{ "description": "AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureManagedControlPlaneSpec defines the desired state of AzureManagedControlPlane.", "properties": { "aadProfile": { "description": "AadProfile is Azure Active Directory configuration to integrate with AKS for aad authentication.", "properties": { "adminGroupObjectIDs": { "description": "AdminGroupObjectIDs - AAD group object IDs that will have admin role of the cluster.", "items": { "type": "string" }, "type": "array" }, "managed": { "description": "Managed - Whether to enable managed AAD.", "type": "boolean" } }, "required": [ "adminGroupObjectIDs", "managed" ], "type": "object", "additionalProperties": false }, "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the ones added by default.", "type": "object" }, "apiServerAccessProfile": { "description": "APIServerAccessProfile is the access profile for AKS API server.", "properties": { "authorizedIPRanges": { "description": "AuthorizedIPRanges - Authorized IP Ranges to kubernetes API server.", "items": { "type": "string" }, "type": "array" }, "enablePrivateCluster": { "description": "EnablePrivateCluster - Whether to create the cluster as a private cluster or not.", "type": "boolean" }, "enablePrivateClusterPublicFQDN": { "description": "EnablePrivateClusterPublicFQDN - Whether to create additional public FQDN for private cluster or not.", "type": "boolean" }, "privateDNSZone": { "description": "PrivateDNSZone - Private dns zone mode for private cluster.", "enum": [ "System", "None" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "dnsServiceIP": { "description": "DNSServiceIP is an IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.", "type": "string" }, "identityRef": { "description": "IdentityRef is a reference to a AzureClusterIdentity to be used when reconciling this cluster", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "fieldPath": { "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "loadBalancerProfile": { "description": "LoadBalancerProfile is the profile of the cluster load balancer.", "properties": { "allocatedOutboundPorts": { "description": "AllocatedOutboundPorts - Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.", "format": "int32", "type": "integer" }, "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes - Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.", "format": "int32", "type": "integer" }, "managedOutboundIPs": { "description": "ManagedOutboundIPs - Desired managed outbound IPs for the cluster load balancer.", "format": "int32", "type": "integer" }, "outboundIPPrefixes": { "description": "OutboundIPPrefixes - Desired outbound IP Prefix resources for the cluster load balancer.", "items": { "type": "string" }, "type": "array" }, "outboundIPs": { "description": "OutboundIPs - Desired outbound IP resources for the cluster load balancer.", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "loadBalancerSKU": { "description": "LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.", "enum": [ "Basic", "Standard" ], "type": "string" }, "location": { "description": "Location is a string matching one of the canonical Azure region names. Examples: \"westus2\", \"eastus\".", "type": "string" }, "networkPlugin": { "description": "NetworkPlugin used for building Kubernetes network.", "enum": [ "azure", "kubenet" ], "type": "string" }, "networkPolicy": { "description": "NetworkPolicy used for building Kubernetes network.", "enum": [ "azure", "calico" ], "type": "string" }, "nodeResourceGroupName": { "description": "NodeResourceGroupName is the name of the resource group containing cluster IaaS resources. Will be populated to default in webhook.", "type": "string" }, "resourceGroupName": { "description": "ResourceGroupName is the name of the Azure resource group for this AKS Cluster.", "type": "string" }, "sku": { "description": "SKU is the AKSSku of the AKS to be provisioned.", "properties": { "tier": { "description": "Tier - Tier of a managed cluster SKU.", "enum": [ "Free", "Paid" ], "type": "string" } }, "required": [ "tier" ], "type": "object", "additionalProperties": false }, "sshPublicKey": { "description": "SSHPublicKey is a string literal containing an ssh public key base64 encoded.", "type": "string" }, "subscriptionID": { "description": "SubscriptionID is the GUID of the Azure subscription to hold this cluster.", "type": "string" }, "version": { "description": "Version defines the desired Kubernetes version.", "minLength": 2, "type": "string" }, "virtualNetwork": { "description": "VirtualNetwork describes the vnet for the AKS cluster. Will be created if it does not exist.", "properties": { "cidrBlock": { "type": "string" }, "name": { "type": "string" }, "subnet": { "description": "ManagedControlPlaneSubnet describes a subnet for an AKS cluster.", "properties": { "cidrBlock": { "type": "string" }, "name": { "type": "string" } }, "required": [ "cidrBlock", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "cidrBlock", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "location", "resourceGroupName", "sshPublicKey", "version" ], "type": "object", "additionalProperties": false }, "status": { "description": "AzureManagedControlPlaneStatus defines the observed state of AzureManagedControlPlane.", "properties": { "initialized": { "description": "Initialized is true when the the control plane is available for initial contact. This may occur before the control plane is fully ready. In the AzureManagedControlPlane implementation, these are identical.", "type": "boolean" }, "longRunningOperationStates": { "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the next reconciliation loop.", "items": { "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "properties": { "data": { "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { "description": "Name is the name of the Azure resource. Together with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { "description": "ServiceName is the name of the Azure service. Together with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, "required": [ "name", "serviceName", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "ready": { "description": "Ready is true when the provider resource is ready.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object" }