value | Description |
|---|---|
| “First” | |
| “Fourth” | |
| “Last” | |
| “Second” | |
| “Third” |
Type_STATUS
The week index. Specifies on which week of the month the dayOfWeek applies.
Used by: RelativeMonthlySchedule_STATUS.
| Value | Description |
|---|---|
| “First” | |
| “Fourth” | |
| “Last” | |
| “Second” | |
| “Third” |
IstioIngressGatewayMode
Mode of an ingress gateway.
Used by: IstioIngressGateway.
| Value | Description |
|---|---|
| “External” | |
| “Internal” |
IstioIngressGatewayMode_STATUS
Mode of an ingress gateway.
Used by: IstioIngressGateway_STATUS.
| Value | Description |
|---|---|
| “External” | |
| “Internal” |
ManagedClusterPodIdentityProvisioningErrorBody_STATUS
An error response from the pod identity provisioning.
Used by: ManagedClusterPodIdentityProvisioningError_STATUS.
| Property | Description | Type |
|---|---|---|
| code | An identifier for the error. Codes are invariant and are intended to be consumed programmatically. | string Optional |
| details | A list of additional details about the error. | ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled[] Optional |
| message | A message describing the error, intended to be suitable for display in a user interface. | string Optional |
| target | The target of the particular error. For example, the name of the property in error. | string Optional |
TransitEncryptionType
Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None.
Used by: AdvancedNetworkingSecurityTransitEncryption.
| Value | Description |
|---|---|
| “None” | |
| “WireGuard” |
TransitEncryptionType_STATUS
Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None.
Used by: AdvancedNetworkingSecurityTransitEncryption_STATUS.
| Value | Description |
|---|---|
| “None” | |
| “WireGuard” |
ManagedClusterPodIdentityProvisioningErrorBody_STATUS_Unrolled
Used by: ManagedClusterPodIdentityProvisioningErrorBody_STATUS.
| Property | Description | Type |
|---|---|---|
| code | An identifier for the error. Codes are invariant and are intended to be consumed programmatically. | string Optional |
| message | A message describing the error, intended to be suitable for display in a user interface. | string Optional |
| target | The target of the particular error. For example, the name of the property in error. | string Optional |