{ "description": "AzureManagedControlPlane is the Schema for the azuremanagedcontrolplanes API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureManagedControlPlaneSpec defines the desired state of AzureManagedControlPlane.", "properties": { "aadProfile": { "description": "AadProfile is Azure Active Directory configuration to integrate with AKS for aad authentication.", "properties": { "adminGroupObjectIDs": { "description": "AdminGroupObjectIDs - AAD group object IDs that will have admin role of the cluster.", "items": { "type": "string" }, "type": "array" }, "managed": { "description": "Managed - Whether to enable managed AAD.", "type": "boolean" } }, "required": [ "adminGroupObjectIDs", "managed" ], "type": "object", "additionalProperties": false }, "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the\nones added by default.", "type": "object" }, "addonProfiles": { "description": "AddonProfiles are the profiles of managed cluster add-on.", "items": { "description": "AddonProfile represents a managed cluster add-on.", "properties": { "config": { "additionalProperties": { "type": "string" }, "description": "Config - Key-value pairs for configuring the add-on.", "type": "object" }, "enabled": { "description": "Enabled - Whether the add-on is enabled or not.", "type": "boolean" }, "name": { "description": "Name - The name of the managed cluster add-on.", "type": "string" } }, "required": [ "enabled", "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "apiServerAccessProfile": { "description": "APIServerAccessProfile is the access profile for AKS API server.\nImmutable except for `authorizedIPRanges`.", "properties": { "authorizedIPRanges": { "description": "AuthorizedIPRanges - Authorized IP Ranges to kubernetes API server.", "items": { "type": "string" }, "type": "array" }, "enablePrivateCluster": { "description": "EnablePrivateCluster indicates whether to create the cluster as a private cluster or not.", "type": "boolean" }, "enablePrivateClusterPublicFQDN": { "description": "EnablePrivateClusterPublicFQDN indicates whether to create additional public FQDN for private cluster or not.", "type": "boolean" }, "privateDNSZone": { "description": "PrivateDNSZone enables private dns zone mode for private cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "asoManagedClusterPatches": { "description": "ASOManagedClusterPatches defines JSON merge patches to be applied to the generated ASO ManagedCluster resource.\nWARNING: This is meant to be used sparingly to enable features for development and testing that are not\notherwise represented in the CAPZ API. Misconfiguration that conflicts with CAPZ's normal mode of\noperation is possible.", "items": { "type": "string" }, "type": "array" }, "autoUpgradeProfile": { "description": "AutoUpgradeProfile defines the auto upgrade configuration.", "properties": { "upgradeChannel": { "description": "UpgradeChannel determines the type of upgrade channel for automatically upgrading the cluster.", "enum": [ "node-image", "none", "patch", "rapid", "stable" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "autoscalerProfile": { "description": "AutoscalerProfile is the parameters to be applied to the cluster-autoscaler when enabled", "properties": { "balanceSimilarNodeGroups": { "description": "BalanceSimilarNodeGroups - Valid values are 'true' and 'false'. The default is false.", "enum": [ "true", "false" ], "type": "string" }, "expander": { "description": "Expander - If not specified, the default is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more information.", "enum": [ "least-waste", "most-pods", "priority", "random" ], "type": "string" }, "maxEmptyBulkDelete": { "description": "MaxEmptyBulkDelete - The default is 10.", "type": "string" }, "maxGracefulTerminationSec": { "description": "MaxGracefulTerminationSec - The default is 600.", "pattern": "^(\\d+)$", "type": "string" }, "maxNodeProvisionTime": { "description": "MaxNodeProvisionTime - The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.", "pattern": "^(\\d+)m$", "type": "string" }, "maxTotalUnreadyPercentage": { "description": "MaxTotalUnreadyPercentage - The default is 45. The maximum is 100 and the minimum is 0.", "maxLength": 3, "minLength": 1, "pattern": "^(\\d+)$", "type": "string" }, "newPodScaleUpDelay": { "description": "NewPodScaleUpDelay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).", "type": "string" }, "okTotalUnreadyCount": { "description": "OkTotalUnreadyCount - This must be an integer. The default is 3.", "pattern": "^(\\d+)$", "type": "string" }, "scaleDownDelayAfterAdd": { "description": "ScaleDownDelayAfterAdd - The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.", "pattern": "^(\\d+)m$", "type": "string" }, "scaleDownDelayAfterDelete": { "description": "ScaleDownDelayAfterDelete - The default is the scan-interval. Values must be an integer followed by an 's'. No unit of time other than seconds (s) is supported.", "pattern": "^(\\d+)s$", "type": "string" }, "scaleDownDelayAfterFailure": { "description": "ScaleDownDelayAfterFailure - The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.", "pattern": "^(\\d+)m$", "type": "string" }, "scaleDownUnneededTime": { "description": "ScaleDownUnneededTime - The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.", "pattern": "^(\\d+)m$", "type": "string" }, "scaleDownUnreadyTime": { "description": "ScaleDownUnreadyTime - The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.", "pattern": "^(\\d+)m$", "type": "string" }, "scaleDownUtilizationThreshold": { "description": "ScaleDownUtilizationThreshold - The default is '0.5'.", "type": "string" }, "scanInterval": { "description": "ScanInterval - How often cluster is reevaluated for scale up or down. The default is '10s'.", "pattern": "^(\\d+)s$", "type": "string" }, "skipNodesWithLocalStorage": { "description": "SkipNodesWithLocalStorage - The default is false.", "enum": [ "true", "false" ], "type": "string" }, "skipNodesWithSystemPods": { "description": "SkipNodesWithSystemPods - The default is true.", "enum": [ "true", "false" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "azureEnvironment": { "description": "AzureEnvironment is the name of the AzureCloud to be used.\nThe default value that would be used by most users is \"AzurePublicCloud\", other values are:\n- ChinaCloud: \"AzureChinaCloud\"\n- PublicCloud: \"AzurePublicCloud\"\n- USGovernmentCloud: \"AzureUSGovernmentCloud\"\n\n\nNote that values other than the default must also be accompanied by corresponding changes to the\naso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does\nnot support referring to multiple different clouds in a single installation. The following fields must\nbe defined in the Secret:\n- AZURE_AUTHORITY_HOST\n- AZURE_RESOURCE_MANAGER_ENDPOINT\n- AZURE_RESOURCE_MANAGER_AUDIENCE\n\n\nSee the [ASO docs] for more details.\n\n\n[ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/", "type": "string" }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.\nImmutable, populated by the AKS API at create.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "disableLocalAccounts": { "description": "DisableLocalAccounts disables getting static credentials for this cluster when set. Expected to only be used for AAD clusters.", "type": "boolean" }, "dnsPrefix": { "description": "DNSPrefix allows the user to customize dns prefix.\nImmutable.", "type": "string" }, "dnsServiceIP": { "description": "DNSServiceIP is an IP address assigned to the Kubernetes DNS service.\nIt must be within the Kubernetes service address range specified in serviceCidr.\nImmutable.", "type": "string" }, "enablePreviewFeatures": { "description": "EnablePreviewFeatures enables preview features for the cluster.", "type": "boolean" }, "extensions": { "description": "Extensions is a list of AKS extensions to be installed on the cluster.", "items": { "description": "AKSExtension represents the configuration for an AKS cluster extension.\nSee also [AKS doc].\n\n\n[AKS doc]: https://learn.microsoft.com/en-us/azure/aks/cluster-extensions", "properties": { "aksAssignedIdentityType": { "description": "AKSAssignedIdentityType is the type of the AKS assigned identity.", "enum": [ "SystemAssigned", "UserAssigned" ], "type": "string" }, "autoUpgradeMinorVersion": { "default": true, "description": "AutoUpgradeMinorVersion is a flag to note if this extension participates in auto upgrade of minor version, or not.", "type": "boolean" }, "configurationSettings": { "additionalProperties": { "type": "string" }, "description": "ConfigurationSettings are the name-value pairs for configuring this extension.", "type": "object" }, "extensionType": { "description": "ExtensionType is the type of the Extension of which this resource is an instance.\nIt must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher.", "type": "string" }, "identity": { "description": "Identity is the identity type of the Extension resource in an AKS cluster.", "enum": [ "SystemAssigned" ], "type": "string" }, "name": { "description": "Name is the name of the extension.", "type": "string" }, "plan": { "description": "Plan is the plan of the extension.", "properties": { "name": { "description": "Name is the user-defined name of the 3rd Party Artifact that is being procured.", "type": "string" }, "product": { "description": "Product is the name of the 3rd Party artifact that is being procured.", "type": "string" }, "promotionCode": { "description": "PromotionCode is a publisher-provided promotion code as provisioned in Data Market for the said product/artifact.", "type": "string" }, "publisher": { "description": "Publisher is the name of the publisher of the 3rd Party Artifact that is being bought.", "type": "string" }, "version": { "description": "Version is the version of the plan.", "type": "string" } }, "type": "object", "additionalProperties": false }, "releaseTrain": { "description": "ReleaseTrain is the release train this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.)\nThis is only used if autoUpgradeMinorVersion is \u2018true\u2019.", "type": "string" }, "scope": { "description": "Scope is the scope at which this extension is enabled.", "properties": { "releaseNamespace": { "description": "ReleaseNamespace is the namespace where the extension Release must be placed, for a Cluster-scoped extension.\nRequired for Cluster-scoped extensions.", "type": "string" }, "scopeType": { "description": "ScopeType is the scope of the extension. It can be either Cluster or Namespace, but not both.", "enum": [ "Cluster", "Namespace" ], "type": "string" }, "targetNamespace": { "description": "TargetNamespace is the namespace where the extension will be created for a Namespace-scoped extension.\nRequired for Namespace-scoped extensions.", "type": "string" } }, "required": [ "scopeType" ], "type": "object", "additionalProperties": false }, "version": { "description": "Version is the version of the extension.", "type": "string" } }, "required": [ "extensionType", "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "fleetsMember": { "description": "FleetsMember is the spec for the fleet this cluster is a member of.\nSee also [AKS doc].\n\n\n[AKS doc]: https://learn.microsoft.com/en-us/azure/templates/microsoft.containerservice/2023-03-15-preview/fleets/members", "properties": { "group": { "description": "Group is the group this member belongs to for multi-cluster update management.", "type": "string" }, "managerName": { "description": "ManagerName is the name of the fleet manager.", "type": "string" }, "managerResourceGroup": { "description": "ManagerResourceGroup is the resource group of the fleet manager.", "type": "string" }, "name": { "description": "Name is the name of the member.", "type": "string" } }, "required": [ "managerName", "managerResourceGroup" ], "type": "object", "additionalProperties": false }, "httpProxyConfig": { "description": "HTTPProxyConfig is the HTTP proxy configuration for the cluster.\nImmutable.", "properties": { "httpProxy": { "description": "HTTPProxy is the HTTP proxy server endpoint to use.", "type": "string" }, "httpsProxy": { "description": "HTTPSProxy is the HTTPS proxy server endpoint to use.", "type": "string" }, "noProxy": { "description": "NoProxy indicates the endpoints that should not go through proxy.", "items": { "type": "string" }, "type": "array" }, "trustedCa": { "description": "TrustedCA is the alternative CA cert to use for connecting to proxy servers.", "type": "string" } }, "type": "object", "additionalProperties": false }, "identity": { "description": "Identity configuration used by the AKS control plane.", "properties": { "type": { "description": "Type - The Identity type to use.", "enum": [ "SystemAssigned", "UserAssigned" ], "type": "string" }, "userAssignedIdentityResourceID": { "description": "UserAssignedIdentityResourceID - Identity ARM resource ID when using user-assigned identity.", "type": "string" } }, "type": "object", "additionalProperties": false }, "identityRef": { "description": "IdentityRef is a reference to a AzureClusterIdentity to be used when reconciling this cluster", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "fieldPath": { "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "kubeletUserAssignedIdentity": { "description": "KubeletUserAssignedIdentity is the user-assigned identity for kubelet.\nFor authentication with Azure Container Registry.", "type": "string" }, "loadBalancerProfile": { "description": "LoadBalancerProfile is the profile of the cluster load balancer.", "properties": { "allocatedOutboundPorts": { "description": "AllocatedOutboundPorts - Desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.", "type": "integer" }, "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes - Desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.", "type": "integer" }, "managedOutboundIPs": { "description": "ManagedOutboundIPs - Desired managed outbound IPs for the cluster load balancer.", "type": "integer" }, "outboundIPPrefixes": { "description": "OutboundIPPrefixes - Desired outbound IP Prefix resources for the cluster load balancer.", "items": { "type": "string" }, "type": "array" }, "outboundIPs": { "description": "OutboundIPs - Desired outbound IP resources for the cluster load balancer.", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "loadBalancerSKU": { "default": "Standard", "description": "LoadBalancerSKU is the SKU of the loadBalancer to be provisioned.\nImmutable.", "enum": [ "Basic", "Standard" ], "type": "string" }, "location": { "description": "Location is a string matching one of the canonical Azure region names. Examples: \"westus2\", \"eastus\".", "type": "string" }, "machineTemplate": { "description": "MachineTemplate contains information about how machines\nshould be shaped when creating or updating a control plane.\nFor the AzureManagedControlPlaneTemplate, this field is used\nonly to fulfill the CAPI contract.", "type": "object" }, "networkDataplane": { "description": "NetworkDataplane is the dataplane used for building the Kubernetes network.", "enum": [ "azure", "cilium" ], "type": "string" }, "networkPlugin": { "description": "NetworkPlugin used for building Kubernetes network.", "enum": [ "azure", "kubenet", "none" ], "type": "string" }, "networkPluginMode": { "description": "NetworkPluginMode is the mode the network plugin should use.\nAllowed value is \"overlay\".", "enum": [ "overlay" ], "type": "string" }, "networkPolicy": { "description": "NetworkPolicy used for building Kubernetes network.", "enum": [ "azure", "calico", "cilium" ], "type": "string" }, "nodeResourceGroupName": { "description": "NodeResourceGroupName is the name of the resource group\ncontaining cluster IaaS resources. Will be populated to default\nin webhook.\nImmutable.", "type": "string" }, "oidcIssuerProfile": { "description": "OIDCIssuerProfile is the OIDC issuer profile of the Managed Cluster.", "properties": { "enabled": { "description": "Enabled is whether the OIDC issuer is enabled.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "outboundType": { "description": "Outbound configuration used by Nodes.", "enum": [ "loadBalancer", "managedNATGateway", "userAssignedNATGateway", "userDefinedRouting" ], "type": "string" }, "resourceGroupName": { "description": "ResourceGroupName is the name of the Azure resource group for this AKS Cluster.\nImmutable.", "type": "string" }, "securityProfile": { "description": "SecurityProfile defines the security profile for cluster.", "properties": { "azureKeyVaultKms": { "description": "AzureKeyVaultKms defines Azure Key Vault Management Services Profile for the security profile.", "properties": { "enabled": { "description": "Enabled enables the Azure Key Vault key management service. The default is false.", "type": "boolean" }, "keyID": { "description": "KeyID defines the Identifier of Azure Key Vault key.\nWhen Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier.", "type": "string" }, "keyVaultNetworkAccess": { "default": "Public", "description": "KeyVaultNetworkAccess defines the network access of key vault.\nThe possible values are Public and Private.\nPublic means the key vault allows public access from all networks.\nPrivate means the key vault disables public access and enables private link. The default value is Public.", "type": "string" }, "keyVaultResourceID": { "description": "KeyVaultResourceID is the Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID.", "type": "string" } }, "required": [ "enabled", "keyID" ], "type": "object", "additionalProperties": false }, "defender": { "description": "Defender settings for the security profile.", "properties": { "logAnalyticsWorkspaceResourceID": { "description": "LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender.\nWhen Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID.", "type": "string" }, "securityMonitoring": { "description": "SecurityMonitoring profile defines the Microsoft Defender threat detection for Cloud settings for the security profile.", "properties": { "enabled": { "description": "Enabled enables Defender threat detection", "type": "boolean" } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false } }, "required": [ "logAnalyticsWorkspaceResourceID", "securityMonitoring" ], "type": "object", "additionalProperties": false }, "imageCleaner": { "description": "ImageCleaner settings for the security profile.", "properties": { "enabled": { "description": "Enabled enables the Image Cleaner on AKS cluster.", "type": "boolean" }, "intervalHours": { "description": "IntervalHours defines Image Cleaner scanning interval in hours. Default value is 24 hours.", "maximum": 2160, "minimum": 24, "type": "integer" } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false }, "workloadIdentity": { "description": "Workloadidentity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. Ensure to enable OIDC issuer while enabling Workload Identity", "properties": { "enabled": { "description": "Enabled enables the workload identity.", "type": "boolean" } }, "required": [ "enabled" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "sku": { "description": "SKU is the SKU of the AKS to be provisioned.", "properties": { "tier": { "description": "Tier - Tier of an AKS cluster.", "enum": [ "Free", "Paid", "Standard" ], "type": "string" } }, "required": [ "tier" ], "type": "object", "additionalProperties": false }, "sshPublicKey": { "description": "SSHPublicKey is a string literal containing an ssh public key base64 encoded.\nUse empty string to autogenerate new key. Use null value to not set key.\nImmutable.", "type": "string" }, "subscriptionID": { "description": "SubscriptionID is the GUID of the Azure subscription that owns this cluster.", "type": "string" }, "version": { "description": "Version defines the desired Kubernetes version.", "minLength": 2, "type": "string" }, "virtualNetwork": { "description": "VirtualNetwork describes the virtual network for the AKS cluster. It will be created if it does not already exist.", "properties": { "cidrBlock": { "type": "string" }, "name": { "description": "Name is the name of the virtual network.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the name of the Azure resource group for the VNet and Subnet.", "type": "string" }, "subnet": { "description": "ManagedControlPlaneSubnet describes a subnet for an AKS cluster.", "properties": { "cidrBlock": { "type": "string" }, "name": { "type": "string" }, "privateEndpoints": { "description": "PrivateEndpoints is a slice of Virtual Network private endpoints to create for the subnets.", "items": { "description": "PrivateEndpointSpec configures an Azure Private Endpoint.", "properties": { "applicationSecurityGroups": { "description": "ApplicationSecurityGroups specifies the Application security group in which the private endpoint IP configuration is included.", "items": { "type": "string" }, "type": "array" }, "customNetworkInterfaceName": { "description": "CustomNetworkInterfaceName specifies the network interface name associated with the private endpoint.", "type": "string" }, "location": { "description": "Location specifies the region to create the private endpoint.", "type": "string" }, "manualApproval": { "description": "ManualApproval specifies if the connection approval needs to be done manually or not.\nSet it true when the network admin does not have access to approve connections to the remote resource.\nDefaults to false.", "type": "boolean" }, "name": { "description": "Name specifies the name of the private endpoint.", "type": "string" }, "privateIPAddresses": { "description": "PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint.\nThey have to be part of the subnet where the private endpoint is linked.", "items": { "type": "string" }, "type": "array" }, "privateLinkServiceConnections": { "description": "PrivateLinkServiceConnections specifies Private Link Service Connections of the private endpoint.", "items": { "description": "PrivateLinkServiceConnection defines the specification for a private link service connection associated with a private endpoint.", "properties": { "groupIDs": { "description": "GroupIDs specifies the ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name specifies the name of the private link service.", "type": "string" }, "privateLinkServiceID": { "description": "PrivateLinkServiceID specifies the resource ID of the private link service.", "type": "string" }, "requestMessage": { "description": "RequestMessage specifies a message passed to the owner of the remote resource with the private endpoint connection request.", "maxLength": 140, "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "serviceEndpoints": { "description": "ServiceEndpoints is a slice of Virtual Network service endpoints to enable for the subnets.", "items": { "description": "ServiceEndpointSpec configures an Azure Service Endpoint.", "properties": { "locations": { "items": { "type": "string" }, "type": "array" }, "service": { "type": "string" } }, "required": [ "locations", "service" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "service" ], "x-kubernetes-list-type": "map" } }, "required": [ "cidrBlock", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "cidrBlock", "name" ], "type": "object", "additionalProperties": false } }, "required": [ "identityRef", "location", "resourceGroupName", "version" ], "type": "object", "additionalProperties": false }, "status": { "description": "AzureManagedControlPlaneStatus defines the observed state of AzureManagedControlPlane.", "properties": { "autoUpgradeVersion": { "description": "AutoUpgradeVersion is the Kubernetes version populated after auto-upgrade based on the upgrade channel.", "minLength": 2, "type": "string" }, "conditions": { "description": "Conditions defines current service state of the AzureManagedControlPlane.", "items": { "description": "Condition defines an observation of a Cluster API resource operational state.", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when\nthe API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.\nThis field may be empty.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition in CamelCase.\nThe specific API may choose whether or not this field is considered a guaranteed API.\nThis field may not be empty.", "type": "string" }, "severity": { "description": "Severity provides an explicit classification of Reason code, so the users or machines can immediately\nunderstand the current situation and act accordingly.\nThe Severity field MUST be set only when Status=False.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type of condition in CamelCase or in foo.example.com/CamelCase.\nMany .condition.type values are consistent across resources like Available, but because arbitrary conditions\ncan be useful (see .node.status.conditions), the ability to deconflict is important.", "type": "string" } }, "required": [ "lastTransitionTime", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "initialized": { "description": "Initialized is true when the control plane is available for initial contact.\nThis may occur before the control plane is fully ready.\nIn the AzureManagedControlPlane implementation, these are identical.", "type": "boolean" }, "longRunningOperationStates": { "description": "LongRunningOperationStates saves the states for Azure long-running operations so they can be continued on the\nnext reconciliation loop.", "items": { "description": "Future contains the data needed for an Azure long-running operation to continue across reconcile loops.", "properties": { "data": { "description": "Data is the base64 url encoded json Azure AutoRest Future.", "type": "string" }, "name": { "description": "Name is the name of the Azure resource.\nTogether with the service name, this forms the unique identifier for the future.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the Azure resource group for the resource.", "type": "string" }, "serviceName": { "description": "ServiceName is the name of the Azure service.\nTogether with the name of the resource, this forms the unique identifier for the future.", "type": "string" }, "type": { "description": "Type describes the type of future, such as update, create, delete, etc.", "type": "string" } }, "required": [ "data", "name", "serviceName", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "oidcIssuerProfile": { "description": "OIDCIssuerProfile is the OIDC issuer profile of the Managed Cluster.", "properties": { "issuerURL": { "description": "IssuerURL is the OIDC issuer url of the Managed Cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "ready": { "description": "Ready is true when the provider resource is ready.", "type": "boolean" }, "version": { "description": "Version defines the Kubernetes version for the control plane instance.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }