{ "description": "AzureCluster is the Schema for the azureclusters API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureClusterSpec defines the desired state of AzureCluster.", "properties": { "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the\nones added by default.", "type": "object" }, "azureEnvironment": { "description": "AzureEnvironment is the name of the AzureCloud to be used.\nThe default value that would be used by most users is \"AzurePublicCloud\", other values are:\n- ChinaCloud: \"AzureChinaCloud\"\n- GermanCloud: \"AzureGermanCloud\"\n- PublicCloud: \"AzurePublicCloud\"\n- USGovernmentCloud: \"AzureUSGovernmentCloud\"\n\n\nNote that values other than the default must also be accompanied by corresponding changes to the\naso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does\nnot support referring to multiple different clouds in a single installation. The following fields must\nbe defined in the Secret:\n- AZURE_AUTHORITY_HOST\n- AZURE_RESOURCE_MANAGER_ENDPOINT\n- AZURE_RESOURCE_MANAGER_AUDIENCE\n\n\nSee the [ASO docs] for more details.\n\n\n[ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/", "type": "string" }, "bastionSpec": { "description": "BastionSpec encapsulates all things related to the Bastions in the cluster.", "properties": { "azureBastion": { "description": "AzureBastion specifies how the Azure Bastion cloud component should be configured.", "properties": { "enableTunneling": { "default": false, "description": "EnableTunneling enables the native client support feature for the Azure Bastion Host. Defaults to false.", "type": "boolean" }, "name": { "type": "string" }, "publicIP": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "sku": { "default": "Basic", "description": "BastionHostSkuName configures the tier of the Azure Bastion Host. Can be either Basic or Standard. Defaults to Basic.", "enum": [ "Basic", "Standard" ], "type": "string" }, "subnet": { "description": "SubnetSpec configures an Azure subnet.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "id": { "description": "ID is the Azure resource ID of the subnet.\nREAD-ONLY", "type": "string" }, "name": { "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { "description": "NatGateway associated with this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the NAT gateway.\nREAD-ONLY", "type": "string" }, "ip": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "privateEndpoints": { "description": "PrivateEndpoints defines a list of private endpoints that should be attached to this subnet.", "items": { "description": "PrivateEndpointSpec configures an Azure Private Endpoint.", "properties": { "applicationSecurityGroups": { "description": "ApplicationSecurityGroups specifies the Application security group in which the private endpoint IP configuration is included.", "items": { "type": "string" }, "type": "array" }, "customNetworkInterfaceName": { "description": "CustomNetworkInterfaceName specifies the network interface name associated with the private endpoint.", "type": "string" }, "location": { "description": "Location specifies the region to create the private endpoint.", "type": "string" }, "manualApproval": { "description": "ManualApproval specifies if the connection approval needs to be done manually or not.\nSet it true when the network admin does not have access to approve connections to the remote resource.\nDefaults to false.", "type": "boolean" }, "name": { "description": "Name specifies the name of the private endpoint.", "type": "string" }, "privateIPAddresses": { "description": "PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint.\nThey have to be part of the subnet where the private endpoint is linked.", "items": { "type": "string" }, "type": "array" }, "privateLinkServiceConnections": { "description": "PrivateLinkServiceConnections specifies Private Link Service Connections of the private endpoint.", "items": { "description": "PrivateLinkServiceConnection defines the specification for a private link service connection associated with a private endpoint.", "properties": { "groupIDs": { "description": "GroupIDs specifies the ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name specifies the name of the private link service.", "type": "string" }, "privateLinkServiceID": { "description": "PrivateLinkServiceID specifies the resource ID of the private link service.", "type": "string" }, "requestMessage": { "description": "RequestMessage specifies a message passed to the owner of the remote resource with the private endpoint connection request.", "maxLength": 140, "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "role": { "description": "Role defines the subnet role (eg. Node, ControlPlane)", "enum": [ "node", "control-plane", "bastion", "all" ], "type": "string" }, "routeTable": { "description": "RouteTable defines the route table that should be attached to this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the route table.\nREAD-ONLY", "type": "string" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "securityGroup": { "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the security group.\nREAD-ONLY", "type": "string" }, "name": { "type": "string" }, "securityRules": { "description": "SecurityRules is a slice of Azure security rules for security groups.", "items": { "description": "SecurityRule defines an Azure security rule for security groups.", "properties": { "action": { "default": "Allow", "description": "Action specifies whether network traffic is allowed or denied. Can either be \"Allow\" or \"Deny\". Defaults to \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "description": { "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "enum": [ "Inbound", "Outbound" ], "type": "string" }, "name": { "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "format": "int32", "type": "integer" }, "protocol": { "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "enum": [ "Tcp", "Udp", "Icmp", "*" ], "type": "string" }, "source": { "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "sources": { "description": "Sources specifies The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" } }, "required": [ "description", "direction", "name", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags defines a map of tags.", "type": "object" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceEndpoints": { "description": "ServiceEndpoints is a slice of Virtual Network service endpoints to enable for the subnets.", "items": { "description": "ServiceEndpointSpec configures an Azure Service Endpoint.", "properties": { "locations": { "items": { "type": "string" }, "type": "array" }, "service": { "type": "string" } }, "required": [ "locations", "service" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "service" ], "x-kubernetes-list-type": "map" } }, "required": [ "name", "role" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "cloudProviderConfigOverrides": { "description": "CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config.\nThis is only a subset of options that are available in azure cloud provider config.\nSome values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides.\nSee: https://cloud-provider-azure.sigs.k8s.io/install/configs\nNote: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider.", "properties": { "backOffs": { "description": "BackOffConfig indicates the back-off config options.", "properties": { "cloudProviderBackoff": { "type": "boolean" }, "cloudProviderBackoffDuration": { "type": "integer" }, "cloudProviderBackoffExponent": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderBackoffJitter": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderBackoffRetries": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "rateLimits": { "items": { "description": "RateLimitSpec represents the rate limit configuration for a particular kind of resource.\nEg. loadBalancerRateLimit is used to configure rate limits for load balancers.\nThis eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects.\nSee: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25\nWe cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools.\nSee: https://github.com/kubernetes-sigs/controller-tools/issues/245", "properties": { "config": { "description": "RateLimitConfig indicates the rate limit config options.", "properties": { "cloudProviderRateLimit": { "type": "boolean" }, "cloudProviderRateLimitBucket": { "type": "integer" }, "cloudProviderRateLimitBucketWrite": { "type": "integer" }, "cloudProviderRateLimitQPS": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderRateLimitQPSWrite": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name is the name of the rate limit spec.", "enum": [ "defaultRateLimit", "routeRateLimit", "subnetsRateLimit", "interfaceRateLimit", "routeTableRateLimit", "loadBalancerRateLimit", "publicIPAddressRateLimit", "securityGroupRateLimit", "virtualMachineRateLimit", "storageAccountRateLimit", "diskRateLimit", "snapshotRateLimit", "virtualMachineScaleSetRateLimit", "virtualMachineSizesRateLimit", "availabilitySetRateLimit" ], "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. It is not recommended to set\nthis when creating an AzureCluster as CAPZ will set this for you. However, if it is set, CAPZ will not change it.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "extendedLocation": { "description": "ExtendedLocation is an optional set of ExtendedLocation properties for clusters on Azure public MEC.", "properties": { "name": { "description": "Name defines the name for the extended location.", "type": "string" }, "type": { "description": "Type defines the type for the extended location.", "enum": [ "EdgeZone" ], "type": "string" } }, "required": [ "name", "type" ], "type": "object", "additionalProperties": false }, "failureDomains": { "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains.\nIt allows controllers to understand how many failure domains a cluster can optionally span across.", "properties": { "attributes": { "additionalProperties": { "type": "string" }, "description": "Attributes is a free form map of attributes an infrastructure provider might use or require.", "type": "object" }, "controlPlane": { "description": "ControlPlane determines if this failure domain is suitable for use by control plane machines.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "FailureDomains is a list of failure domains in the cluster's region, used to restrict\neligibility to host the control plane. A FailureDomain maps to an availability zone,\nwhich is a separated group of datacenters within a region.\nSee: https://learn.microsoft.com/azure/reliability/availability-zones-overview", "type": "object" }, "identityRef": { "description": "IdentityRef is a reference to an AzureIdentity to be used when reconciling this cluster", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "fieldPath": { "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "location": { "type": "string" }, "networkSpec": { "description": "NetworkSpec encapsulates all things related to Azure network.", "properties": { "apiServerLB": { "description": "APIServerLB is the configuration for the control-plane load balancer.", "properties": { "backendPool": { "description": "BackendPool describes the backend pool of the load balancer.", "properties": { "name": { "description": "Name specifies the name of backend pool for the load balancer. If not specified, the default name will\nbe set, depending on the load balancer role.", "type": "string" } }, "type": "object", "additionalProperties": false }, "frontendIPs": { "items": { "description": "FrontendIP defines a load balancer frontend IP configuration.", "properties": { "name": { "minLength": 1, "type": "string" }, "privateIP": { "type": "string" }, "publicIP": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "frontendIPsCount": { "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "format": "int32", "type": "integer" }, "id": { "description": "ID is the Azure resource ID of the load balancer.\nREAD-ONLY", "type": "string" }, "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "name": { "type": "string" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "controlPlaneOutboundLB": { "description": "ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer.\nThis is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic.", "properties": { "backendPool": { "description": "BackendPool describes the backend pool of the load balancer.", "properties": { "name": { "description": "Name specifies the name of backend pool for the load balancer. If not specified, the default name will\nbe set, depending on the load balancer role.", "type": "string" } }, "type": "object", "additionalProperties": false }, "frontendIPs": { "items": { "description": "FrontendIP defines a load balancer frontend IP configuration.", "properties": { "name": { "minLength": 1, "type": "string" }, "privateIP": { "type": "string" }, "publicIP": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "frontendIPsCount": { "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "format": "int32", "type": "integer" }, "id": { "description": "ID is the Azure resource ID of the load balancer.\nREAD-ONLY", "type": "string" }, "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "name": { "type": "string" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "nodeOutboundLB": { "description": "NodeOutboundLB is the configuration for the node outbound load balancer.", "properties": { "backendPool": { "description": "BackendPool describes the backend pool of the load balancer.", "properties": { "name": { "description": "Name specifies the name of backend pool for the load balancer. If not specified, the default name will\nbe set, depending on the load balancer role.", "type": "string" } }, "type": "object", "additionalProperties": false }, "frontendIPs": { "items": { "description": "FrontendIP defines a load balancer frontend IP configuration.", "properties": { "name": { "minLength": 1, "type": "string" }, "privateIP": { "type": "string" }, "publicIP": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "frontendIPsCount": { "description": "FrontendIPsCount specifies the number of frontend IP addresses for the load balancer.", "format": "int32", "type": "integer" }, "id": { "description": "ID is the Azure resource ID of the load balancer.\nREAD-ONLY", "type": "string" }, "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "name": { "type": "string" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "privateDNSZoneName": { "description": "PrivateDNSZoneName defines the zone name for the Azure Private DNS.", "type": "string" }, "subnets": { "description": "Subnets is the configuration for the control-plane subnet and the node subnet.", "items": { "description": "SubnetSpec configures an Azure subnet.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "id": { "description": "ID is the Azure resource ID of the subnet.\nREAD-ONLY", "type": "string" }, "name": { "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { "description": "NatGateway associated with this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the NAT gateway.\nREAD-ONLY", "type": "string" }, "ip": { "description": "PublicIPSpec defines the inputs to create an Azure public IP address.", "properties": { "dnsName": { "type": "string" }, "ipTags": { "items": { "description": "IPTag contains the IpTag associated with the object.", "properties": { "tag": { "description": "Tag specifies the value of the IP tag associated with the public IP. Example: SQL.", "type": "string" }, "type": { "description": "Type specifies the IP tag type. Example: FirstPartyUsage.", "type": "string" } }, "required": [ "tag", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "privateEndpoints": { "description": "PrivateEndpoints defines a list of private endpoints that should be attached to this subnet.", "items": { "description": "PrivateEndpointSpec configures an Azure Private Endpoint.", "properties": { "applicationSecurityGroups": { "description": "ApplicationSecurityGroups specifies the Application security group in which the private endpoint IP configuration is included.", "items": { "type": "string" }, "type": "array" }, "customNetworkInterfaceName": { "description": "CustomNetworkInterfaceName specifies the network interface name associated with the private endpoint.", "type": "string" }, "location": { "description": "Location specifies the region to create the private endpoint.", "type": "string" }, "manualApproval": { "description": "ManualApproval specifies if the connection approval needs to be done manually or not.\nSet it true when the network admin does not have access to approve connections to the remote resource.\nDefaults to false.", "type": "boolean" }, "name": { "description": "Name specifies the name of the private endpoint.", "type": "string" }, "privateIPAddresses": { "description": "PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint.\nThey have to be part of the subnet where the private endpoint is linked.", "items": { "type": "string" }, "type": "array" }, "privateLinkServiceConnections": { "description": "PrivateLinkServiceConnections specifies Private Link Service Connections of the private endpoint.", "items": { "description": "PrivateLinkServiceConnection defines the specification for a private link service connection associated with a private endpoint.", "properties": { "groupIDs": { "description": "GroupIDs specifies the ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name specifies the name of the private link service.", "type": "string" }, "privateLinkServiceID": { "description": "PrivateLinkServiceID specifies the resource ID of the private link service.", "type": "string" }, "requestMessage": { "description": "RequestMessage specifies a message passed to the owner of the remote resource with the private endpoint connection request.", "maxLength": 140, "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "role": { "description": "Role defines the subnet role (eg. Node, ControlPlane)", "enum": [ "node", "control-plane", "bastion", "all" ], "type": "string" }, "routeTable": { "description": "RouteTable defines the route table that should be attached to this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the route table.\nREAD-ONLY", "type": "string" }, "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "securityGroup": { "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "properties": { "id": { "description": "ID is the Azure resource ID of the security group.\nREAD-ONLY", "type": "string" }, "name": { "type": "string" }, "securityRules": { "description": "SecurityRules is a slice of Azure security rules for security groups.", "items": { "description": "SecurityRule defines an Azure security rule for security groups.", "properties": { "action": { "default": "Allow", "description": "Action specifies whether network traffic is allowed or denied. Can either be \"Allow\" or \"Deny\". Defaults to \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "description": { "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "enum": [ "Inbound", "Outbound" ], "type": "string" }, "name": { "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "format": "int32", "type": "integer" }, "protocol": { "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "enum": [ "Tcp", "Udp", "Icmp", "*" ], "type": "string" }, "source": { "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "sources": { "description": "Sources specifies The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" } }, "required": [ "description", "direction", "name", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags defines a map of tags.", "type": "object" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceEndpoints": { "description": "ServiceEndpoints is a slice of Virtual Network service endpoints to enable for the subnets.", "items": { "description": "ServiceEndpointSpec configures an Azure Service Endpoint.", "properties": { "locations": { "items": { "type": "string" }, "type": "array" }, "service": { "type": "string" } }, "required": [ "locations", "service" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "service" ], "x-kubernetes-list-type": "map" } }, "required": [ "name", "role" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "vnet": { "description": "Vnet is the configuration for the Azure virtual network.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the virtual network's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "id": { "description": "ID is the Azure resource ID of the virtual network.\nREAD-ONLY", "type": "string" }, "name": { "description": "Name defines a name for the virtual network resource.", "type": "string" }, "peerings": { "description": "Peerings defines a list of peerings of the newly created virtual network with existing virtual networks.", "items": { "description": "VnetPeeringSpec specifies an existing remote virtual network to peer with the AzureCluster's virtual network.", "properties": { "forwardPeeringProperties": { "description": "ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the\nremote virtual network.", "properties": { "allowForwardedTraffic": { "description": "AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be\nallowed/disallowed in remote virtual network.", "type": "boolean" }, "allowGatewayTransit": { "description": "AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual\nnetwork.", "type": "boolean" }, "allowVirtualNetworkAccess": { "description": "AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access\nthe VMs in remote virtual network space.", "type": "boolean" }, "useRemoteGateways": { "description": "UseRemoteGateways specifies if remote gateways can be used on this virtual network.\nIf the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network\nwill use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true.\nThis flag cannot be set if virtual network already has a gateway.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "remoteVnetName": { "description": "RemoteVnetName defines name of the remote virtual network.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the resource group name of the remote virtual network.", "type": "string" }, "reversePeeringProperties": { "description": "ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the\ncluster's virtual network.", "properties": { "allowForwardedTraffic": { "description": "AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be\nallowed/disallowed in remote virtual network.", "type": "boolean" }, "allowGatewayTransit": { "description": "AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual\nnetwork.", "type": "boolean" }, "allowVirtualNetworkAccess": { "description": "AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access\nthe VMs in remote virtual network space.", "type": "boolean" }, "useRemoteGateways": { "description": "UseRemoteGateways specifies if remote gateways can be used on this virtual network.\nIf the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network\nwill use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true.\nThis flag cannot be set if virtual network already has a gateway.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "required": [ "remoteVnetName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "resourceGroup": { "description": "ResourceGroup is the name of the resource group of the existing virtual network\nor the resource group where a managed virtual network should be created.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "resourceGroup": { "type": "string" }, "subscriptionID": { "type": "string" } }, "required": [ "location" ], "type": "object", "additionalProperties": false }, "status": { "description": "AzureClusterStatus defines the observed state of AzureCluster.", "properties": { "conditions": { "description": "Conditions defines current service state of the AzureCluster.", "items": { "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.\nThis field may be empty.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", "type": "string" }, "severity": { "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, "required": [ "lastTransitionTime", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "failureDomains": { "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains.\nIt allows controllers to understand how many failure domains a cluster can optionally span across.", "properties": { "attributes": { "additionalProperties": { "type": "string" }, "description": "Attributes is a free form map of attributes an infrastructure provider might use or require.", "type": "object" }, "controlPlane": { "description": "ControlPlane determines if this failure domain is suitable for use by control plane machines.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "FailureDomains specifies the list of unique failure domains for the location/region of the cluster.\nA FailureDomain maps to Availability Zone with an Azure Region (if the region support them). An\nAvailability Zone is a separate data center within a region and they can be used to ensure\nthe cluster is more resilient to failure.\nSee: https://learn.microsoft.com/azure/reliability/availability-zones-overview\nThis list will be used by Cluster API to try and spread the machines across the failure domains.", "type": "object" }, "longRunningOperationStates": { "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the\nnext reconciliation loop.", "items": { "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "properties": { "data": { "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { "description": "Name is the name of the Azure resource.\nTogether with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { "description": "ServiceName is the name of the Azure service.\nTogether with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, "required": [ "data", "name", "serviceName", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "ready": { "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object" }