We recommend using Azure Native.
azure.containerservice.KubernetesCluster
Explore with Pulumi AI
Manages a Managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service)
Example Usage
This example provisions a basic Managed Kubernetes Cluster.
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
name: "example-aks1",
location: example.location,
resourceGroupName: example.name,
dnsPrefix: "exampleaks1",
defaultNodePool: {
name: "default",
nodeCount: 1,
vmSize: "Standard_D2_v2",
},
identity: {
type: "SystemAssigned",
},
tags: {
Environment: "Production",
},
});
export const clientCertificate = exampleKubernetesCluster.kubeConfigs.apply(kubeConfigs => kubeConfigs[0].clientCertificate);
export const kubeConfig = exampleKubernetesCluster.kubeConfigRaw;
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
name="example-aks1",
location=example.location,
resource_group_name=example.name,
dns_prefix="exampleaks1",
default_node_pool={
"name": "default",
"node_count": 1,
"vm_size": "Standard_D2_v2",
},
identity={
"type": "SystemAssigned",
},
tags={
"Environment": "Production",
})
pulumi.export("clientCertificate", example_kubernetes_cluster.kube_configs[0].client_certificate)
pulumi.export("kubeConfig", example_kubernetes_cluster.kube_config_raw)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleKubernetesCluster, err := containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
Name: pulumi.String("example-aks1"),
Location: example.Location,
ResourceGroupName: example.Name,
DnsPrefix: pulumi.String("exampleaks1"),
DefaultNodePool: &containerservice.KubernetesClusterDefaultNodePoolArgs{
Name: pulumi.String("default"),
NodeCount: pulumi.Int(1),
VmSize: pulumi.String("Standard_D2_v2"),
},
Identity: &containerservice.KubernetesClusterIdentityArgs{
Type: pulumi.String("SystemAssigned"),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Production"),
},
})
if err != nil {
return err
}
ctx.Export("clientCertificate", exampleKubernetesCluster.KubeConfigs.ApplyT(func(kubeConfigs []containerservice.KubernetesClusterKubeConfig) (*string, error) {
return &kubeConfigs[0].ClientCertificate, nil
}).(pulumi.StringPtrOutput))
ctx.Export("kubeConfig", exampleKubernetesCluster.KubeConfigRaw)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
{
Name = "example-aks1",
Location = example.Location,
ResourceGroupName = example.Name,
DnsPrefix = "exampleaks1",
DefaultNodePool = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolArgs
{
Name = "default",
NodeCount = 1,
VmSize = "Standard_D2_v2",
},
Identity = new Azure.ContainerService.Inputs.KubernetesClusterIdentityArgs
{
Type = "SystemAssigned",
},
Tags =
{
{ "Environment", "Production" },
},
});
return new Dictionary<string, object?>
{
["clientCertificate"] = exampleKubernetesCluster.KubeConfigs.Apply(kubeConfigs => kubeConfigs[0].ClientCertificate),
["kubeConfig"] = exampleKubernetesCluster.KubeConfigRaw,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.containerservice.KubernetesCluster;
import com.pulumi.azure.containerservice.KubernetesClusterArgs;
import com.pulumi.azure.containerservice.inputs.KubernetesClusterDefaultNodePoolArgs;
import com.pulumi.azure.containerservice.inputs.KubernetesClusterIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
.name("example-aks1")
.location(example.location())
.resourceGroupName(example.name())
.dnsPrefix("exampleaks1")
.defaultNodePool(KubernetesClusterDefaultNodePoolArgs.builder()
.name("default")
.nodeCount(1)
.vmSize("Standard_D2_v2")
.build())
.identity(KubernetesClusterIdentityArgs.builder()
.type("SystemAssigned")
.build())
.tags(Map.of("Environment", "Production"))
.build());
ctx.export("clientCertificate", exampleKubernetesCluster.kubeConfigs().applyValue(kubeConfigs -> kubeConfigs[0].clientCertificate()));
ctx.export("kubeConfig", exampleKubernetesCluster.kubeConfigRaw());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleKubernetesCluster:
type: azure:containerservice:KubernetesCluster
name: example
properties:
name: example-aks1
location: ${example.location}
resourceGroupName: ${example.name}
dnsPrefix: exampleaks1
defaultNodePool:
name: default
nodeCount: 1
vmSize: Standard_D2_v2
identity:
type: SystemAssigned
tags:
Environment: Production
outputs:
clientCertificate: ${exampleKubernetesCluster.kubeConfigs[0].clientCertificate}
kubeConfig: ${exampleKubernetesCluster.kubeConfigRaw}
Create KubernetesCluster Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KubernetesCluster(name: string, args: KubernetesClusterArgs, opts?: CustomResourceOptions);
@overload
def KubernetesCluster(resource_name: str,
args: KubernetesClusterArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KubernetesCluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_node_pool: Optional[KubernetesClusterDefaultNodePoolArgs] = None,
resource_group_name: Optional[str] = None,
aci_connector_linux: Optional[KubernetesClusterAciConnectorLinuxArgs] = None,
api_server_access_profile: Optional[KubernetesClusterApiServerAccessProfileArgs] = None,
auto_scaler_profile: Optional[KubernetesClusterAutoScalerProfileArgs] = None,
automatic_upgrade_channel: Optional[str] = None,
azure_active_directory_role_based_access_control: Optional[KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs] = None,
azure_policy_enabled: Optional[bool] = None,
confidential_computing: Optional[KubernetesClusterConfidentialComputingArgs] = None,
cost_analysis_enabled: Optional[bool] = None,
disk_encryption_set_id: Optional[str] = None,
dns_prefix: Optional[str] = None,
dns_prefix_private_cluster: Optional[str] = None,
edge_zone: Optional[str] = None,
http_application_routing_enabled: Optional[bool] = None,
http_proxy_config: Optional[KubernetesClusterHttpProxyConfigArgs] = None,
identity: Optional[KubernetesClusterIdentityArgs] = None,
image_cleaner_enabled: Optional[bool] = None,
image_cleaner_interval_hours: Optional[int] = None,
ingress_application_gateway: Optional[KubernetesClusterIngressApplicationGatewayArgs] = None,
key_management_service: Optional[KubernetesClusterKeyManagementServiceArgs] = None,
key_vault_secrets_provider: Optional[KubernetesClusterKeyVaultSecretsProviderArgs] = None,
kubelet_identity: Optional[KubernetesClusterKubeletIdentityArgs] = None,
kubernetes_version: Optional[str] = None,
linux_profile: Optional[KubernetesClusterLinuxProfileArgs] = None,
local_account_disabled: Optional[bool] = None,
location: Optional[str] = None,
maintenance_window: Optional[KubernetesClusterMaintenanceWindowArgs] = None,
maintenance_window_auto_upgrade: Optional[KubernetesClusterMaintenanceWindowAutoUpgradeArgs] = None,
maintenance_window_node_os: Optional[KubernetesClusterMaintenanceWindowNodeOsArgs] = None,
microsoft_defender: Optional[KubernetesClusterMicrosoftDefenderArgs] = None,
monitor_metrics: Optional[KubernetesClusterMonitorMetricsArgs] = None,
name: Optional[str] = None,
network_profile: Optional[KubernetesClusterNetworkProfileArgs] = None,
node_os_upgrade_channel: Optional[str] = None,
node_resource_group: Optional[str] = None,
oidc_issuer_enabled: Optional[bool] = None,
oms_agent: Optional[KubernetesClusterOmsAgentArgs] = None,
open_service_mesh_enabled: Optional[bool] = None,
private_cluster_enabled: Optional[bool] = None,
private_cluster_public_fqdn_enabled: Optional[bool] = None,
private_dns_zone_id: Optional[str] = None,
role_based_access_control_enabled: Optional[bool] = None,
run_command_enabled: Optional[bool] = None,
service_mesh_profile: Optional[KubernetesClusterServiceMeshProfileArgs] = None,
service_principal: Optional[KubernetesClusterServicePrincipalArgs] = None,
sku_tier: Optional[str] = None,
storage_profile: Optional[KubernetesClusterStorageProfileArgs] = None,
support_plan: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
web_app_routing: Optional[KubernetesClusterWebAppRoutingArgs] = None,
windows_profile: Optional[KubernetesClusterWindowsProfileArgs] = None,
workload_autoscaler_profile: Optional[KubernetesClusterWorkloadAutoscalerProfileArgs] = None,
workload_identity_enabled: Optional[bool] = None)
func NewKubernetesCluster(ctx *Context, name string, args KubernetesClusterArgs, opts ...ResourceOption) (*KubernetesCluster, error)
public KubernetesCluster(string name, KubernetesClusterArgs args, CustomResourceOptions? opts = null)
public KubernetesCluster(String name, KubernetesClusterArgs args)
public KubernetesCluster(String name, KubernetesClusterArgs args, CustomResourceOptions options)
type: azure:containerservice:KubernetesCluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KubernetesClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KubernetesClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KubernetesClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KubernetesClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KubernetesClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kubernetesClusterResource = new Azure.ContainerService.KubernetesCluster("kubernetesClusterResource", new()
{
DefaultNodePool = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolArgs
{
Name = "string",
VmSize = "string",
OnlyCriticalAddonsEnabled = false,
MaxCount = 0,
HostEncryptionEnabled = false,
HostGroupId = "string",
AutoScalingEnabled = false,
KubeletDiskType = "string",
LinuxOsConfig = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolLinuxOsConfigArgs
{
SwapFileSizeMb = 0,
SysctlConfig = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfigArgs
{
FsAioMaxNr = 0,
FsFileMax = 0,
FsInotifyMaxUserWatches = 0,
FsNrOpen = 0,
KernelThreadsMax = 0,
NetCoreNetdevMaxBacklog = 0,
NetCoreOptmemMax = 0,
NetCoreRmemDefault = 0,
NetCoreRmemMax = 0,
NetCoreSomaxconn = 0,
NetCoreWmemDefault = 0,
NetCoreWmemMax = 0,
NetIpv4IpLocalPortRangeMax = 0,
NetIpv4IpLocalPortRangeMin = 0,
NetIpv4NeighDefaultGcThresh1 = 0,
NetIpv4NeighDefaultGcThresh2 = 0,
NetIpv4NeighDefaultGcThresh3 = 0,
NetIpv4TcpFinTimeout = 0,
NetIpv4TcpKeepaliveIntvl = 0,
NetIpv4TcpKeepaliveProbes = 0,
NetIpv4TcpKeepaliveTime = 0,
NetIpv4TcpMaxSynBacklog = 0,
NetIpv4TcpMaxTwBuckets = 0,
NetIpv4TcpTwReuse = false,
NetNetfilterNfConntrackBuckets = 0,
NetNetfilterNfConntrackMax = 0,
VmMaxMapCount = 0,
VmSwappiness = 0,
VmVfsCachePressure = 0,
},
TransparentHugePageDefrag = "string",
TransparentHugePageEnabled = "string",
},
OrchestratorVersion = "string",
MaxPods = 0,
OsDiskSizeGb = 0,
FipsEnabled = false,
NodeCount = 0,
NodeLabels =
{
{ "string", "string" },
},
NodeNetworkProfile = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolNodeNetworkProfileArgs
{
AllowedHostPorts = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPortArgs
{
PortEnd = 0,
PortStart = 0,
Protocol = "string",
},
},
ApplicationSecurityGroupIds = new[]
{
"string",
},
NodePublicIpTags =
{
{ "string", "string" },
},
},
NodePublicIpEnabled = false,
NodePublicIpPrefixId = "string",
KubeletConfig = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolKubeletConfigArgs
{
AllowedUnsafeSysctls = new[]
{
"string",
},
ContainerLogMaxLine = 0,
ContainerLogMaxSizeMb = 0,
CpuCfsQuotaEnabled = false,
CpuCfsQuotaPeriod = "string",
CpuManagerPolicy = "string",
ImageGcHighThreshold = 0,
ImageGcLowThreshold = 0,
PodMaxPid = 0,
TopologyManagerPolicy = "string",
},
GpuInstance = "string",
MinCount = 0,
OsDiskType = "string",
OsSku = "string",
PodSubnetId = "string",
ProximityPlacementGroupId = "string",
ScaleDownMode = "string",
SnapshotId = "string",
Tags =
{
{ "string", "string" },
},
TemporaryNameForRotation = "string",
Type = "string",
UltraSsdEnabled = false,
UpgradeSettings = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolUpgradeSettingsArgs
{
MaxSurge = "string",
DrainTimeoutInMinutes = 0,
NodeSoakDurationInMinutes = 0,
},
CapacityReservationGroupId = "string",
VnetSubnetId = "string",
WorkloadRuntime = "string",
Zones = new[]
{
"string",
},
},
ResourceGroupName = "string",
AciConnectorLinux = new Azure.ContainerService.Inputs.KubernetesClusterAciConnectorLinuxArgs
{
SubnetName = "string",
ConnectorIdentities = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterAciConnectorLinuxConnectorIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
},
},
ApiServerAccessProfile = new Azure.ContainerService.Inputs.KubernetesClusterApiServerAccessProfileArgs
{
AuthorizedIpRanges = new[]
{
"string",
},
},
AutoScalerProfile = new Azure.ContainerService.Inputs.KubernetesClusterAutoScalerProfileArgs
{
BalanceSimilarNodeGroups = false,
DaemonsetEvictionForEmptyNodesEnabled = false,
DaemonsetEvictionForOccupiedNodesEnabled = false,
EmptyBulkDeleteMax = "string",
Expander = "string",
IgnoreDaemonsetsUtilizationEnabled = false,
MaxGracefulTerminationSec = "string",
MaxNodeProvisioningTime = "string",
MaxUnreadyNodes = 0,
MaxUnreadyPercentage = 0,
NewPodScaleUpDelay = "string",
ScaleDownDelayAfterAdd = "string",
ScaleDownDelayAfterDelete = "string",
ScaleDownDelayAfterFailure = "string",
ScaleDownUnneeded = "string",
ScaleDownUnready = "string",
ScaleDownUtilizationThreshold = "string",
ScanInterval = "string",
SkipNodesWithLocalStorage = false,
SkipNodesWithSystemPods = false,
},
AutomaticUpgradeChannel = "string",
AzureActiveDirectoryRoleBasedAccessControl = new Azure.ContainerService.Inputs.KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs
{
AdminGroupObjectIds = new[]
{
"string",
},
AzureRbacEnabled = false,
TenantId = "string",
},
AzurePolicyEnabled = false,
ConfidentialComputing = new Azure.ContainerService.Inputs.KubernetesClusterConfidentialComputingArgs
{
SgxQuoteHelperEnabled = false,
},
CostAnalysisEnabled = false,
DiskEncryptionSetId = "string",
DnsPrefix = "string",
DnsPrefixPrivateCluster = "string",
EdgeZone = "string",
HttpApplicationRoutingEnabled = false,
HttpProxyConfig = new Azure.ContainerService.Inputs.KubernetesClusterHttpProxyConfigArgs
{
HttpProxy = "string",
HttpsProxy = "string",
NoProxies = new[]
{
"string",
},
TrustedCa = "string",
},
Identity = new Azure.ContainerService.Inputs.KubernetesClusterIdentityArgs
{
Type = "string",
IdentityIds = new[]
{
"string",
},
PrincipalId = "string",
TenantId = "string",
},
ImageCleanerEnabled = false,
ImageCleanerIntervalHours = 0,
IngressApplicationGateway = new Azure.ContainerService.Inputs.KubernetesClusterIngressApplicationGatewayArgs
{
EffectiveGatewayId = "string",
GatewayId = "string",
GatewayName = "string",
IngressApplicationGatewayIdentities = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
},
SubnetCidr = "string",
SubnetId = "string",
},
KeyManagementService = new Azure.ContainerService.Inputs.KubernetesClusterKeyManagementServiceArgs
{
KeyVaultKeyId = "string",
KeyVaultNetworkAccess = "string",
},
KeyVaultSecretsProvider = new Azure.ContainerService.Inputs.KubernetesClusterKeyVaultSecretsProviderArgs
{
SecretIdentities = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterKeyVaultSecretsProviderSecretIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
},
SecretRotationEnabled = false,
SecretRotationInterval = "string",
},
KubeletIdentity = new Azure.ContainerService.Inputs.KubernetesClusterKubeletIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
KubernetesVersion = "string",
LinuxProfile = new Azure.ContainerService.Inputs.KubernetesClusterLinuxProfileArgs
{
AdminUsername = "string",
SshKey = new Azure.ContainerService.Inputs.KubernetesClusterLinuxProfileSshKeyArgs
{
KeyData = "string",
},
},
LocalAccountDisabled = false,
Location = "string",
MaintenanceWindow = new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowArgs
{
Alloweds = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowAllowedArgs
{
Day = "string",
Hours = new[]
{
0,
},
},
},
NotAlloweds = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowNotAllowedArgs
{
End = "string",
Start = "string",
},
},
},
MaintenanceWindowAutoUpgrade = new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowAutoUpgradeArgs
{
Duration = 0,
Frequency = "string",
Interval = 0,
DayOfMonth = 0,
DayOfWeek = "string",
NotAlloweds = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowedArgs
{
End = "string",
Start = "string",
},
},
StartDate = "string",
StartTime = "string",
UtcOffset = "string",
WeekIndex = "string",
},
MaintenanceWindowNodeOs = new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowNodeOsArgs
{
Duration = 0,
Frequency = "string",
Interval = 0,
DayOfMonth = 0,
DayOfWeek = "string",
NotAlloweds = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterMaintenanceWindowNodeOsNotAllowedArgs
{
End = "string",
Start = "string",
},
},
StartDate = "string",
StartTime = "string",
UtcOffset = "string",
WeekIndex = "string",
},
MicrosoftDefender = new Azure.ContainerService.Inputs.KubernetesClusterMicrosoftDefenderArgs
{
LogAnalyticsWorkspaceId = "string",
},
MonitorMetrics = new Azure.ContainerService.Inputs.KubernetesClusterMonitorMetricsArgs
{
AnnotationsAllowed = "string",
LabelsAllowed = "string",
},
Name = "string",
NetworkProfile = new Azure.ContainerService.Inputs.KubernetesClusterNetworkProfileArgs
{
NetworkPlugin = "string",
NetworkMode = "string",
NetworkPluginMode = "string",
LoadBalancerSku = "string",
NatGatewayProfile = new Azure.ContainerService.Inputs.KubernetesClusterNetworkProfileNatGatewayProfileArgs
{
EffectiveOutboundIps = new[]
{
"string",
},
IdleTimeoutInMinutes = 0,
ManagedOutboundIpCount = 0,
},
NetworkDataPlane = "string",
DnsServiceIp = "string",
IpVersions = new[]
{
"string",
},
LoadBalancerProfile = new Azure.ContainerService.Inputs.KubernetesClusterNetworkProfileLoadBalancerProfileArgs
{
BackendPoolType = "string",
EffectiveOutboundIps = new[]
{
"string",
},
IdleTimeoutInMinutes = 0,
ManagedOutboundIpCount = 0,
ManagedOutboundIpv6Count = 0,
OutboundIpAddressIds = new[]
{
"string",
},
OutboundIpPrefixIds = new[]
{
"string",
},
OutboundPortsAllocated = 0,
},
NetworkPolicy = "string",
OutboundType = "string",
PodCidr = "string",
PodCidrs = new[]
{
"string",
},
ServiceCidr = "string",
ServiceCidrs = new[]
{
"string",
},
},
NodeOsUpgradeChannel = "string",
NodeResourceGroup = "string",
OidcIssuerEnabled = false,
OmsAgent = new Azure.ContainerService.Inputs.KubernetesClusterOmsAgentArgs
{
LogAnalyticsWorkspaceId = "string",
MsiAuthForMonitoringEnabled = false,
OmsAgentIdentities = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterOmsAgentOmsAgentIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
},
},
OpenServiceMeshEnabled = false,
PrivateClusterEnabled = false,
PrivateClusterPublicFqdnEnabled = false,
PrivateDnsZoneId = "string",
RoleBasedAccessControlEnabled = false,
RunCommandEnabled = false,
ServiceMeshProfile = new Azure.ContainerService.Inputs.KubernetesClusterServiceMeshProfileArgs
{
Mode = "string",
Revisions = new[]
{
"string",
},
CertificateAuthority = new Azure.ContainerService.Inputs.KubernetesClusterServiceMeshProfileCertificateAuthorityArgs
{
CertChainObjectName = "string",
CertObjectName = "string",
KeyObjectName = "string",
KeyVaultId = "string",
RootCertObjectName = "string",
},
ExternalIngressGatewayEnabled = false,
InternalIngressGatewayEnabled = false,
},
ServicePrincipal = new Azure.ContainerService.Inputs.KubernetesClusterServicePrincipalArgs
{
ClientId = "string",
ClientSecret = "string",
},
SkuTier = "string",
StorageProfile = new Azure.ContainerService.Inputs.KubernetesClusterStorageProfileArgs
{
BlobDriverEnabled = false,
DiskDriverEnabled = false,
FileDriverEnabled = false,
SnapshotControllerEnabled = false,
},
SupportPlan = "string",
Tags =
{
{ "string", "string" },
},
WebAppRouting = new Azure.ContainerService.Inputs.KubernetesClusterWebAppRoutingArgs
{
DnsZoneIds = new[]
{
"string",
},
WebAppRoutingIdentities = new[]
{
new Azure.ContainerService.Inputs.KubernetesClusterWebAppRoutingWebAppRoutingIdentityArgs
{
ClientId = "string",
ObjectId = "string",
UserAssignedIdentityId = "string",
},
},
},
WindowsProfile = new Azure.ContainerService.Inputs.KubernetesClusterWindowsProfileArgs
{
AdminPassword = "string",
AdminUsername = "string",
Gmsa = new Azure.ContainerService.Inputs.KubernetesClusterWindowsProfileGmsaArgs
{
DnsServer = "string",
RootDomain = "string",
},
License = "string",
},
WorkloadAutoscalerProfile = new Azure.ContainerService.Inputs.KubernetesClusterWorkloadAutoscalerProfileArgs
{
KedaEnabled = false,
VerticalPodAutoscalerEnabled = false,
},
WorkloadIdentityEnabled = false,
});
example, err := containerservice.NewKubernetesCluster(ctx, "kubernetesClusterResource", &containerservice.KubernetesClusterArgs{
DefaultNodePool: &containerservice.KubernetesClusterDefaultNodePoolArgs{
Name: pulumi.String("string"),
VmSize: pulumi.String("string"),
OnlyCriticalAddonsEnabled: pulumi.Bool(false),
MaxCount: pulumi.Int(0),
HostEncryptionEnabled: pulumi.Bool(false),
HostGroupId: pulumi.String("string"),
AutoScalingEnabled: pulumi.Bool(false),
KubeletDiskType: pulumi.String("string"),
LinuxOsConfig: &containerservice.KubernetesClusterDefaultNodePoolLinuxOsConfigArgs{
SwapFileSizeMb: pulumi.Int(0),
SysctlConfig: &containerservice.KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfigArgs{
FsAioMaxNr: pulumi.Int(0),
FsFileMax: pulumi.Int(0),
FsInotifyMaxUserWatches: pulumi.Int(0),
FsNrOpen: pulumi.Int(0),
KernelThreadsMax: pulumi.Int(0),
NetCoreNetdevMaxBacklog: pulumi.Int(0),
NetCoreOptmemMax: pulumi.Int(0),
NetCoreRmemDefault: pulumi.Int(0),
NetCoreRmemMax: pulumi.Int(0),
NetCoreSomaxconn: pulumi.Int(0),
NetCoreWmemDefault: pulumi.Int(0),
NetCoreWmemMax: pulumi.Int(0),
NetIpv4IpLocalPortRangeMax: pulumi.Int(0),
NetIpv4IpLocalPortRangeMin: pulumi.Int(0),
NetIpv4NeighDefaultGcThresh1: pulumi.Int(0),
NetIpv4NeighDefaultGcThresh2: pulumi.Int(0),
NetIpv4NeighDefaultGcThresh3: pulumi.Int(0),
NetIpv4TcpFinTimeout: pulumi.Int(0),
NetIpv4TcpKeepaliveIntvl: pulumi.Int(0),
NetIpv4TcpKeepaliveProbes: pulumi.Int(0),
NetIpv4TcpKeepaliveTime: pulumi.Int(0),
NetIpv4TcpMaxSynBacklog: pulumi.Int(0),
NetIpv4TcpMaxTwBuckets: pulumi.Int(0),
NetIpv4TcpTwReuse: pulumi.Bool(false),
NetNetfilterNfConntrackBuckets: pulumi.Int(0),
NetNetfilterNfConntrackMax: pulumi.Int(0),
VmMaxMapCount: pulumi.Int(0),
VmSwappiness: pulumi.Int(0),
VmVfsCachePressure: pulumi.Int(0),
},
TransparentHugePageDefrag: pulumi.String("string"),
TransparentHugePageEnabled: pulumi.String("string"),
},
OrchestratorVersion: pulumi.String("string"),
MaxPods: pulumi.Int(0),
OsDiskSizeGb: pulumi.Int(0),
FipsEnabled: pulumi.Bool(false),
NodeCount: pulumi.Int(0),
NodeLabels: pulumi.StringMap{
"string": pulumi.String("string"),
},
NodeNetworkProfile: &containerservice.KubernetesClusterDefaultNodePoolNodeNetworkProfileArgs{
AllowedHostPorts: containerservice.KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPortArray{
&containerservice.KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPortArgs{
PortEnd: pulumi.Int(0),
PortStart: pulumi.Int(0),
Protocol: pulumi.String("string"),
},
},
ApplicationSecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
NodePublicIpTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
NodePublicIpEnabled: pulumi.Bool(false),
NodePublicIpPrefixId: pulumi.String("string"),
KubeletConfig: &containerservice.KubernetesClusterDefaultNodePoolKubeletConfigArgs{
AllowedUnsafeSysctls: pulumi.StringArray{
pulumi.String("string"),
},
ContainerLogMaxLine: pulumi.Int(0),
ContainerLogMaxSizeMb: pulumi.Int(0),
CpuCfsQuotaEnabled: pulumi.Bool(false),
CpuCfsQuotaPeriod: pulumi.String("string"),
CpuManagerPolicy: pulumi.String("string"),
ImageGcHighThreshold: pulumi.Int(0),
ImageGcLowThreshold: pulumi.Int(0),
PodMaxPid: pulumi.Int(0),
TopologyManagerPolicy: pulumi.String("string"),
},
GpuInstance: pulumi.String("string"),
MinCount: pulumi.Int(0),
OsDiskType: pulumi.String("string"),
OsSku: pulumi.String("string"),
PodSubnetId: pulumi.String("string"),
ProximityPlacementGroupId: pulumi.String("string"),
ScaleDownMode: pulumi.String("string"),
SnapshotId: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TemporaryNameForRotation: pulumi.String("string"),
Type: pulumi.String("string"),
UltraSsdEnabled: pulumi.Bool(false),
UpgradeSettings: &containerservice.KubernetesClusterDefaultNodePoolUpgradeSettingsArgs{
MaxSurge: pulumi.String("string"),
DrainTimeoutInMinutes: pulumi.Int(0),
NodeSoakDurationInMinutes: pulumi.Int(0),
},
CapacityReservationGroupId: pulumi.String("string"),
VnetSubnetId: pulumi.String("string"),
WorkloadRuntime: pulumi.String("string"),
Zones: pulumi.StringArray{
pulumi.String("string"),
},
},
ResourceGroupName: pulumi.String("string"),
AciConnectorLinux: &containerservice.KubernetesClusterAciConnectorLinuxArgs{
SubnetName: pulumi.String("string"),
ConnectorIdentities: containerservice.KubernetesClusterAciConnectorLinuxConnectorIdentityArray{
&containerservice.KubernetesClusterAciConnectorLinuxConnectorIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
},
},
ApiServerAccessProfile: &containerservice.KubernetesClusterApiServerAccessProfileArgs{
AuthorizedIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
AutoScalerProfile: &containerservice.KubernetesClusterAutoScalerProfileArgs{
BalanceSimilarNodeGroups: pulumi.Bool(false),
DaemonsetEvictionForEmptyNodesEnabled: pulumi.Bool(false),
DaemonsetEvictionForOccupiedNodesEnabled: pulumi.Bool(false),
EmptyBulkDeleteMax: pulumi.String("string"),
Expander: pulumi.String("string"),
IgnoreDaemonsetsUtilizationEnabled: pulumi.Bool(false),
MaxGracefulTerminationSec: pulumi.String("string"),
MaxNodeProvisioningTime: pulumi.String("string"),
MaxUnreadyNodes: pulumi.Int(0),
MaxUnreadyPercentage: pulumi.Float64(0),
NewPodScaleUpDelay: pulumi.String("string"),
ScaleDownDelayAfterAdd: pulumi.String("string"),
ScaleDownDelayAfterDelete: pulumi.String("string"),
ScaleDownDelayAfterFailure: pulumi.String("string"),
ScaleDownUnneeded: pulumi.String("string"),
ScaleDownUnready: pulumi.String("string"),
ScaleDownUtilizationThreshold: pulumi.String("string"),
ScanInterval: pulumi.String("string"),
SkipNodesWithLocalStorage: pulumi.Bool(false),
SkipNodesWithSystemPods: pulumi.Bool(false),
},
AutomaticUpgradeChannel: pulumi.String("string"),
AzureActiveDirectoryRoleBasedAccessControl: &containerservice.KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs{
AdminGroupObjectIds: pulumi.StringArray{
pulumi.String("string"),
},
AzureRbacEnabled: pulumi.Bool(false),
TenantId: pulumi.String("string"),
},
AzurePolicyEnabled: pulumi.Bool(false),
ConfidentialComputing: &containerservice.KubernetesClusterConfidentialComputingArgs{
SgxQuoteHelperEnabled: pulumi.Bool(false),
},
CostAnalysisEnabled: pulumi.Bool(false),
DiskEncryptionSetId: pulumi.String("string"),
DnsPrefix: pulumi.String("string"),
DnsPrefixPrivateCluster: pulumi.String("string"),
EdgeZone: pulumi.String("string"),
HttpApplicationRoutingEnabled: pulumi.Bool(false),
HttpProxyConfig: &containerservice.KubernetesClusterHttpProxyConfigArgs{
HttpProxy: pulumi.String("string"),
HttpsProxy: pulumi.String("string"),
NoProxies: pulumi.StringArray{
pulumi.String("string"),
},
TrustedCa: pulumi.String("string"),
},
Identity: &containerservice.KubernetesClusterIdentityArgs{
Type: pulumi.String("string"),
IdentityIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
ImageCleanerEnabled: pulumi.Bool(false),
ImageCleanerIntervalHours: pulumi.Int(0),
IngressApplicationGateway: &containerservice.KubernetesClusterIngressApplicationGatewayArgs{
EffectiveGatewayId: pulumi.String("string"),
GatewayId: pulumi.String("string"),
GatewayName: pulumi.String("string"),
IngressApplicationGatewayIdentities: containerservice.KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentityArray{
&containerservice.KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
},
SubnetCidr: pulumi.String("string"),
SubnetId: pulumi.String("string"),
},
KeyManagementService: &containerservice.KubernetesClusterKeyManagementServiceArgs{
KeyVaultKeyId: pulumi.String("string"),
KeyVaultNetworkAccess: pulumi.String("string"),
},
KeyVaultSecretsProvider: &containerservice.KubernetesClusterKeyVaultSecretsProviderArgs{
SecretIdentities: containerservice.KubernetesClusterKeyVaultSecretsProviderSecretIdentityArray{
&containerservice.KubernetesClusterKeyVaultSecretsProviderSecretIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
},
SecretRotationEnabled: pulumi.Bool(false),
SecretRotationInterval: pulumi.String("string"),
},
KubeletIdentity: &containerservice.KubernetesClusterKubeletIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
KubernetesVersion: pulumi.String("string"),
LinuxProfile: &containerservice.KubernetesClusterLinuxProfileArgs{
AdminUsername: pulumi.String("string"),
SshKey: &containerservice.KubernetesClusterLinuxProfileSshKeyArgs{
KeyData: pulumi.String("string"),
},
},
LocalAccountDisabled: pulumi.Bool(false),
Location: pulumi.String("string"),
MaintenanceWindow: &containerservice.KubernetesClusterMaintenanceWindowArgs{
Alloweds: containerservice.KubernetesClusterMaintenanceWindowAllowedArray{
&containerservice.KubernetesClusterMaintenanceWindowAllowedArgs{
Day: pulumi.String("string"),
Hours: pulumi.IntArray{
pulumi.Int(0),
},
},
},
NotAlloweds: containerservice.KubernetesClusterMaintenanceWindowNotAllowedArray{
&containerservice.KubernetesClusterMaintenanceWindowNotAllowedArgs{
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
},
MaintenanceWindowAutoUpgrade: &containerservice.KubernetesClusterMaintenanceWindowAutoUpgradeArgs{
Duration: pulumi.Int(0),
Frequency: pulumi.String("string"),
Interval: pulumi.Int(0),
DayOfMonth: pulumi.Int(0),
DayOfWeek: pulumi.String("string"),
NotAlloweds: containerservice.KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowedArray{
&containerservice.KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowedArgs{
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
StartDate: pulumi.String("string"),
StartTime: pulumi.String("string"),
UtcOffset: pulumi.String("string"),
WeekIndex: pulumi.String("string"),
},
MaintenanceWindowNodeOs: &containerservice.KubernetesClusterMaintenanceWindowNodeOsArgs{
Duration: pulumi.Int(0),
Frequency: pulumi.String("string"),
Interval: pulumi.Int(0),
DayOfMonth: pulumi.Int(0),
DayOfWeek: pulumi.String("string"),
NotAlloweds: containerservice.KubernetesClusterMaintenanceWindowNodeOsNotAllowedArray{
&containerservice.KubernetesClusterMaintenanceWindowNodeOsNotAllowedArgs{
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
StartDate: pulumi.String("string"),
StartTime: pulumi.String("string"),
UtcOffset: pulumi.String("string"),
WeekIndex: pulumi.String("string"),
},
MicrosoftDefender: &containerservice.KubernetesClusterMicrosoftDefenderArgs{
LogAnalyticsWorkspaceId: pulumi.String("string"),
},
MonitorMetrics: &containerservice.KubernetesClusterMonitorMetricsArgs{
AnnotationsAllowed: pulumi.String("string"),
LabelsAllowed: pulumi.String("string"),
},
Name: pulumi.String("string"),
NetworkProfile: &containerservice.KubernetesClusterNetworkProfileArgs{
NetworkPlugin: pulumi.String("string"),
NetworkMode: pulumi.String("string"),
NetworkPluginMode: pulumi.String("string"),
LoadBalancerSku: pulumi.String("string"),
NatGatewayProfile: &containerservice.KubernetesClusterNetworkProfileNatGatewayProfileArgs{
EffectiveOutboundIps: pulumi.StringArray{
pulumi.String("string"),
},
IdleTimeoutInMinutes: pulumi.Int(0),
ManagedOutboundIpCount: pulumi.Int(0),
},
NetworkDataPlane: pulumi.String("string"),
DnsServiceIp: pulumi.String("string"),
IpVersions: pulumi.StringArray{
pulumi.String("string"),
},
LoadBalancerProfile: &containerservice.KubernetesClusterNetworkProfileLoadBalancerProfileArgs{
BackendPoolType: pulumi.String("string"),
EffectiveOutboundIps: pulumi.StringArray{
pulumi.String("string"),
},
IdleTimeoutInMinutes: pulumi.Int(0),
ManagedOutboundIpCount: pulumi.Int(0),
ManagedOutboundIpv6Count: pulumi.Int(0),
OutboundIpAddressIds: pulumi.StringArray{
pulumi.String("string"),
},
OutboundIpPrefixIds: pulumi.StringArray{
pulumi.String("string"),
},
OutboundPortsAllocated: pulumi.Int(0),
},
NetworkPolicy: pulumi.String("string"),
OutboundType: pulumi.String("string"),
PodCidr: pulumi.String("string"),
PodCidrs: pulumi.StringArray{
pulumi.String("string"),
},
ServiceCidr: pulumi.String("string"),
ServiceCidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
NodeOsUpgradeChannel: pulumi.String("string"),
NodeResourceGroup: pulumi.String("string"),
OidcIssuerEnabled: pulumi.Bool(false),
OmsAgent: &containerservice.KubernetesClusterOmsAgentArgs{
LogAnalyticsWorkspaceId: pulumi.String("string"),
MsiAuthForMonitoringEnabled: pulumi.Bool(false),
OmsAgentIdentities: containerservice.KubernetesClusterOmsAgentOmsAgentIdentityArray{
&containerservice.KubernetesClusterOmsAgentOmsAgentIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
},
},
OpenServiceMeshEnabled: pulumi.Bool(false),
PrivateClusterEnabled: pulumi.Bool(false),
PrivateClusterPublicFqdnEnabled: pulumi.Bool(false),
PrivateDnsZoneId: pulumi.String("string"),
RoleBasedAccessControlEnabled: pulumi.Bool(false),
RunCommandEnabled: pulumi.Bool(false),
ServiceMeshProfile: &containerservice.KubernetesClusterServiceMeshProfileArgs{
Mode: pulumi.String("string"),
Revisions: pulumi.StringArray{
pulumi.String("string"),
},
CertificateAuthority: &containerservice.KubernetesClusterServiceMeshProfileCertificateAuthorityArgs{
CertChainObjectName: pulumi.String("string"),
CertObjectName: pulumi.String("string"),
KeyObjectName: pulumi.String("string"),
KeyVaultId: pulumi.String("string"),
RootCertObjectName: pulumi.String("string"),
},
ExternalIngressGatewayEnabled: pulumi.Bool(false),
InternalIngressGatewayEnabled: pulumi.Bool(false),
},
ServicePrincipal: &containerservice.KubernetesClusterServicePrincipalArgs{
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
},
SkuTier: pulumi.String("string"),
StorageProfile: &containerservice.KubernetesClusterStorageProfileArgs{
BlobDriverEnabled: pulumi.Bool(false),
DiskDriverEnabled: pulumi.Bool(false),
FileDriverEnabled: pulumi.Bool(false),
SnapshotControllerEnabled: pulumi.Bool(false),
},
SupportPlan: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
WebAppRouting: &containerservice.KubernetesClusterWebAppRoutingArgs{
DnsZoneIds: pulumi.StringArray{
pulumi.String("string"),
},
WebAppRoutingIdentities: containerservice.KubernetesClusterWebAppRoutingWebAppRoutingIdentityArray{
&containerservice.KubernetesClusterWebAppRoutingWebAppRoutingIdentityArgs{
ClientId: pulumi.String("string"),
ObjectId: pulumi.String("string"),
UserAssignedIdentityId: pulumi.String("string"),
},
},
},
WindowsProfile: &containerservice.KubernetesClusterWindowsProfileArgs{
AdminPassword: pulumi.String("string"),
AdminUsername: pulumi.String("string"),
Gmsa: &containerservice.KubernetesClusterWindowsProfileGmsaArgs{
DnsServer: pulumi.String("string"),
RootDomain: pulumi.String("string"),
},
License: pulumi.String("string"),
},
WorkloadAutoscalerProfile: &containerservice.KubernetesClusterWorkloadAutoscalerProfileArgs{
KedaEnabled: pulumi.Bool(false),
VerticalPodAutoscalerEnabled: pulumi.Bool(false),
},
WorkloadIdentityEnabled: pulumi.Bool(false),
})
var kubernetesClusterResource = new KubernetesCluster("kubernetesClusterResource", KubernetesClusterArgs.builder()
.defaultNodePool(KubernetesClusterDefaultNodePoolArgs.builder()
.name("string")
.vmSize("string")
.onlyCriticalAddonsEnabled(false)
.maxCount(0)
.hostEncryptionEnabled(false)
.hostGroupId("string")
.autoScalingEnabled(false)
.kubeletDiskType("string")
.linuxOsConfig(KubernetesClusterDefaultNodePoolLinuxOsConfigArgs.builder()
.swapFileSizeMb(0)
.sysctlConfig(KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfigArgs.builder()
.fsAioMaxNr(0)
.fsFileMax(0)
.fsInotifyMaxUserWatches(0)
.fsNrOpen(0)
.kernelThreadsMax(0)
.netCoreNetdevMaxBacklog(0)
.netCoreOptmemMax(0)
.netCoreRmemDefault(0)
.netCoreRmemMax(0)
.netCoreSomaxconn(0)
.netCoreWmemDefault(0)
.netCoreWmemMax(0)
.netIpv4IpLocalPortRangeMax(0)
.netIpv4IpLocalPortRangeMin(0)
.netIpv4NeighDefaultGcThresh1(0)
.netIpv4NeighDefaultGcThresh2(0)
.netIpv4NeighDefaultGcThresh3(0)
.netIpv4TcpFinTimeout(0)
.netIpv4TcpKeepaliveIntvl(0)
.netIpv4TcpKeepaliveProbes(0)
.netIpv4TcpKeepaliveTime(0)
.netIpv4TcpMaxSynBacklog(0)
.netIpv4TcpMaxTwBuckets(0)
.netIpv4TcpTwReuse(false)
.netNetfilterNfConntrackBuckets(0)
.netNetfilterNfConntrackMax(0)
.vmMaxMapCount(0)
.vmSwappiness(0)
.vmVfsCachePressure(0)
.build())
.transparentHugePageDefrag("string")
.transparentHugePageEnabled("string")
.build())
.orchestratorVersion("string")
.maxPods(0)
.osDiskSizeGb(0)
.fipsEnabled(false)
.nodeCount(0)
.nodeLabels(Map.of("string", "string"))
.nodeNetworkProfile(KubernetesClusterDefaultNodePoolNodeNetworkProfileArgs.builder()
.allowedHostPorts(KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPortArgs.builder()
.portEnd(0)
.portStart(0)
.protocol("string")
.build())
.applicationSecurityGroupIds("string")
.nodePublicIpTags(Map.of("string", "string"))
.build())
.nodePublicIpEnabled(false)
.nodePublicIpPrefixId("string")
.kubeletConfig(KubernetesClusterDefaultNodePoolKubeletConfigArgs.builder()
.allowedUnsafeSysctls("string")
.containerLogMaxLine(0)
.containerLogMaxSizeMb(0)
.cpuCfsQuotaEnabled(false)
.cpuCfsQuotaPeriod("string")
.cpuManagerPolicy("string")
.imageGcHighThreshold(0)
.imageGcLowThreshold(0)
.podMaxPid(0)
.topologyManagerPolicy("string")
.build())
.gpuInstance("string")
.minCount(0)
.osDiskType("string")
.osSku("string")
.podSubnetId("string")
.proximityPlacementGroupId("string")
.scaleDownMode("string")
.snapshotId("string")
.tags(Map.of("string", "string"))
.temporaryNameForRotation("string")
.type("string")
.ultraSsdEnabled(false)
.upgradeSettings(KubernetesClusterDefaultNodePoolUpgradeSettingsArgs.builder()
.maxSurge("string")
.drainTimeoutInMinutes(0)
.nodeSoakDurationInMinutes(0)
.build())
.capacityReservationGroupId("string")
.vnetSubnetId("string")
.workloadRuntime("string")
.zones("string")
.build())
.resourceGroupName("string")
.aciConnectorLinux(KubernetesClusterAciConnectorLinuxArgs.builder()
.subnetName("string")
.connectorIdentities(KubernetesClusterAciConnectorLinuxConnectorIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.build())
.apiServerAccessProfile(KubernetesClusterApiServerAccessProfileArgs.builder()
.authorizedIpRanges("string")
.build())
.autoScalerProfile(KubernetesClusterAutoScalerProfileArgs.builder()
.balanceSimilarNodeGroups(false)
.daemonsetEvictionForEmptyNodesEnabled(false)
.daemonsetEvictionForOccupiedNodesEnabled(false)
.emptyBulkDeleteMax("string")
.expander("string")
.ignoreDaemonsetsUtilizationEnabled(false)
.maxGracefulTerminationSec("string")
.maxNodeProvisioningTime("string")
.maxUnreadyNodes(0)
.maxUnreadyPercentage(0)
.newPodScaleUpDelay("string")
.scaleDownDelayAfterAdd("string")
.scaleDownDelayAfterDelete("string")
.scaleDownDelayAfterFailure("string")
.scaleDownUnneeded("string")
.scaleDownUnready("string")
.scaleDownUtilizationThreshold("string")
.scanInterval("string")
.skipNodesWithLocalStorage(false)
.skipNodesWithSystemPods(false)
.build())
.automaticUpgradeChannel("string")
.azureActiveDirectoryRoleBasedAccessControl(KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs.builder()
.adminGroupObjectIds("string")
.azureRbacEnabled(false)
.tenantId("string")
.build())
.azurePolicyEnabled(false)
.confidentialComputing(KubernetesClusterConfidentialComputingArgs.builder()
.sgxQuoteHelperEnabled(false)
.build())
.costAnalysisEnabled(false)
.diskEncryptionSetId("string")
.dnsPrefix("string")
.dnsPrefixPrivateCluster("string")
.edgeZone("string")
.httpApplicationRoutingEnabled(false)
.httpProxyConfig(KubernetesClusterHttpProxyConfigArgs.builder()
.httpProxy("string")
.httpsProxy("string")
.noProxies("string")
.trustedCa("string")
.build())
.identity(KubernetesClusterIdentityArgs.builder()
.type("string")
.identityIds("string")
.principalId("string")
.tenantId("string")
.build())
.imageCleanerEnabled(false)
.imageCleanerIntervalHours(0)
.ingressApplicationGateway(KubernetesClusterIngressApplicationGatewayArgs.builder()
.effectiveGatewayId("string")
.gatewayId("string")
.gatewayName("string")
.ingressApplicationGatewayIdentities(KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.subnetCidr("string")
.subnetId("string")
.build())
.keyManagementService(KubernetesClusterKeyManagementServiceArgs.builder()
.keyVaultKeyId("string")
.keyVaultNetworkAccess("string")
.build())
.keyVaultSecretsProvider(KubernetesClusterKeyVaultSecretsProviderArgs.builder()
.secretIdentities(KubernetesClusterKeyVaultSecretsProviderSecretIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.secretRotationEnabled(false)
.secretRotationInterval("string")
.build())
.kubeletIdentity(KubernetesClusterKubeletIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.kubernetesVersion("string")
.linuxProfile(KubernetesClusterLinuxProfileArgs.builder()
.adminUsername("string")
.sshKey(KubernetesClusterLinuxProfileSshKeyArgs.builder()
.keyData("string")
.build())
.build())
.localAccountDisabled(false)
.location("string")
.maintenanceWindow(KubernetesClusterMaintenanceWindowArgs.builder()
.alloweds(KubernetesClusterMaintenanceWindowAllowedArgs.builder()
.day("string")
.hours(0)
.build())
.notAlloweds(KubernetesClusterMaintenanceWindowNotAllowedArgs.builder()
.end("string")
.start("string")
.build())
.build())
.maintenanceWindowAutoUpgrade(KubernetesClusterMaintenanceWindowAutoUpgradeArgs.builder()
.duration(0)
.frequency("string")
.interval(0)
.dayOfMonth(0)
.dayOfWeek("string")
.notAlloweds(KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowedArgs.builder()
.end("string")
.start("string")
.build())
.startDate("string")
.startTime("string")
.utcOffset("string")
.weekIndex("string")
.build())
.maintenanceWindowNodeOs(KubernetesClusterMaintenanceWindowNodeOsArgs.builder()
.duration(0)
.frequency("string")
.interval(0)
.dayOfMonth(0)
.dayOfWeek("string")
.notAlloweds(KubernetesClusterMaintenanceWindowNodeOsNotAllowedArgs.builder()
.end("string")
.start("string")
.build())
.startDate("string")
.startTime("string")
.utcOffset("string")
.weekIndex("string")
.build())
.microsoftDefender(KubernetesClusterMicrosoftDefenderArgs.builder()
.logAnalyticsWorkspaceId("string")
.build())
.monitorMetrics(KubernetesClusterMonitorMetricsArgs.builder()
.annotationsAllowed("string")
.labelsAllowed("string")
.build())
.name("string")
.networkProfile(KubernetesClusterNetworkProfileArgs.builder()
.networkPlugin("string")
.networkMode("string")
.networkPluginMode("string")
.loadBalancerSku("string")
.natGatewayProfile(KubernetesClusterNetworkProfileNatGatewayProfileArgs.builder()
.effectiveOutboundIps("string")
.idleTimeoutInMinutes(0)
.managedOutboundIpCount(0)
.build())
.networkDataPlane("string")
.dnsServiceIp("string")
.ipVersions("string")
.loadBalancerProfile(KubernetesClusterNetworkProfileLoadBalancerProfileArgs.builder()
.backendPoolType("string")
.effectiveOutboundIps("string")
.idleTimeoutInMinutes(0)
.managedOutboundIpCount(0)
.managedOutboundIpv6Count(0)
.outboundIpAddressIds("string")
.outboundIpPrefixIds("string")
.outboundPortsAllocated(0)
.build())
.networkPolicy("string")
.outboundType("string")
.podCidr("string")
.podCidrs("string")
.serviceCidr("string")
.serviceCidrs("string")
.build())
.nodeOsUpgradeChannel("string")
.nodeResourceGroup("string")
.oidcIssuerEnabled(false)
.omsAgent(KubernetesClusterOmsAgentArgs.builder()
.logAnalyticsWorkspaceId("string")
.msiAuthForMonitoringEnabled(false)
.omsAgentIdentities(KubernetesClusterOmsAgentOmsAgentIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.build())
.openServiceMeshEnabled(false)
.privateClusterEnabled(false)
.privateClusterPublicFqdnEnabled(false)
.privateDnsZoneId("string")
.roleBasedAccessControlEnabled(false)
.runCommandEnabled(false)
.serviceMeshProfile(KubernetesClusterServiceMeshProfileArgs.builder()
.mode("string")
.revisions("string")
.certificateAuthority(KubernetesClusterServiceMeshProfileCertificateAuthorityArgs.builder()
.certChainObjectName("string")
.certObjectName("string")
.keyObjectName("string")
.keyVaultId("string")
.rootCertObjectName("string")
.build())
.externalIngressGatewayEnabled(false)
.internalIngressGatewayEnabled(false)
.build())
.servicePrincipal(KubernetesClusterServicePrincipalArgs.builder()
.clientId("string")
.clientSecret("string")
.build())
.skuTier("string")
.storageProfile(KubernetesClusterStorageProfileArgs.builder()
.blobDriverEnabled(false)
.diskDriverEnabled(false)
.fileDriverEnabled(false)
.snapshotControllerEnabled(false)
.build())
.supportPlan("string")
.tags(Map.of("string", "string"))
.webAppRouting(KubernetesClusterWebAppRoutingArgs.builder()
.dnsZoneIds("string")
.webAppRoutingIdentities(KubernetesClusterWebAppRoutingWebAppRoutingIdentityArgs.builder()
.clientId("string")
.objectId("string")
.userAssignedIdentityId("string")
.build())
.build())
.windowsProfile(KubernetesClusterWindowsProfileArgs.builder()
.adminPassword("string")
.adminUsername("string")
.gmsa(KubernetesClusterWindowsProfileGmsaArgs.builder()
.dnsServer("string")
.rootDomain("string")
.build())
.license("string")
.build())
.workloadAutoscalerProfile(KubernetesClusterWorkloadAutoscalerProfileArgs.builder()
.kedaEnabled(false)
.verticalPodAutoscalerEnabled(false)
.build())
.workloadIdentityEnabled(false)
.build());
kubernetes_cluster_resource = azure.containerservice.KubernetesCluster("kubernetesClusterResource",
default_node_pool={
"name": "string",
"vm_size": "string",
"only_critical_addons_enabled": False,
"max_count": 0,
"host_encryption_enabled": False,
"host_group_id": "string",
"auto_scaling_enabled": False,
"kubelet_disk_type": "string",
"linux_os_config": {
"swap_file_size_mb": 0,
"sysctl_config": {
"fs_aio_max_nr": 0,
"fs_file_max": 0,
"fs_inotify_max_user_watches": 0,
"fs_nr_open": 0,
"kernel_threads_max": 0,
"net_core_netdev_max_backlog": 0,
"net_core_optmem_max": 0,
"net_core_rmem_default": 0,
"net_core_rmem_max": 0,
"net_core_somaxconn": 0,
"net_core_wmem_default": 0,
"net_core_wmem_max": 0,
"net_ipv4_ip_local_port_range_max": 0,
"net_ipv4_ip_local_port_range_min": 0,
"net_ipv4_neigh_default_gc_thresh1": 0,
"net_ipv4_neigh_default_gc_thresh2": 0,
"net_ipv4_neigh_default_gc_thresh3": 0,
"net_ipv4_tcp_fin_timeout": 0,
"net_ipv4_tcp_keepalive_intvl": 0,
"net_ipv4_tcp_keepalive_probes": 0,
"net_ipv4_tcp_keepalive_time": 0,
"net_ipv4_tcp_max_syn_backlog": 0,
"net_ipv4_tcp_max_tw_buckets": 0,
"net_ipv4_tcp_tw_reuse": False,
"net_netfilter_nf_conntrack_buckets": 0,
"net_netfilter_nf_conntrack_max": 0,
"vm_max_map_count": 0,
"vm_swappiness": 0,
"vm_vfs_cache_pressure": 0,
},
"transparent_huge_page_defrag": "string",
"transparent_huge_page_enabled": "string",
},
"orchestrator_version": "string",
"max_pods": 0,
"os_disk_size_gb": 0,
"fips_enabled": False,
"node_count": 0,
"node_labels": {
"string": "string",
},
"node_network_profile": {
"allowed_host_ports": [{
"port_end": 0,
"port_start": 0,
"protocol": "string",
}],
"application_security_group_ids": ["string"],
"node_public_ip_tags": {
"string": "string",
},
},
"node_public_ip_enabled": False,
"node_public_ip_prefix_id": "string",
"kubelet_config": {
"allowed_unsafe_sysctls": ["string"],
"container_log_max_line": 0,
"container_log_max_size_mb": 0,
"cpu_cfs_quota_enabled": False,
"cpu_cfs_quota_period": "string",
"cpu_manager_policy": "string",
"image_gc_high_threshold": 0,
"image_gc_low_threshold": 0,
"pod_max_pid": 0,
"topology_manager_policy": "string",
},
"gpu_instance": "string",
"min_count": 0,
"os_disk_type": "string",
"os_sku": "string",
"pod_subnet_id": "string",
"proximity_placement_group_id": "string",
"scale_down_mode": "string",
"snapshot_id": "string",
"tags": {
"string": "string",
},
"temporary_name_for_rotation": "string",
"type": "string",
"ultra_ssd_enabled": False,
"upgrade_settings": {
"max_surge": "string",
"drain_timeout_in_minutes": 0,
"node_soak_duration_in_minutes": 0,
},
"capacity_reservation_group_id": "string",
"vnet_subnet_id": "string",
"workload_runtime": "string",
"zones": ["string"],
},
resource_group_name="string",
aci_connector_linux={
"subnet_name": "string",
"connector_identities": [{
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
}],
},
api_server_access_profile={
"authorized_ip_ranges": ["string"],
},
auto_scaler_profile={
"balance_similar_node_groups": False,
"daemonset_eviction_for_empty_nodes_enabled": False,
"daemonset_eviction_for_occupied_nodes_enabled": False,
"empty_bulk_delete_max": "string",
"expander": "string",
"ignore_daemonsets_utilization_enabled": False,
"max_graceful_termination_sec": "string",
"max_node_provisioning_time": "string",
"max_unready_nodes": 0,
"max_unready_percentage": 0,
"new_pod_scale_up_delay": "string",
"scale_down_delay_after_add": "string",
"scale_down_delay_after_delete": "string",
"scale_down_delay_after_failure": "string",
"scale_down_unneeded": "string",
"scale_down_unready": "string",
"scale_down_utilization_threshold": "string",
"scan_interval": "string",
"skip_nodes_with_local_storage": False,
"skip_nodes_with_system_pods": False,
},
automatic_upgrade_channel="string",
azure_active_directory_role_based_access_control={
"admin_group_object_ids": ["string"],
"azure_rbac_enabled": False,
"tenant_id": "string",
},
azure_policy_enabled=False,
confidential_computing={
"sgx_quote_helper_enabled": False,
},
cost_analysis_enabled=False,
disk_encryption_set_id="string",
dns_prefix="string",
dns_prefix_private_cluster="string",
edge_zone="string",
http_application_routing_enabled=False,
http_proxy_config={
"http_proxy": "string",
"https_proxy": "string",
"no_proxies": ["string"],
"trusted_ca": "string",
},
identity={
"type": "string",
"identity_ids": ["string"],
"principal_id": "string",
"tenant_id": "string",
},
image_cleaner_enabled=False,
image_cleaner_interval_hours=0,
ingress_application_gateway={
"effective_gateway_id": "string",
"gateway_id": "string",
"gateway_name": "string",
"ingress_application_gateway_identities": [{
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
}],
"subnet_cidr": "string",
"subnet_id": "string",
},
key_management_service={
"key_vault_key_id": "string",
"key_vault_network_access": "string",
},
key_vault_secrets_provider={
"secret_identities": [{
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
}],
"secret_rotation_enabled": False,
"secret_rotation_interval": "string",
},
kubelet_identity={
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
},
kubernetes_version="string",
linux_profile={
"admin_username": "string",
"ssh_key": {
"key_data": "string",
},
},
local_account_disabled=False,
location="string",
maintenance_window={
"alloweds": [{
"day": "string",
"hours": [0],
}],
"not_alloweds": [{
"end": "string",
"start": "string",
}],
},
maintenance_window_auto_upgrade={
"duration": 0,
"frequency": "string",
"interval": 0,
"day_of_month": 0,
"day_of_week": "string",
"not_alloweds": [{
"end": "string",
"start": "string",
}],
"start_date": "string",
"start_time": "string",
"utc_offset": "string",
"week_index": "string",
},
maintenance_window_node_os={
"duration": 0,
"frequency": "string",
"interval": 0,
"day_of_month": 0,
"day_of_week": "string",
"not_alloweds": [{
"end": "string",
"start": "string",
}],
"start_date": "string",
"start_time": "string",
"utc_offset": "string",
"week_index": "string",
},
microsoft_defender={
"log_analytics_workspace_id": "string",
},
monitor_metrics={
"annotations_allowed": "string",
"labels_allowed": "string",
},
name="string",
network_profile={
"network_plugin": "string",
"network_mode": "string",
"network_plugin_mode": "string",
"load_balancer_sku": "string",
"nat_gateway_profile": {
"effective_outbound_ips": ["string"],
"idle_timeout_in_minutes": 0,
"managed_outbound_ip_count": 0,
},
"network_data_plane": "string",
"dns_service_ip": "string",
"ip_versions": ["string"],
"load_balancer_profile": {
"backend_pool_type": "string",
"effective_outbound_ips": ["string"],
"idle_timeout_in_minutes": 0,
"managed_outbound_ip_count": 0,
"managed_outbound_ipv6_count": 0,
"outbound_ip_address_ids": ["string"],
"outbound_ip_prefix_ids": ["string"],
"outbound_ports_allocated": 0,
},
"network_policy": "string",
"outbound_type": "string",
"pod_cidr": "string",
"pod_cidrs": ["string"],
"service_cidr": "string",
"service_cidrs": ["string"],
},
node_os_upgrade_channel="string",
node_resource_group="string",
oidc_issuer_enabled=False,
oms_agent={
"log_analytics_workspace_id": "string",
"msi_auth_for_monitoring_enabled": False,
"oms_agent_identities": [{
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
}],
},
open_service_mesh_enabled=False,
private_cluster_enabled=False,
private_cluster_public_fqdn_enabled=False,
private_dns_zone_id="string",
role_based_access_control_enabled=False,
run_command_enabled=False,
service_mesh_profile={
"mode": "string",
"revisions": ["string"],
"certificate_authority": {
"cert_chain_object_name": "string",
"cert_object_name": "string",
"key_object_name": "string",
"key_vault_id": "string",
"root_cert_object_name": "string",
},
"external_ingress_gateway_enabled": False,
"internal_ingress_gateway_enabled": False,
},
service_principal={
"client_id": "string",
"client_secret": "string",
},
sku_tier="string",
storage_profile={
"blob_driver_enabled": False,
"disk_driver_enabled": False,
"file_driver_enabled": False,
"snapshot_controller_enabled": False,
},
support_plan="string",
tags={
"string": "string",
},
web_app_routing={
"dns_zone_ids": ["string"],
"web_app_routing_identities": [{
"client_id": "string",
"object_id": "string",
"user_assigned_identity_id": "string",
}],
},
windows_profile={
"admin_password": "string",
"admin_username": "string",
"gmsa": {
"dns_server": "string",
"root_domain": "string",
},
"license": "string",
},
workload_autoscaler_profile={
"keda_enabled": False,
"vertical_pod_autoscaler_enabled": False,
},
workload_identity_enabled=False)
const kubernetesClusterResource = new azure.containerservice.KubernetesCluster("kubernetesClusterResource", {
defaultNodePool: {
name: "string",
vmSize: "string",
onlyCriticalAddonsEnabled: false,
maxCount: 0,
hostEncryptionEnabled: false,
hostGroupId: "string",
autoScalingEnabled: false,
kubeletDiskType: "string",
linuxOsConfig: {
swapFileSizeMb: 0,
sysctlConfig: {
fsAioMaxNr: 0,
fsFileMax: 0,
fsInotifyMaxUserWatches: 0,
fsNrOpen: 0,
kernelThreadsMax: 0,
netCoreNetdevMaxBacklog: 0,
netCoreOptmemMax: 0,
netCoreRmemDefault: 0,
netCoreRmemMax: 0,
netCoreSomaxconn: 0,
netCoreWmemDefault: 0,
netCoreWmemMax: 0,
netIpv4IpLocalPortRangeMax: 0,
netIpv4IpLocalPortRangeMin: 0,
netIpv4NeighDefaultGcThresh1: 0,
netIpv4NeighDefaultGcThresh2: 0,
netIpv4NeighDefaultGcThresh3: 0,
netIpv4TcpFinTimeout: 0,
netIpv4TcpKeepaliveIntvl: 0,
netIpv4TcpKeepaliveProbes: 0,
netIpv4TcpKeepaliveTime: 0,
netIpv4TcpMaxSynBacklog: 0,
netIpv4TcpMaxTwBuckets: 0,
netIpv4TcpTwReuse: false,
netNetfilterNfConntrackBuckets: 0,
netNetfilterNfConntrackMax: 0,
vmMaxMapCount: 0,
vmSwappiness: 0,
vmVfsCachePressure: 0,
},
transparentHugePageDefrag: "string",
transparentHugePageEnabled: "string",
},
orchestratorVersion: "string",
maxPods: 0,
osDiskSizeGb: 0,
fipsEnabled: false,
nodeCount: 0,
nodeLabels: {
string: "string",
},
nodeNetworkProfile: {
allowedHostPorts: [{
portEnd: 0,
portStart: 0,
protocol: "string",
}],
applicationSecurityGroupIds: ["string"],
nodePublicIpTags: {
string: "string",
},
},
nodePublicIpEnabled: false,
nodePublicIpPrefixId: "string",
kubeletConfig: {
allowedUnsafeSysctls: ["string"],
containerLogMaxLine: 0,
containerLogMaxSizeMb: 0,
cpuCfsQuotaEnabled: false,
cpuCfsQuotaPeriod: "string",
cpuManagerPolicy: "string",
imageGcHighThreshold: 0,
imageGcLowThreshold: 0,
podMaxPid: 0,
topologyManagerPolicy: "string",
},
gpuInstance: "string",
minCount: 0,
osDiskType: "string",
osSku: "string",
podSubnetId: "string",
proximityPlacementGroupId: "string",
scaleDownMode: "string",
snapshotId: "string",
tags: {
string: "string",
},
temporaryNameForRotation: "string",
type: "string",
ultraSsdEnabled: false,
upgradeSettings: {
maxSurge: "string",
drainTimeoutInMinutes: 0,
nodeSoakDurationInMinutes: 0,
},
capacityReservationGroupId: "string",
vnetSubnetId: "string",
workloadRuntime: "string",
zones: ["string"],
},
resourceGroupName: "string",
aciConnectorLinux: {
subnetName: "string",
connectorIdentities: [{
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
}],
},
apiServerAccessProfile: {
authorizedIpRanges: ["string"],
},
autoScalerProfile: {
balanceSimilarNodeGroups: false,
daemonsetEvictionForEmptyNodesEnabled: false,
daemonsetEvictionForOccupiedNodesEnabled: false,
emptyBulkDeleteMax: "string",
expander: "string",
ignoreDaemonsetsUtilizationEnabled: false,
maxGracefulTerminationSec: "string",
maxNodeProvisioningTime: "string",
maxUnreadyNodes: 0,
maxUnreadyPercentage: 0,
newPodScaleUpDelay: "string",
scaleDownDelayAfterAdd: "string",
scaleDownDelayAfterDelete: "string",
scaleDownDelayAfterFailure: "string",
scaleDownUnneeded: "string",
scaleDownUnready: "string",
scaleDownUtilizationThreshold: "string",
scanInterval: "string",
skipNodesWithLocalStorage: false,
skipNodesWithSystemPods: false,
},
automaticUpgradeChannel: "string",
azureActiveDirectoryRoleBasedAccessControl: {
adminGroupObjectIds: ["string"],
azureRbacEnabled: false,
tenantId: "string",
},
azurePolicyEnabled: false,
confidentialComputing: {
sgxQuoteHelperEnabled: false,
},
costAnalysisEnabled: false,
diskEncryptionSetId: "string",
dnsPrefix: "string",
dnsPrefixPrivateCluster: "string",
edgeZone: "string",
httpApplicationRoutingEnabled: false,
httpProxyConfig: {
httpProxy: "string",
httpsProxy: "string",
noProxies: ["string"],
trustedCa: "string",
},
identity: {
type: "string",
identityIds: ["string"],
principalId: "string",
tenantId: "string",
},
imageCleanerEnabled: false,
imageCleanerIntervalHours: 0,
ingressApplicationGateway: {
effectiveGatewayId: "string",
gatewayId: "string",
gatewayName: "string",
ingressApplicationGatewayIdentities: [{
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
}],
subnetCidr: "string",
subnetId: "string",
},
keyManagementService: {
keyVaultKeyId: "string",
keyVaultNetworkAccess: "string",
},
keyVaultSecretsProvider: {
secretIdentities: [{
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
}],
secretRotationEnabled: false,
secretRotationInterval: "string",
},
kubeletIdentity: {
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
},
kubernetesVersion: "string",
linuxProfile: {
adminUsername: "string",
sshKey: {
keyData: "string",
},
},
localAccountDisabled: false,
location: "string",
maintenanceWindow: {
alloweds: [{
day: "string",
hours: [0],
}],
notAlloweds: [{
end: "string",
start: "string",
}],
},
maintenanceWindowAutoUpgrade: {
duration: 0,
frequency: "string",
interval: 0,
dayOfMonth: 0,
dayOfWeek: "string",
notAlloweds: [{
end: "string",
start: "string",
}],
startDate: "string",
startTime: "string",
utcOffset: "string",
weekIndex: "string",
},
maintenanceWindowNodeOs: {
duration: 0,
frequency: "string",
interval: 0,
dayOfMonth: 0,
dayOfWeek: "string",
notAlloweds: [{
end: "string",
start: "string",
}],
startDate: "string",
startTime: "string",
utcOffset: "string",
weekIndex: "string",
},
microsoftDefender: {
logAnalyticsWorkspaceId: "string",
},
monitorMetrics: {
annotationsAllowed: "string",
labelsAllowed: "string",
},
name: "string",
networkProfile: {
networkPlugin: "string",
networkMode: "string",
networkPluginMode: "string",
loadBalancerSku: "string",
natGatewayProfile: {
effectiveOutboundIps: ["string"],
idleTimeoutInMinutes: 0,
managedOutboundIpCount: 0,
},
networkDataPlane: "string",
dnsServiceIp: "string",
ipVersions: ["string"],
loadBalancerProfile: {
backendPoolType: "string",
effectiveOutboundIps: ["string"],
idleTimeoutInMinutes: 0,
managedOutboundIpCount: 0,
managedOutboundIpv6Count: 0,
outboundIpAddressIds: ["string"],
outboundIpPrefixIds: ["string"],
outboundPortsAllocated: 0,
},
networkPolicy: "string",
outboundType: "string",
podCidr: "string",
podCidrs: ["string"],
serviceCidr: "string",
serviceCidrs: ["string"],
},
nodeOsUpgradeChannel: "string",
nodeResourceGroup: "string",
oidcIssuerEnabled: false,
omsAgent: {
logAnalyticsWorkspaceId: "string",
msiAuthForMonitoringEnabled: false,
omsAgentIdentities: [{
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
}],
},
openServiceMeshEnabled: false,
privateClusterEnabled: false,
privateClusterPublicFqdnEnabled: false,
privateDnsZoneId: "string",
roleBasedAccessControlEnabled: false,
runCommandEnabled: false,
serviceMeshProfile: {
mode: "string",
revisions: ["string"],
certificateAuthority: {
certChainObjectName: "string",
certObjectName: "string",
keyObjectName: "string",
keyVaultId: "string",
rootCertObjectName: "string",
},
externalIngressGatewayEnabled: false,
internalIngressGatewayEnabled: false,
},
servicePrincipal: {
clientId: "string",
clientSecret: "string",
},
skuTier: "string",
storageProfile: {
blobDriverEnabled: false,
diskDriverEnabled: false,
fileDriverEnabled: false,
snapshotControllerEnabled: false,
},
supportPlan: "string",
tags: {
string: "string",
},
webAppRouting: {
dnsZoneIds: ["string"],
webAppRoutingIdentities: [{
clientId: "string",
objectId: "string",
userAssignedIdentityId: "string",
}],
},
windowsProfile: {
adminPassword: "string",
adminUsername: "string",
gmsa: {
dnsServer: "string",
rootDomain: "string",
},
license: "string",
},
workloadAutoscalerProfile: {
kedaEnabled: false,
verticalPodAutoscalerEnabled: false,
},
workloadIdentityEnabled: false,
});
type: azure:containerservice:KubernetesCluster
properties:
aciConnectorLinux:
connectorIdentities:
- clientId: string
objectId: string
userAssignedIdentityId: string
subnetName: string
apiServerAccessProfile:
authorizedIpRanges:
- string
autoScalerProfile:
balanceSimilarNodeGroups: false
daemonsetEvictionForEmptyNodesEnabled: false
daemonsetEvictionForOccupiedNodesEnabled: false
emptyBulkDeleteMax: string
expander: string
ignoreDaemonsetsUtilizationEnabled: false
maxGracefulTerminationSec: string
maxNodeProvisioningTime: string
maxUnreadyNodes: 0
maxUnreadyPercentage: 0
newPodScaleUpDelay: string
scaleDownDelayAfterAdd: string
scaleDownDelayAfterDelete: string
scaleDownDelayAfterFailure: string
scaleDownUnneeded: string
scaleDownUnready: string
scaleDownUtilizationThreshold: string
scanInterval: string
skipNodesWithLocalStorage: false
skipNodesWithSystemPods: false
automaticUpgradeChannel: string
azureActiveDirectoryRoleBasedAccessControl:
adminGroupObjectIds:
- string
azureRbacEnabled: false
tenantId: string
azurePolicyEnabled: false
confidentialComputing:
sgxQuoteHelperEnabled: false
costAnalysisEnabled: false
defaultNodePool:
autoScalingEnabled: false
capacityReservationGroupId: string
fipsEnabled: false
gpuInstance: string
hostEncryptionEnabled: false
hostGroupId: string
kubeletConfig:
allowedUnsafeSysctls:
- string
containerLogMaxLine: 0
containerLogMaxSizeMb: 0
cpuCfsQuotaEnabled: false
cpuCfsQuotaPeriod: string
cpuManagerPolicy: string
imageGcHighThreshold: 0
imageGcLowThreshold: 0
podMaxPid: 0
topologyManagerPolicy: string
kubeletDiskType: string
linuxOsConfig:
swapFileSizeMb: 0
sysctlConfig:
fsAioMaxNr: 0
fsFileMax: 0
fsInotifyMaxUserWatches: 0
fsNrOpen: 0
kernelThreadsMax: 0
netCoreNetdevMaxBacklog: 0
netCoreOptmemMax: 0
netCoreRmemDefault: 0
netCoreRmemMax: 0
netCoreSomaxconn: 0
netCoreWmemDefault: 0
netCoreWmemMax: 0
netIpv4IpLocalPortRangeMax: 0
netIpv4IpLocalPortRangeMin: 0
netIpv4NeighDefaultGcThresh1: 0
netIpv4NeighDefaultGcThresh2: 0
netIpv4NeighDefaultGcThresh3: 0
netIpv4TcpFinTimeout: 0
netIpv4TcpKeepaliveIntvl: 0
netIpv4TcpKeepaliveProbes: 0
netIpv4TcpKeepaliveTime: 0
netIpv4TcpMaxSynBacklog: 0
netIpv4TcpMaxTwBuckets: 0
netIpv4TcpTwReuse: false
netNetfilterNfConntrackBuckets: 0
netNetfilterNfConntrackMax: 0
vmMaxMapCount: 0
vmSwappiness: 0
vmVfsCachePressure: 0
transparentHugePageDefrag: string
transparentHugePageEnabled: string
maxCount: 0
maxPods: 0
minCount: 0
name: string
nodeCount: 0
nodeLabels:
string: string
nodeNetworkProfile:
allowedHostPorts:
- portEnd: 0
portStart: 0
protocol: string
applicationSecurityGroupIds:
- string
nodePublicIpTags:
string: string
nodePublicIpEnabled: false
nodePublicIpPrefixId: string
onlyCriticalAddonsEnabled: false
orchestratorVersion: string
osDiskSizeGb: 0
osDiskType: string
osSku: string
podSubnetId: string
proximityPlacementGroupId: string
scaleDownMode: string
snapshotId: string
tags:
string: string
temporaryNameForRotation: string
type: string
ultraSsdEnabled: false
upgradeSettings:
drainTimeoutInMinutes: 0
maxSurge: string
nodeSoakDurationInMinutes: 0
vmSize: string
vnetSubnetId: string
workloadRuntime: string
zones:
- string
diskEncryptionSetId: string
dnsPrefix: string
dnsPrefixPrivateCluster: string
edgeZone: string
httpApplicationRoutingEnabled: false
httpProxyConfig:
httpProxy: string
httpsProxy: string
noProxies:
- string
trustedCa: string
identity:
identityIds:
- string
principalId: string
tenantId: string
type: string
imageCleanerEnabled: false
imageCleanerIntervalHours: 0
ingressApplicationGateway:
effectiveGatewayId: string
gatewayId: string
gatewayName: string
ingressApplicationGatewayIdentities:
- clientId: string
objectId: string
userAssignedIdentityId: string
subnetCidr: string
subnetId: string
keyManagementService:
keyVaultKeyId: string
keyVaultNetworkAccess: string
keyVaultSecretsProvider:
secretIdentities:
- clientId: string
objectId: string
userAssignedIdentityId: string
secretRotationEnabled: false
secretRotationInterval: string
kubeletIdentity:
clientId: string
objectId: string
userAssignedIdentityId: string
kubernetesVersion: string
linuxProfile:
adminUsername: string
sshKey:
keyData: string
localAccountDisabled: false
location: string
maintenanceWindow:
alloweds:
- day: string
hours:
- 0
notAlloweds:
- end: string
start: string
maintenanceWindowAutoUpgrade:
dayOfMonth: 0
dayOfWeek: string
duration: 0
frequency: string
interval: 0
notAlloweds:
- end: string
start: string
startDate: string
startTime: string
utcOffset: string
weekIndex: string
maintenanceWindowNodeOs:
dayOfMonth: 0
dayOfWeek: string
duration: 0
frequency: string
interval: 0
notAlloweds:
- end: string
start: string
startDate: string
startTime: string
utcOffset: string
weekIndex: string
microsoftDefender:
logAnalyticsWorkspaceId: string
monitorMetrics:
annotationsAllowed: string
labelsAllowed: string
name: string
networkProfile:
dnsServiceIp: string
ipVersions:
- string
loadBalancerProfile:
backendPoolType: string
effectiveOutboundIps:
- string
idleTimeoutInMinutes: 0
managedOutboundIpCount: 0
managedOutboundIpv6Count: 0
outboundIpAddressIds:
- string
outboundIpPrefixIds:
- string
outboundPortsAllocated: 0
loadBalancerSku: string
natGatewayProfile:
effectiveOutboundIps:
- string
idleTimeoutInMinutes: 0
managedOutboundIpCount: 0
networkDataPlane: string
networkMode: string
networkPlugin: string
networkPluginMode: string
networkPolicy: string
outboundType: string
podCidr: string
podCidrs:
- string
serviceCidr: string
serviceCidrs:
- string
nodeOsUpgradeChannel: string
nodeResourceGroup: string
oidcIssuerEnabled: false
omsAgent:
logAnalyticsWorkspaceId: string
msiAuthForMonitoringEnabled: false
omsAgentIdentities:
- clientId: string
objectId: string
userAssignedIdentityId: string
openServiceMeshEnabled: false
privateClusterEnabled: false
privateClusterPublicFqdnEnabled: false
privateDnsZoneId: string
resourceGroupName: string
roleBasedAccessControlEnabled: false
runCommandEnabled: false
serviceMeshProfile:
certificateAuthority:
certChainObjectName: string
certObjectName: string
keyObjectName: string
keyVaultId: string
rootCertObjectName: string
externalIngressGatewayEnabled: false
internalIngressGatewayEnabled: false
mode: string
revisions:
- string
servicePrincipal:
clientId: string
clientSecret: string
skuTier: string
storageProfile:
blobDriverEnabled: false
diskDriverEnabled: false
fileDriverEnabled: false
snapshotControllerEnabled: false
supportPlan: string
tags:
string: string
webAppRouting:
dnsZoneIds:
- string
webAppRoutingIdentities:
- clientId: string
objectId: string
userAssignedIdentityId: string
windowsProfile:
adminPassword: string
adminUsername: string
gmsa:
dnsServer: string
rootDomain: string
license: string
workloadAutoscalerProfile:
kedaEnabled: false
verticalPodAutoscalerEnabled: false
workloadIdentityEnabled: false
KubernetesCluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KubernetesCluster resource accepts the following input properties:
- Default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - Resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - Api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - Auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - Automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- Azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - Azure
Policy boolEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- Confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - Cost
Analysis boolEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - Disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- Dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- Dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- Edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Http
Application boolRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- Http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - Identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Image
Cleaner boolEnabled - Specifies whether Image Cleaner is enabled.
- Image
Cleaner intInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - Ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- Key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - Key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - Kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - Kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- Linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - Local
Account boolDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- Location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- Maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - Maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - Maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - Microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - Monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- Name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- Network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- Node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- Node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- Oidc
Issuer boolEnabled - Enable or Disable the OIDC issuer URL
- Oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - Open
Service boolMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- Private
Cluster boolEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - Private
Cluster boolPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- Private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - Role
Based boolAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - Run
Command boolEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - Service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - Service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- Storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - Support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - Windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - Workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - Workload
Identity boolEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- Default
Node KubernetesPool Cluster Default Node Pool Args - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - Resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Aci
Connector KubernetesLinux Cluster Aci Connector Linux Args - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - Api
Server KubernetesAccess Profile Cluster Api Server Access Profile Args - An
api_server_access_profile
block as defined below. - Auto
Scaler KubernetesProfile Cluster Auto Scaler Profile Args - A
auto_scaler_profile
block as defined below. - Automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- Azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control Args - A
azure_active_directory_role_based_access_control
block as defined below. - Azure
Policy boolEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- Confidential
Computing KubernetesCluster Confidential Computing Args - A
confidential_computing
block as defined below. For more details please the documentation - Cost
Analysis boolEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - Disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- Dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- Dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- Edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Http
Application boolRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- Http
Proxy KubernetesConfig Cluster Http Proxy Config Args - A
http_proxy_config
block as defined below. - Identity
Kubernetes
Cluster Identity Args An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Image
Cleaner boolEnabled - Specifies whether Image Cleaner is enabled.
- Image
Cleaner intInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - Ingress
Application KubernetesGateway Cluster Ingress Application Gateway Args A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- Key
Management KubernetesService Cluster Key Management Service Args - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - Key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider Args - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - Kubelet
Identity KubernetesCluster Kubelet Identity Args - A
kubelet_identity
block as defined below. - Kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- Linux
Profile KubernetesCluster Linux Profile Args - A
linux_profile
block as defined below. - Local
Account boolDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- Location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- Maintenance
Window KubernetesCluster Maintenance Window Args - A
maintenance_window
block as defined below. - Maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade Args - A
maintenance_window_auto_upgrade
block as defined below. - Maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os Args - A
maintenance_window_node_os
block as defined below. - Microsoft
Defender KubernetesCluster Microsoft Defender Args - A
microsoft_defender
block as defined below. - Monitor
Metrics KubernetesCluster Monitor Metrics Args Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- Name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- Network
Profile KubernetesCluster Network Profile Args A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- Node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- Node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- Oidc
Issuer boolEnabled - Enable or Disable the OIDC issuer URL
- Oms
Agent KubernetesCluster Oms Agent Args - A
oms_agent
block as defined below. - Open
Service boolMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- Private
Cluster boolEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - Private
Cluster boolPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- Private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - Role
Based boolAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - Run
Command boolEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - Service
Mesh KubernetesProfile Cluster Service Mesh Profile Args - A
service_mesh_profile
block as defined below. - Service
Principal KubernetesCluster Service Principal Args A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- Storage
Profile KubernetesCluster Storage Profile Args - A
storage_profile
block as defined below. - Support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - map[string]string
- A mapping of tags to assign to the resource.
- Web
App KubernetesRouting Cluster Web App Routing Args - A
web_app_routing
block as defined below. - Windows
Profile KubernetesCluster Windows Profile Args - A
windows_profile
block as defined below. - Workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile Args - A
workload_autoscaler_profile
block defined below. - Workload
Identity boolEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - resource
Group StringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade StringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy BooleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis BooleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - disk
Encryption StringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix String - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix StringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone String - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- http
Application BooleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner BooleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner IntegerInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - kubernetes
Version String Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - local
Account BooleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location String
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name String
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os StringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource StringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- oidc
Issuer BooleanEnabled - Enable or Disable the OIDC issuer URL
- oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - open
Service BooleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- private
Cluster BooleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster BooleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns StringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - role
Based BooleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command BooleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier String The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - support
Plan String - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Map<String,String>
- A mapping of tags to assign to the resource.
- web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - workload
Identity BooleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy booleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis booleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- http
Application booleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner booleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner numberInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - local
Account booleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- oidc
Issuer booleanEnabled - Enable or Disable the OIDC issuer URL
- oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - open
Service booleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- private
Cluster booleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster booleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - role
Based booleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command booleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - workload
Identity booleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- default_
node_ Kubernetespool Cluster Default Node Pool Args - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - resource_
group_ strname - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- aci_
connector_ Kuberneteslinux Cluster Aci Connector Linux Args - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api_
server_ Kubernetesaccess_ profile Cluster Api Server Access Profile Args - An
api_server_access_profile
block as defined below. - auto_
scaler_ Kubernetesprofile Cluster Auto Scaler Profile Args - A
auto_scaler_profile
block as defined below. - automatic_
upgrade_ strchannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure_
active_ Kubernetesdirectory_ role_ based_ access_ control Cluster Azure Active Directory Role Based Access Control Args - A
azure_active_directory_role_based_access_control
block as defined below. - azure_
policy_ boolenabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential_
computing KubernetesCluster Confidential Computing Args - A
confidential_computing
block as defined below. For more details please the documentation - cost_
analysis_ boolenabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - disk_
encryption_ strset_ id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns_
prefix str - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns_
prefix_ strprivate_ cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge_
zone str - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- http_
application_ boolrouting_ enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http_
proxy_ Kubernetesconfig Cluster Http Proxy Config Args - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity Args An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image_
cleaner_ boolenabled - Specifies whether Image Cleaner is enabled.
- image_
cleaner_ intinterval_ hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress_
application_ Kubernetesgateway Cluster Ingress Application Gateway Args A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key_
management_ Kubernetesservice Cluster Key Management Service Args - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key_
vault_ Kubernetessecrets_ provider Cluster Key Vault Secrets Provider Args - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kubelet_
identity KubernetesCluster Kubelet Identity Args - A
kubelet_identity
block as defined below. - kubernetes_
version str Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux_
profile KubernetesCluster Linux Profile Args - A
linux_profile
block as defined below. - local_
account_ booldisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location str
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance_
window KubernetesCluster Maintenance Window Args - A
maintenance_window
block as defined below. - maintenance_
window_ Kubernetesauto_ upgrade Cluster Maintenance Window Auto Upgrade Args - A
maintenance_window_auto_upgrade
block as defined below. - maintenance_
window_ Kubernetesnode_ os Cluster Maintenance Window Node Os Args - A
maintenance_window_node_os
block as defined below. - microsoft_
defender KubernetesCluster Microsoft Defender Args - A
microsoft_defender
block as defined below. - monitor_
metrics KubernetesCluster Monitor Metrics Args Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name str
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network_
profile KubernetesCluster Network Profile Args A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node_
os_ strupgrade_ channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node_
resource_ strgroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- oidc_
issuer_ boolenabled - Enable or Disable the OIDC issuer URL
- oms_
agent KubernetesCluster Oms Agent Args - A
oms_agent
block as defined below. - open_
service_ boolmesh_ enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- private_
cluster_ boolenabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private_
cluster_ boolpublic_ fqdn_ enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private_
dns_ strzone_ id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - role_
based_ boolaccess_ control_ enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run_
command_ boolenabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service_
mesh_ Kubernetesprofile Cluster Service Mesh Profile Args - A
service_mesh_profile
block as defined below. - service_
principal KubernetesCluster Service Principal Args A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku_
tier str The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage_
profile KubernetesCluster Storage Profile Args - A
storage_profile
block as defined below. - support_
plan str - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- web_
app_ Kubernetesrouting Cluster Web App Routing Args - A
web_app_routing
block as defined below. - windows_
profile KubernetesCluster Windows Profile Args - A
windows_profile
block as defined below. - workload_
autoscaler_ Kubernetesprofile Cluster Workload Autoscaler Profile Args - A
workload_autoscaler_profile
block defined below. - workload_
identity_ boolenabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- default
Node Property MapPool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - resource
Group StringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- aci
Connector Property MapLinux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server Property MapAccess Profile - An
api_server_access_profile
block as defined below. - auto
Scaler Property MapProfile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade StringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active Property MapDirectory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy BooleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing Property Map - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis BooleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - disk
Encryption StringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix String - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix StringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone String - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- http
Application BooleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Proxy Property MapConfig - A
http_proxy_config
block as defined below. - identity Property Map
An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner BooleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner NumberInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application Property MapGateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management Property MapService - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault Property MapSecrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kubelet
Identity Property Map - A
kubelet_identity
block as defined below. - kubernetes
Version String Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile Property Map - A
linux_profile
block as defined below. - local
Account BooleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location String
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window Property Map - A
maintenance_window
block as defined below. - maintenance
Window Property MapAuto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window Property MapNode Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender Property Map - A
microsoft_defender
block as defined below. - monitor
Metrics Property Map Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name String
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile Property Map A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os StringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource StringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- oidc
Issuer BooleanEnabled - Enable or Disable the OIDC issuer URL
- oms
Agent Property Map - A
oms_agent
block as defined below. - open
Service BooleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- private
Cluster BooleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster BooleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns StringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - role
Based BooleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command BooleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh Property MapProfile - A
service_mesh_profile
block as defined below. - service
Principal Property Map A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier String The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile Property Map - A
storage_profile
block as defined below. - support
Plan String - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Map<String>
- A mapping of tags to assign to the resource.
- web
App Property MapRouting - A
web_app_routing
block as defined below. - windows
Profile Property Map - A
windows_profile
block as defined below. - workload
Autoscaler Property MapProfile - A
workload_autoscaler_profile
block defined below. - workload
Identity BooleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
Outputs
All input properties are implicitly available as output properties. Additionally, the KubernetesCluster resource produces the following output properties:
- Current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- Fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- Http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- Kube
Admin List<KubernetesConfigs Cluster Kube Admin Config> - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - Kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- Kube
Configs List<KubernetesCluster Kube Config> - A
kube_config
block as defined below. - Node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- Oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- Portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- Fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- Http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- Id string
- The provider-assigned unique ID for this managed resource.
- Kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- Kube
Admin []KubernetesConfigs Cluster Kube Admin Config - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - Kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- Kube
Configs []KubernetesCluster Kube Config - A
kube_config
block as defined below. - Node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- Oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- Portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- current
Kubernetes StringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- fqdn String
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application StringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- id String
- The provider-assigned unique ID for this managed resource.
- kube
Admin StringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin List<KubernetesConfigs Cluster Kube Admin Config> - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config StringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs List<KubernetesCluster Kube Config> - A
kube_config
block as defined below. - node
Resource StringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer StringUrl - The OIDC issuer URL that is associated with the cluster.
- portal
Fqdn String - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Fqdn String - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- id string
- The provider-assigned unique ID for this managed resource.
- kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin KubernetesConfigs Cluster Kube Admin Config[] - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs KubernetesCluster Kube Config[] - A
kube_config
block as defined below. - node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- current_
kubernetes_ strversion - The current version running on the Azure Kubernetes Managed Cluster.
- fqdn str
- The FQDN of the Azure Kubernetes Managed Cluster.
- http_
application_ strrouting_ zone_ name - The Zone Name of the HTTP Application Routing.
- id str
- The provider-assigned unique ID for this managed resource.
- kube_
admin_ strconfig_ raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube_
admin_ Sequence[Kubernetesconfigs Cluster Kube Admin Config] - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube_
config_ strraw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube_
configs Sequence[KubernetesCluster Kube Config] - A
kube_config
block as defined below. - node_
resource_ strgroup_ id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc_
issuer_ strurl - The OIDC issuer URL that is associated with the cluster.
- portal_
fqdn str - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private_
fqdn str - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- current
Kubernetes StringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- fqdn String
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application StringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- id String
- The provider-assigned unique ID for this managed resource.
- kube
Admin StringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin List<Property Map>Configs - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config StringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs List<Property Map> - A
kube_config
block as defined below. - node
Resource StringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer StringUrl - The OIDC issuer URL that is associated with the cluster.
- portal
Fqdn String - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Fqdn String - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
Look up Existing KubernetesCluster Resource
Get an existing KubernetesCluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KubernetesClusterState, opts?: CustomResourceOptions): KubernetesCluster
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aci_connector_linux: Optional[KubernetesClusterAciConnectorLinuxArgs] = None,
api_server_access_profile: Optional[KubernetesClusterApiServerAccessProfileArgs] = None,
auto_scaler_profile: Optional[KubernetesClusterAutoScalerProfileArgs] = None,
automatic_upgrade_channel: Optional[str] = None,
azure_active_directory_role_based_access_control: Optional[KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs] = None,
azure_policy_enabled: Optional[bool] = None,
confidential_computing: Optional[KubernetesClusterConfidentialComputingArgs] = None,
cost_analysis_enabled: Optional[bool] = None,
current_kubernetes_version: Optional[str] = None,
default_node_pool: Optional[KubernetesClusterDefaultNodePoolArgs] = None,
disk_encryption_set_id: Optional[str] = None,
dns_prefix: Optional[str] = None,
dns_prefix_private_cluster: Optional[str] = None,
edge_zone: Optional[str] = None,
fqdn: Optional[str] = None,
http_application_routing_enabled: Optional[bool] = None,
http_application_routing_zone_name: Optional[str] = None,
http_proxy_config: Optional[KubernetesClusterHttpProxyConfigArgs] = None,
identity: Optional[KubernetesClusterIdentityArgs] = None,
image_cleaner_enabled: Optional[bool] = None,
image_cleaner_interval_hours: Optional[int] = None,
ingress_application_gateway: Optional[KubernetesClusterIngressApplicationGatewayArgs] = None,
key_management_service: Optional[KubernetesClusterKeyManagementServiceArgs] = None,
key_vault_secrets_provider: Optional[KubernetesClusterKeyVaultSecretsProviderArgs] = None,
kube_admin_config_raw: Optional[str] = None,
kube_admin_configs: Optional[Sequence[KubernetesClusterKubeAdminConfigArgs]] = None,
kube_config_raw: Optional[str] = None,
kube_configs: Optional[Sequence[KubernetesClusterKubeConfigArgs]] = None,
kubelet_identity: Optional[KubernetesClusterKubeletIdentityArgs] = None,
kubernetes_version: Optional[str] = None,
linux_profile: Optional[KubernetesClusterLinuxProfileArgs] = None,
local_account_disabled: Optional[bool] = None,
location: Optional[str] = None,
maintenance_window: Optional[KubernetesClusterMaintenanceWindowArgs] = None,
maintenance_window_auto_upgrade: Optional[KubernetesClusterMaintenanceWindowAutoUpgradeArgs] = None,
maintenance_window_node_os: Optional[KubernetesClusterMaintenanceWindowNodeOsArgs] = None,
microsoft_defender: Optional[KubernetesClusterMicrosoftDefenderArgs] = None,
monitor_metrics: Optional[KubernetesClusterMonitorMetricsArgs] = None,
name: Optional[str] = None,
network_profile: Optional[KubernetesClusterNetworkProfileArgs] = None,
node_os_upgrade_channel: Optional[str] = None,
node_resource_group: Optional[str] = None,
node_resource_group_id: Optional[str] = None,
oidc_issuer_enabled: Optional[bool] = None,
oidc_issuer_url: Optional[str] = None,
oms_agent: Optional[KubernetesClusterOmsAgentArgs] = None,
open_service_mesh_enabled: Optional[bool] = None,
portal_fqdn: Optional[str] = None,
private_cluster_enabled: Optional[bool] = None,
private_cluster_public_fqdn_enabled: Optional[bool] = None,
private_dns_zone_id: Optional[str] = None,
private_fqdn: Optional[str] = None,
resource_group_name: Optional[str] = None,
role_based_access_control_enabled: Optional[bool] = None,
run_command_enabled: Optional[bool] = None,
service_mesh_profile: Optional[KubernetesClusterServiceMeshProfileArgs] = None,
service_principal: Optional[KubernetesClusterServicePrincipalArgs] = None,
sku_tier: Optional[str] = None,
storage_profile: Optional[KubernetesClusterStorageProfileArgs] = None,
support_plan: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
web_app_routing: Optional[KubernetesClusterWebAppRoutingArgs] = None,
windows_profile: Optional[KubernetesClusterWindowsProfileArgs] = None,
workload_autoscaler_profile: Optional[KubernetesClusterWorkloadAutoscalerProfileArgs] = None,
workload_identity_enabled: Optional[bool] = None) -> KubernetesCluster
func GetKubernetesCluster(ctx *Context, name string, id IDInput, state *KubernetesClusterState, opts ...ResourceOption) (*KubernetesCluster, error)
public static KubernetesCluster Get(string name, Input<string> id, KubernetesClusterState? state, CustomResourceOptions? opts = null)
public static KubernetesCluster get(String name, Output<String> id, KubernetesClusterState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - Api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - Auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - Automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- Azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - Azure
Policy boolEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- Confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - Cost
Analysis boolEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - Current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- Default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - Disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- Dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- Dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- Edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- Http
Application boolRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- Http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- Http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - Identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Image
Cleaner boolEnabled - Specifies whether Image Cleaner is enabled.
- Image
Cleaner intInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - Ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- Key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - Key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - Kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- Kube
Admin List<KubernetesConfigs Cluster Kube Admin Config> - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - Kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- Kube
Configs List<KubernetesCluster Kube Config> - A
kube_config
block as defined below. - Kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - Kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- Linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - Local
Account boolDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- Location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- Maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - Maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - Maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - Microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - Monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- Name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- Network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- Node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- Node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- Node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- Oidc
Issuer boolEnabled - Enable or Disable the OIDC issuer URL
- Oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- Oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - Open
Service boolMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- Portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Private
Cluster boolEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - Private
Cluster boolPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- Private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - Private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Role
Based boolAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - Run
Command boolEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - Service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - Service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- Storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - Support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - Windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - Workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - Workload
Identity boolEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- Aci
Connector KubernetesLinux Cluster Aci Connector Linux Args - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - Api
Server KubernetesAccess Profile Cluster Api Server Access Profile Args - An
api_server_access_profile
block as defined below. - Auto
Scaler KubernetesProfile Cluster Auto Scaler Profile Args - A
auto_scaler_profile
block as defined below. - Automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- Azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control Args - A
azure_active_directory_role_based_access_control
block as defined below. - Azure
Policy boolEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- Confidential
Computing KubernetesCluster Confidential Computing Args - A
confidential_computing
block as defined below. For more details please the documentation - Cost
Analysis boolEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - Current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- Default
Node KubernetesPool Cluster Default Node Pool Args - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - Disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- Dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- Dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- Edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- Http
Application boolRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- Http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- Http
Proxy KubernetesConfig Cluster Http Proxy Config Args - A
http_proxy_config
block as defined below. - Identity
Kubernetes
Cluster Identity Args An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Image
Cleaner boolEnabled - Specifies whether Image Cleaner is enabled.
- Image
Cleaner intInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - Ingress
Application KubernetesGateway Cluster Ingress Application Gateway Args A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- Key
Management KubernetesService Cluster Key Management Service Args - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - Key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider Args - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - Kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- Kube
Admin []KubernetesConfigs Cluster Kube Admin Config Args - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - Kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- Kube
Configs []KubernetesCluster Kube Config Args - A
kube_config
block as defined below. - Kubelet
Identity KubernetesCluster Kubelet Identity Args - A
kubelet_identity
block as defined below. - Kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- Linux
Profile KubernetesCluster Linux Profile Args - A
linux_profile
block as defined below. - Local
Account boolDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- Location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- Maintenance
Window KubernetesCluster Maintenance Window Args - A
maintenance_window
block as defined below. - Maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade Args - A
maintenance_window_auto_upgrade
block as defined below. - Maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os Args - A
maintenance_window_node_os
block as defined below. - Microsoft
Defender KubernetesCluster Microsoft Defender Args - A
microsoft_defender
block as defined below. - Monitor
Metrics KubernetesCluster Monitor Metrics Args Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- Name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- Network
Profile KubernetesCluster Network Profile Args A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- Node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- Node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- Node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- Oidc
Issuer boolEnabled - Enable or Disable the OIDC issuer URL
- Oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- Oms
Agent KubernetesCluster Oms Agent Args - A
oms_agent
block as defined below. - Open
Service boolMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- Portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Private
Cluster boolEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - Private
Cluster boolPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- Private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - Private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- Resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- Role
Based boolAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - Run
Command boolEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - Service
Mesh KubernetesProfile Cluster Service Mesh Profile Args - A
service_mesh_profile
block as defined below. - Service
Principal KubernetesCluster Service Principal Args A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- Sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- Storage
Profile KubernetesCluster Storage Profile Args - A
storage_profile
block as defined below. - Support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - map[string]string
- A mapping of tags to assign to the resource.
- Web
App KubernetesRouting Cluster Web App Routing Args - A
web_app_routing
block as defined below. - Windows
Profile KubernetesCluster Windows Profile Args - A
windows_profile
block as defined below. - Workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile Args - A
workload_autoscaler_profile
block defined below. - Workload
Identity boolEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade StringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy BooleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis BooleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - current
Kubernetes StringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - disk
Encryption StringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix String - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix StringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone String - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- fqdn String
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application BooleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Application StringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner BooleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner IntegerInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kube
Admin StringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin List<KubernetesConfigs Cluster Kube Admin Config> - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config StringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs List<KubernetesCluster Kube Config> - A
kube_config
block as defined below. - kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - kubernetes
Version String Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - local
Account BooleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location String
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name String
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os StringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource StringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- node
Resource StringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer BooleanEnabled - Enable or Disable the OIDC issuer URL
- oidc
Issuer StringUrl - The OIDC issuer URL that is associated with the cluster.
- oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - open
Service BooleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- portal
Fqdn String - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Cluster BooleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster BooleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns StringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - private
Fqdn String - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- resource
Group StringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- role
Based BooleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command BooleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier String The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - support
Plan String - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Map<String,String>
- A mapping of tags to assign to the resource.
- web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - workload
Identity BooleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- aci
Connector KubernetesLinux Cluster Aci Connector Linux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server KubernetesAccess Profile Cluster Api Server Access Profile - An
api_server_access_profile
block as defined below. - auto
Scaler KubernetesProfile Cluster Auto Scaler Profile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade stringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active KubernetesDirectory Role Based Access Control Cluster Azure Active Directory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy booleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing KubernetesCluster Confidential Computing - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis booleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - current
Kubernetes stringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- default
Node KubernetesPool Cluster Default Node Pool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - disk
Encryption stringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix string - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix stringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone string - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- fqdn string
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application booleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Application stringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- http
Proxy KubernetesConfig Cluster Http Proxy Config - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner booleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner numberInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application KubernetesGateway Cluster Ingress Application Gateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management KubernetesService Cluster Key Management Service - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault KubernetesSecrets Provider Cluster Key Vault Secrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kube
Admin stringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin KubernetesConfigs Cluster Kube Admin Config[] - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config stringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs KubernetesCluster Kube Config[] - A
kube_config
block as defined below. - kubelet
Identity KubernetesCluster Kubelet Identity - A
kubelet_identity
block as defined below. - kubernetes
Version string Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile KubernetesCluster Linux Profile - A
linux_profile
block as defined below. - local
Account booleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location string
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window KubernetesCluster Maintenance Window - A
maintenance_window
block as defined below. - maintenance
Window KubernetesAuto Upgrade Cluster Maintenance Window Auto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window KubernetesNode Os Cluster Maintenance Window Node Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender KubernetesCluster Microsoft Defender - A
microsoft_defender
block as defined below. - monitor
Metrics KubernetesCluster Monitor Metrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name string
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile KubernetesCluster Network Profile A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os stringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource stringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- node
Resource stringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer booleanEnabled - Enable or Disable the OIDC issuer URL
- oidc
Issuer stringUrl - The OIDC issuer URL that is associated with the cluster.
- oms
Agent KubernetesCluster Oms Agent - A
oms_agent
block as defined below. - open
Service booleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- portal
Fqdn string - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Cluster booleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster booleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns stringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - private
Fqdn string - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- resource
Group stringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- role
Based booleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command booleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh KubernetesProfile Cluster Service Mesh Profile - A
service_mesh_profile
block as defined below. - service
Principal KubernetesCluster Service Principal A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier string The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile KubernetesCluster Storage Profile - A
storage_profile
block as defined below. - support
Plan string - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- web
App KubernetesRouting Cluster Web App Routing - A
web_app_routing
block as defined below. - windows
Profile KubernetesCluster Windows Profile - A
windows_profile
block as defined below. - workload
Autoscaler KubernetesProfile Cluster Workload Autoscaler Profile - A
workload_autoscaler_profile
block defined below. - workload
Identity booleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- aci_
connector_ Kuberneteslinux Cluster Aci Connector Linux Args - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api_
server_ Kubernetesaccess_ profile Cluster Api Server Access Profile Args - An
api_server_access_profile
block as defined below. - auto_
scaler_ Kubernetesprofile Cluster Auto Scaler Profile Args - A
auto_scaler_profile
block as defined below. - automatic_
upgrade_ strchannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure_
active_ Kubernetesdirectory_ role_ based_ access_ control Cluster Azure Active Directory Role Based Access Control Args - A
azure_active_directory_role_based_access_control
block as defined below. - azure_
policy_ boolenabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential_
computing KubernetesCluster Confidential Computing Args - A
confidential_computing
block as defined below. For more details please the documentation - cost_
analysis_ boolenabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - current_
kubernetes_ strversion - The current version running on the Azure Kubernetes Managed Cluster.
- default_
node_ Kubernetespool Cluster Default Node Pool Args - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - disk_
encryption_ strset_ id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns_
prefix str - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns_
prefix_ strprivate_ cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge_
zone str - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- fqdn str
- The FQDN of the Azure Kubernetes Managed Cluster.
- http_
application_ boolrouting_ enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http_
application_ strrouting_ zone_ name - The Zone Name of the HTTP Application Routing.
- http_
proxy_ Kubernetesconfig Cluster Http Proxy Config Args - A
http_proxy_config
block as defined below. - identity
Kubernetes
Cluster Identity Args An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image_
cleaner_ boolenabled - Specifies whether Image Cleaner is enabled.
- image_
cleaner_ intinterval_ hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress_
application_ Kubernetesgateway Cluster Ingress Application Gateway Args A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key_
management_ Kubernetesservice Cluster Key Management Service Args - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key_
vault_ Kubernetessecrets_ provider Cluster Key Vault Secrets Provider Args - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kube_
admin_ strconfig_ raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube_
admin_ Sequence[Kubernetesconfigs Cluster Kube Admin Config Args] - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube_
config_ strraw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube_
configs Sequence[KubernetesCluster Kube Config Args] - A
kube_config
block as defined below. - kubelet_
identity KubernetesCluster Kubelet Identity Args - A
kubelet_identity
block as defined below. - kubernetes_
version str Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux_
profile KubernetesCluster Linux Profile Args - A
linux_profile
block as defined below. - local_
account_ booldisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location str
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance_
window KubernetesCluster Maintenance Window Args - A
maintenance_window
block as defined below. - maintenance_
window_ Kubernetesauto_ upgrade Cluster Maintenance Window Auto Upgrade Args - A
maintenance_window_auto_upgrade
block as defined below. - maintenance_
window_ Kubernetesnode_ os Cluster Maintenance Window Node Os Args - A
maintenance_window_node_os
block as defined below. - microsoft_
defender KubernetesCluster Microsoft Defender Args - A
microsoft_defender
block as defined below. - monitor_
metrics KubernetesCluster Monitor Metrics Args Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name str
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network_
profile KubernetesCluster Network Profile Args A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node_
os_ strupgrade_ channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node_
resource_ strgroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- node_
resource_ strgroup_ id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc_
issuer_ boolenabled - Enable or Disable the OIDC issuer URL
- oidc_
issuer_ strurl - The OIDC issuer URL that is associated with the cluster.
- oms_
agent KubernetesCluster Oms Agent Args - A
oms_agent
block as defined below. - open_
service_ boolmesh_ enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- portal_
fqdn str - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private_
cluster_ boolenabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private_
cluster_ boolpublic_ fqdn_ enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private_
dns_ strzone_ id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - private_
fqdn str - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- resource_
group_ strname - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- role_
based_ boolaccess_ control_ enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run_
command_ boolenabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service_
mesh_ Kubernetesprofile Cluster Service Mesh Profile Args - A
service_mesh_profile
block as defined below. - service_
principal KubernetesCluster Service Principal Args A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku_
tier str The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage_
profile KubernetesCluster Storage Profile Args - A
storage_profile
block as defined below. - support_
plan str - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- web_
app_ Kubernetesrouting Cluster Web App Routing Args - A
web_app_routing
block as defined below. - windows_
profile KubernetesCluster Windows Profile Args - A
windows_profile
block as defined below. - workload_
autoscaler_ Kubernetesprofile Cluster Workload Autoscaler Profile Args - A
workload_autoscaler_profile
block defined below. - workload_
identity_ boolenabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
- aci
Connector Property MapLinux - A
aci_connector_linux
block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes. - api
Server Property MapAccess Profile - An
api_server_access_profile
block as defined below. - auto
Scaler Property MapProfile - A
auto_scaler_profile
block as defined below. - automatic
Upgrade StringChannel The upgrade channel for this Kubernetes Cluster. Possible values are
patch
,rapid
,node-image
andstable
. Omitting this field sets this value tonone
.!> Note: Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please see the Azure documentation for more information.
Note: Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
- azure
Active Property MapDirectory Role Based Access Control - A
azure_active_directory_role_based_access_control
block as defined below. - azure
Policy BooleanEnabled - Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service
- confidential
Computing Property Map - A
confidential_computing
block as defined below. For more details please the documentation - cost
Analysis BooleanEnabled - Should cost analysis be enabled for this Kubernetes Cluster? Defaults to
false
. Thesku_tier
must be set toStandard
orPremium
to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. - current
Kubernetes StringVersion - The current version running on the Azure Kubernetes Managed Cluster.
- default
Node Property MapPool - Specifies configuration for "System" mode node pool. A
default_node_pool
block as defined below. - disk
Encryption StringSet Id - The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.
- dns
Prefix String - DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
- dns
Prefix StringPrivate Cluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
Note: You must define either a
dns_prefix
or adns_prefix_private_cluster
field.In addition, one of either
identity
orservice_principal
blocks must be specified.- edge
Zone String - Specifies the Extended Zone (formerly called Edge Zone) within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- fqdn String
- The FQDN of the Azure Kubernetes Managed Cluster.
- http
Application BooleanRouting Enabled Should HTTP Application Routing be enabled?
Note: At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
- http
Application StringRouting Zone Name - The Zone Name of the HTTP Application Routing.
- http
Proxy Property MapConfig - A
http_proxy_config
block as defined below. - identity Property Map
An
identity
block as defined below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- image
Cleaner BooleanEnabled - Specifies whether Image Cleaner is enabled.
- image
Cleaner NumberInterval Hours - Specifies the interval in hours when images should be cleaned up. Defaults to
0
. - ingress
Application Property MapGateway A
ingress_application_gateway
block as defined below.Note: Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the
Microsoft.Network/virtualNetworks/subnets/join/action
permission on the Virtual Network or Subnet. For more details, please visit Virtual Network Permission.- key
Management Property MapService - A
key_management_service
block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster. - key
Vault Property MapSecrets Provider - A
key_vault_secrets_provider
block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS. - kube
Admin StringConfig Raw - Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
- kube
Admin List<Property Map>Configs - A
kube_admin_config
block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled. - kube
Config StringRaw - Raw Kubernetes config to be used by kubectl and other compatible tools.
- kube
Configs List<Property Map> - A
kube_config
block as defined below. - kubelet
Identity Property Map - A
kubelet_identity
block as defined below. - kubernetes
Version String Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as
1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: Upgrading your cluster may take up to 10 minutes per node.
- linux
Profile Property Map - A
linux_profile
block as defined below. - local
Account BooleanDisabled If
true
local accounts will be disabled. See the documentation for more information.Note: If
local_account_disabled
is set totrue
, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See the documentation for more information.- location String
- The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
- maintenance
Window Property Map - A
maintenance_window
block as defined below. - maintenance
Window Property MapAuto Upgrade - A
maintenance_window_auto_upgrade
block as defined below. - maintenance
Window Property MapNode Os - A
maintenance_window_node_os
block as defined below. - microsoft
Defender Property Map - A
microsoft_defender
block as defined below. - monitor
Metrics Property Map Specifies a Prometheus add-on profile for the Kubernetes Cluster. A
monitor_metrics
block as defined below.Note: If deploying Managed Prometheus, the
monitor_metrics
properties are required to configure the cluster for metrics collection. If no value is needed, set properties tonull
.- name String
- The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
- network
Profile Property Map A
network_profile
block as defined below. Changing this forces a new resource to be created.Note: If
network_profile
is not defined,kubenet
profile will be used by default.- node
Os StringUpgrade Channel The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are
Unmanaged
,SecurityPatch
,NodeImage
andNone
. Defaults toNodeImage
.Note:
node_os_upgrade_channel
must be set toNodeImage
ifautomatic_upgrade_channel
has been set tonode-image
- node
Resource StringGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
Note: Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
- node
Resource StringGroup Id - The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
- oidc
Issuer BooleanEnabled - Enable or Disable the OIDC issuer URL
- oidc
Issuer StringUrl - The OIDC issuer URL that is associated with the cluster.
- oms
Agent Property Map - A
oms_agent
block as defined below. - open
Service BooleanMesh Enabled - Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.
- portal
Fqdn String - The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- private
Cluster BooleanEnabled - Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to
false
. Changing this forces a new resource to be created. - private
Cluster BooleanPublic Fqdn Enabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to
false
.Note: If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the
Private DNS Zone Contributor
role and access to this Private DNS Zone. IfUserAssigned
identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", { name: "example", location: "West Europe", }); const exampleZone = new azure.privatedns.Zone("example", { name: "privatelink.eastus2.azmk8s.io", resourceGroupName: example.name, }); const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", { name: "aks-example-identity", resourceGroupName: example.name, location: example.location, }); const exampleAssignment = new azure.authorization.Assignment("example", { scope: exampleZone.id, roleDefinitionName: "Private DNS Zone Contributor", principalId: exampleUserAssignedIdentity.principalId, }); const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", { name: "aksexamplewithprivatednszone1", location: example.location, resourceGroupName: example.name, dnsPrefix: "aksexamplednsprefix1", privateClusterEnabled: true, privateDnsZoneId: exampleZone.id, }, { dependsOn: [exampleAssignment], });
import pulumi import pulumi_azure as azure example = azure.core.ResourceGroup("example", name="example", location="West Europe") example_zone = azure.privatedns.Zone("example", name="privatelink.eastus2.azmk8s.io", resource_group_name=example.name) example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example", name="aks-example-identity", resource_group_name=example.name, location=example.location) example_assignment = azure.authorization.Assignment("example", scope=example_zone.id, role_definition_name="Private DNS Zone Contributor", principal_id=example_user_assigned_identity.principal_id) example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example", name="aksexamplewithprivatednszone1", location=example.location, resource_group_name=example.name, dns_prefix="aksexamplednsprefix1", private_cluster_enabled=True, private_dns_zone_id=example_zone.id, opts = pulumi.ResourceOptions(depends_on=[example_assignment]))
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var example = new Azure.Core.ResourceGroup("example", new() { Name = "example", Location = "West Europe", }); var exampleZone = new Azure.PrivateDns.Zone("example", new() { Name = "privatelink.eastus2.azmk8s.io", ResourceGroupName = example.Name, }); var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new() { Name = "aks-example-identity", ResourceGroupName = example.Name, Location = example.Location, }); var exampleAssignment = new Azure.Authorization.Assignment("example", new() { Scope = exampleZone.Id, RoleDefinitionName = "Private DNS Zone Contributor", PrincipalId = exampleUserAssignedIdentity.PrincipalId, }); var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new() { Name = "aksexamplewithprivatednszone1", Location = example.Location, ResourceGroupName = example.Name, DnsPrefix = "aksexamplednsprefix1", PrivateClusterEnabled = true, PrivateDnsZoneId = exampleZone.Id, }, new CustomResourceOptions { DependsOn = { exampleAssignment, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/authorization" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/containerservice" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{ Name: pulumi.String("example"), Location: pulumi.String("West Europe"), }) if err != nil { return err } exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{ Name: pulumi.String("privatelink.eastus2.azmk8s.io"), ResourceGroupName: example.Name, }) if err != nil { return err } exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{ Name: pulumi.String("aks-example-identity"), ResourceGroupName: example.Name, Location: example.Location, }) if err != nil { return err } exampleAssignment, err := authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{ Scope: exampleZone.ID(), RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"), PrincipalId: exampleUserAssignedIdentity.PrincipalId, }) if err != nil { return err } _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{ Name: pulumi.String("aksexamplewithprivatednszone1"), Location: example.Location, ResourceGroupName: example.Name, DnsPrefix: pulumi.String("aksexamplednsprefix1"), PrivateClusterEnabled: pulumi.Bool(true), PrivateDnsZoneId: exampleZone.ID(), }, pulumi.DependsOn([]pulumi.Resource{ exampleAssignment, })) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.core.ResourceGroup; import com.pulumi.azure.core.ResourceGroupArgs; import com.pulumi.azure.privatedns.Zone; import com.pulumi.azure.privatedns.ZoneArgs; import com.pulumi.azure.authorization.UserAssignedIdentity; import com.pulumi.azure.authorization.UserAssignedIdentityArgs; import com.pulumi.azure.authorization.Assignment; import com.pulumi.azure.authorization.AssignmentArgs; import com.pulumi.azure.containerservice.KubernetesCluster; import com.pulumi.azure.containerservice.KubernetesClusterArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new ResourceGroup("example", ResourceGroupArgs.builder() .name("example") .location("West Europe") .build()); var exampleZone = new Zone("exampleZone", ZoneArgs.builder() .name("privatelink.eastus2.azmk8s.io") .resourceGroupName(example.name()) .build()); var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder() .name("aks-example-identity") .resourceGroupName(example.name()) .location(example.location()) .build()); var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder() .scope(exampleZone.id()) .roleDefinitionName("Private DNS Zone Contributor") .principalId(exampleUserAssignedIdentity.principalId()) .build()); var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder() .name("aksexamplewithprivatednszone1") .location(example.location()) .resourceGroupName(example.name()) .dnsPrefix("aksexamplednsprefix1") .privateClusterEnabled(true) .privateDnsZoneId(exampleZone.id()) .build(), CustomResourceOptions.builder() .dependsOn(exampleAssignment) .build()); } }
resources: example: type: azure:core:ResourceGroup properties: name: example location: West Europe exampleZone: type: azure:privatedns:Zone name: example properties: name: privatelink.eastus2.azmk8s.io resourceGroupName: ${example.name} exampleUserAssignedIdentity: type: azure:authorization:UserAssignedIdentity name: example properties: name: aks-example-identity resourceGroupName: ${example.name} location: ${example.location} exampleAssignment: type: azure:authorization:Assignment name: example properties: scope: ${exampleZone.id} roleDefinitionName: Private DNS Zone Contributor principalId: ${exampleUserAssignedIdentity.principalId} exampleKubernetesCluster: type: azure:containerservice:KubernetesCluster name: example properties: name: aksexamplewithprivatednszone1 location: ${example.location} resourceGroupName: ${example.name} dnsPrefix: aksexamplednsprefix1 privateClusterEnabled: true privateDnsZoneId: ${exampleZone.id} options: dependson: - ${exampleAssignment}
- private
Dns StringZone Id - Either the ID of Private DNS Zone which should be delegated to this Cluster,
System
to have AKS manage this orNone
. In case ofNone
you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created. - private
Fqdn String - The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
- resource
Group StringName - Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
- role
Based BooleanAccess Control Enabled - Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to
true
. Changing this forces a new resource to be created. - run
Command BooleanEnabled - Whether to enable run command for the cluster or not. Defaults to
true
. - service
Mesh Property MapProfile - A
service_mesh_profile
block as defined below. - service
Principal Property Map A
service_principal
block as documented below. One of eitheridentity
orservice_principal
must be specified.!> Note: A migration scenario from
service_principal
toidentity
is supported. When upgradingservice_principal
toidentity
, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configuredservice_principal
until you upgrade your Node Pool.- sku
Tier String The SKU Tier that should be used for this Kubernetes Cluster. Possible values are
Free
,Standard
(which includes the Uptime SLA) andPremium
. Defaults toFree
.Note: Whilst the AKS API previously supported the
Paid
SKU - the AKS API introduced a breaking change in API Version2023-02-01
(used in v3.51.0 and later) where the valuePaid
must now be set toStandard
.- storage
Profile Property Map - A
storage_profile
block as defined below. - support
Plan String - Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are
KubernetesOfficial
andAKSLongTermSupport
. Defaults toKubernetesOfficial
. - Map<String>
- A mapping of tags to assign to the resource.
- web
App Property MapRouting - A
web_app_routing
block as defined below. - windows
Profile Property Map - A
windows_profile
block as defined below. - workload
Autoscaler Property MapProfile - A
workload_autoscaler_profile
block defined below. - workload
Identity BooleanEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to
false
.Note: To enable Azure AD Workload Identity
oidc_issuer_enabled
must be set totrue
.Note: Enabling this option will allocate Workload Identity resources to the
kube-system
namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to the documentation on Azure AD Workload Identity. The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
Supporting Types
KubernetesClusterAciConnectorLinux, KubernetesClusterAciConnectorLinuxArgs
- Subnet
Name string The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- Connector
Identities List<KubernetesCluster Aci Connector Linux Connector Identity> - A
connector_identity
block is exported. The exported attributes are defined below.
- Subnet
Name string The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- Connector
Identities []KubernetesCluster Aci Connector Linux Connector Identity - A
connector_identity
block is exported. The exported attributes are defined below.
- subnet
Name String The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- connector
Identities List<KubernetesCluster Aci Connector Linux Connector Identity> - A
connector_identity
block is exported. The exported attributes are defined below.
- subnet
Name string The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- connector
Identities KubernetesCluster Aci Connector Linux Connector Identity[] - A
connector_identity
block is exported. The exported attributes are defined below.
- subnet_
name str The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- connector_
identities Sequence[KubernetesCluster Aci Connector Linux Connector Identity] - A
connector_identity
block is exported. The exported attributes are defined below.
- subnet
Name String The subnet name for the virtual nodes to run.
Note: At this time ACI Connectors are not supported in Azure China.
Note: AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so.
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure";
const virtual = new azure.network.Subnet("virtual", {delegations: [{ name: "aciDelegation", serviceDelegation: { name: "Microsoft.ContainerInstance/containerGroups", actions: ["Microsoft.Network/virtualNetworks/subnets/action"], }, }]});
import pulumi import pulumi_azure as azure virtual = azure.network.Subnet("virtual", delegations=[{ "name": "aciDelegation", "service_delegation": { "name": "Microsoft.ContainerInstance/containerGroups", "actions": ["Microsoft.Network/virtualNetworks/subnets/action"], }, }])
using System.Collections.Generic; using System.Linq; using Pulumi; using Azure = Pulumi.Azure; return await Deployment.RunAsync(() => { var @virtual = new Azure.Network.Subnet("virtual", new() { Delegations = new[] { new Azure.Network.Inputs.SubnetDelegationArgs { Name = "aciDelegation", ServiceDelegation = new Azure.Network.Inputs.SubnetDelegationServiceDelegationArgs { Name = "Microsoft.ContainerInstance/containerGroups", Actions = new[] { "Microsoft.Network/virtualNetworks/subnets/action", }, }, }, }, }); });
package main import ( "github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := network.NewSubnet(ctx, "virtual", &network.SubnetArgs{ Delegations: network.SubnetDelegationArray{ &network.SubnetDelegationArgs{ Name: pulumi.String("aciDelegation"), ServiceDelegation: &network.SubnetDelegationServiceDelegationArgs{ Name: pulumi.String("Microsoft.ContainerInstance/containerGroups"), Actions: pulumi.StringArray{ pulumi.String("Microsoft.Network/virtualNetworks/subnets/action"), }, }, }, }, }) if err != nil { return err } return nil }) }
package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.azure.network.Subnet; import com.pulumi.azure.network.SubnetArgs; import com.pulumi.azure.network.inputs.SubnetDelegationArgs; import com.pulumi.azure.network.inputs.SubnetDelegationServiceDelegationArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var virtual = new Subnet("virtual", SubnetArgs.builder() .delegations(SubnetDelegationArgs.builder() .name("aciDelegation") .serviceDelegation(SubnetDelegationServiceDelegationArgs.builder() .name("Microsoft.ContainerInstance/containerGroups") .actions("Microsoft.Network/virtualNetworks/subnets/action") .build()) .build()) .build()); } }
resources: virtual: type: azure:network:Subnet properties: delegations: - name: aciDelegation serviceDelegation: name: Microsoft.ContainerInstance/containerGroups actions: - Microsoft.Network/virtualNetworks/subnets/action
- connector
Identities List<Property Map> - A
connector_identity
block is exported. The exported attributes are defined below.
KubernetesClusterAciConnectorLinuxConnectorIdentity, KubernetesClusterAciConnectorLinuxConnectorIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client_
id str - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object_
id str - The Object ID of the user-defined Managed Identity used for Web App Routing
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
KubernetesClusterApiServerAccessProfile, KubernetesClusterApiServerAccessProfileArgs
- List<string>
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
- []string
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
- List<String>
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
- string[]
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
- Sequence[str]
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
- List<String>
- Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
KubernetesClusterAutoScalerProfile, KubernetesClusterAutoScalerProfileArgs
- Balance
Similar boolNode Groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - Daemonset
Eviction boolFor Empty Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - Daemonset
Eviction boolFor Occupied Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - Empty
Bulk stringDelete Max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - Expander string
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - Ignore
Daemonsets boolUtilization Enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - Max
Graceful stringTermination Sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - Max
Node stringProvisioning Time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - Max
Unready intNodes - Maximum Number of allowed unready nodes. Defaults to
3
. - Max
Unready doublePercentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - New
Pod stringScale Up Delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - Scale
Down stringDelay After Add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - Scale
Down stringDelay After Delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - Scale
Down stringDelay After Failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - Scale
Down stringUnneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - Scale
Down stringUnready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - Scale
Down stringUtilization Threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - Scan
Interval string - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - Skip
Nodes boolWith Local Storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - Skip
Nodes boolWith System Pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
- Balance
Similar boolNode Groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - Daemonset
Eviction boolFor Empty Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - Daemonset
Eviction boolFor Occupied Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - Empty
Bulk stringDelete Max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - Expander string
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - Ignore
Daemonsets boolUtilization Enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - Max
Graceful stringTermination Sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - Max
Node stringProvisioning Time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - Max
Unready intNodes - Maximum Number of allowed unready nodes. Defaults to
3
. - Max
Unready float64Percentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - New
Pod stringScale Up Delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - Scale
Down stringDelay After Add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - Scale
Down stringDelay After Delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - Scale
Down stringDelay After Failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - Scale
Down stringUnneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - Scale
Down stringUnready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - Scale
Down stringUtilization Threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - Scan
Interval string - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - Skip
Nodes boolWith Local Storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - Skip
Nodes boolWith System Pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
- balance
Similar BooleanNode Groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - daemonset
Eviction BooleanFor Empty Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - daemonset
Eviction BooleanFor Occupied Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - empty
Bulk StringDelete Max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - expander String
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - ignore
Daemonsets BooleanUtilization Enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - max
Graceful StringTermination Sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - max
Node StringProvisioning Time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - max
Unready IntegerNodes - Maximum Number of allowed unready nodes. Defaults to
3
. - max
Unready DoublePercentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - new
Pod StringScale Up Delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - scale
Down StringDelay After Add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - scale
Down StringDelay After Delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - scale
Down StringDelay After Failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - scale
Down StringUnneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - scale
Down StringUnready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - scale
Down StringUtilization Threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - scan
Interval String - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - skip
Nodes BooleanWith Local Storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - skip
Nodes BooleanWith System Pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
- balance
Similar booleanNode Groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - daemonset
Eviction booleanFor Empty Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - daemonset
Eviction booleanFor Occupied Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - empty
Bulk stringDelete Max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - expander string
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - ignore
Daemonsets booleanUtilization Enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - max
Graceful stringTermination Sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - max
Node stringProvisioning Time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - max
Unready numberNodes - Maximum Number of allowed unready nodes. Defaults to
3
. - max
Unready numberPercentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - new
Pod stringScale Up Delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - scale
Down stringDelay After Add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - scale
Down stringDelay After Delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - scale
Down stringDelay After Failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - scale
Down stringUnneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - scale
Down stringUnready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - scale
Down stringUtilization Threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - scan
Interval string - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - skip
Nodes booleanWith Local Storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - skip
Nodes booleanWith System Pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
- balance_
similar_ boolnode_ groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - daemonset_
eviction_ boolfor_ empty_ nodes_ enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - daemonset_
eviction_ boolfor_ occupied_ nodes_ enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - empty_
bulk_ strdelete_ max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - expander str
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - ignore_
daemonsets_ boolutilization_ enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - max_
graceful_ strtermination_ sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - max_
node_ strprovisioning_ time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - max_
unready_ intnodes - Maximum Number of allowed unready nodes. Defaults to
3
. - max_
unready_ floatpercentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - new_
pod_ strscale_ up_ delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - scale_
down_ strdelay_ after_ add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - scale_
down_ strdelay_ after_ delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - scale_
down_ strdelay_ after_ failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - scale_
down_ strunneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - scale_
down_ strunready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - scale_
down_ strutilization_ threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - scan_
interval str - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - skip_
nodes_ boolwith_ local_ storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - skip_
nodes_ boolwith_ system_ pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
- balance
Similar BooleanNode Groups - Detect similar node groups and balance the number of nodes between them. Defaults to
false
. - daemonset
Eviction BooleanFor Empty Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from empty nodes. Defaults to
false
. - daemonset
Eviction BooleanFor Occupied Nodes Enabled - Whether DaemonSet pods will be gracefully terminated from non-empty nodes. Defaults to
true
. - empty
Bulk StringDelete Max - Maximum number of empty nodes that can be deleted at the same time. Defaults to
10
. - expander String
- Expander to use. Possible values are
least-waste
,priority
,most-pods
andrandom
. Defaults torandom
. - ignore
Daemonsets BooleanUtilization Enabled - Whether DaemonSet pods will be ignored when calculating resource utilization for scale down. Defaults to
false
. - max
Graceful StringTermination Sec - Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to
600
. - max
Node StringProvisioning Time - Maximum time the autoscaler waits for a node to be provisioned. Defaults to
15m
. - max
Unready NumberNodes - Maximum Number of allowed unready nodes. Defaults to
3
. - max
Unready NumberPercentage - Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to
45
. - new
Pod StringScale Up Delay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to
10s
. - scale
Down StringDelay After Add - How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to
10m
. - scale
Down StringDelay After Delete - How long after node deletion that scale down evaluation resumes. Defaults to the value used for
scan_interval
. - scale
Down StringDelay After Failure - How long after scale down failure that scale down evaluation resumes. Defaults to
3m
. - scale
Down StringUnneeded - How long a node should be unneeded before it is eligible for scale down. Defaults to
10m
. - scale
Down StringUnready - How long an unready node should be unneeded before it is eligible for scale down. Defaults to
20m
. - scale
Down StringUtilization Threshold - Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to
0.5
. - scan
Interval String - How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to
10s
. - skip
Nodes BooleanWith Local Storage - If
true
cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults totrue
. - skip
Nodes BooleanWith System Pods - If
true
cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults totrue
.
KubernetesClusterAzureActiveDirectoryRoleBasedAccessControl, KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs
- Admin
Group List<string>Object Ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- Azure
Rbac boolEnabled - Is Role Based Access Control based on Azure AD enabled?
- Tenant
Id string - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
- Admin
Group []stringObject Ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- Azure
Rbac boolEnabled - Is Role Based Access Control based on Azure AD enabled?
- Tenant
Id string - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
- admin
Group List<String>Object Ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- azure
Rbac BooleanEnabled - Is Role Based Access Control based on Azure AD enabled?
- tenant
Id String - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
- admin
Group string[]Object Ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- azure
Rbac booleanEnabled - Is Role Based Access Control based on Azure AD enabled?
- tenant
Id string - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
- admin_
group_ Sequence[str]object_ ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- azure_
rbac_ boolenabled - Is Role Based Access Control based on Azure AD enabled?
- tenant_
id str - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
- admin
Group List<String>Object Ids - A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
- azure
Rbac BooleanEnabled - Is Role Based Access Control based on Azure AD enabled?
- tenant
Id String - The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.
KubernetesClusterConfidentialComputing, KubernetesClusterConfidentialComputingArgs
- Sgx
Quote boolHelper Enabled - Should the SGX quote helper be enabled?
- Sgx
Quote boolHelper Enabled - Should the SGX quote helper be enabled?
- sgx
Quote BooleanHelper Enabled - Should the SGX quote helper be enabled?
- sgx
Quote booleanHelper Enabled - Should the SGX quote helper be enabled?
- sgx_
quote_ boolhelper_ enabled - Should the SGX quote helper be enabled?
- sgx
Quote BooleanHelper Enabled - Should the SGX quote helper be enabled?
KubernetesClusterDefaultNodePool, KubernetesClusterDefaultNodePoolArgs
- Name string
- The name which should be used for the default Kubernetes Node Pool.
- Vm
Size string - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - Auto
Scaling boolEnabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- Capacity
Reservation stringGroup Id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- Fips
Enabled bool - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - Gpu
Instance string - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - Host
Encryption boolEnabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- Host
Group stringId - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- Kubelet
Config KubernetesCluster Default Node Pool Kubelet Config - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - Kubelet
Disk stringType - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - Linux
Os KubernetesConfig Cluster Default Node Pool Linux Os Config - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - Max
Count int - Max
Pods int - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - Min
Count int - Node
Count int - Node
Labels Dictionary<string, string> - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- Node
Network KubernetesProfile Cluster Default Node Pool Node Network Profile - A
node_network_profile
block as documented below. - Node
Public boolIp Enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - Node
Public stringIp Prefix Id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - Only
Critical boolAddons Enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - Orchestrator
Version string Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- Os
Disk intSize Gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - Os
Disk stringType - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - Os
Sku string - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - Pod
Subnet stringId - The ID of the Subnet where the pods in the default Node Pool should exist.
- Proximity
Placement stringGroup Id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- Scale
Down stringMode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - Snapshot
Id string - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - Dictionary<string, string>
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- Temporary
Name stringFor Rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- Type string
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- Ultra
Ssd boolEnabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - Upgrade
Settings KubernetesCluster Default Node Pool Upgrade Settings - A
upgrade_settings
block as documented below. - Vnet
Subnet stringId The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- Workload
Runtime string - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - Zones List<string>
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
- Name string
- The name which should be used for the default Kubernetes Node Pool.
- Vm
Size string - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - Auto
Scaling boolEnabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- Capacity
Reservation stringGroup Id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- Fips
Enabled bool - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - Gpu
Instance string - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - Host
Encryption boolEnabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- Host
Group stringId - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- Kubelet
Config KubernetesCluster Default Node Pool Kubelet Config - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - Kubelet
Disk stringType - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - Linux
Os KubernetesConfig Cluster Default Node Pool Linux Os Config - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - Max
Count int - Max
Pods int - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - Min
Count int - Node
Count int - Node
Labels map[string]string - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- Node
Network KubernetesProfile Cluster Default Node Pool Node Network Profile - A
node_network_profile
block as documented below. - Node
Public boolIp Enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - Node
Public stringIp Prefix Id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - Only
Critical boolAddons Enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - Orchestrator
Version string Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- Os
Disk intSize Gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - Os
Disk stringType - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - Os
Sku string - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - Pod
Subnet stringId - The ID of the Subnet where the pods in the default Node Pool should exist.
- Proximity
Placement stringGroup Id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- Scale
Down stringMode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - Snapshot
Id string - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - map[string]string
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- Temporary
Name stringFor Rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- Type string
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- Ultra
Ssd boolEnabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - Upgrade
Settings KubernetesCluster Default Node Pool Upgrade Settings - A
upgrade_settings
block as documented below. - Vnet
Subnet stringId The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- Workload
Runtime string - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - Zones []string
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
- name String
- The name which should be used for the default Kubernetes Node Pool.
- vm
Size String - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - auto
Scaling BooleanEnabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- capacity
Reservation StringGroup Id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- fips
Enabled Boolean - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - gpu
Instance String - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - host
Encryption BooleanEnabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- host
Group StringId - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- kubelet
Config KubernetesCluster Default Node Pool Kubelet Config - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - kubelet
Disk StringType - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - linux
Os KubernetesConfig Cluster Default Node Pool Linux Os Config - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - max
Count Integer - max
Pods Integer - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - min
Count Integer - node
Count Integer - node
Labels Map<String,String> - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- node
Network KubernetesProfile Cluster Default Node Pool Node Network Profile - A
node_network_profile
block as documented below. - node
Public BooleanIp Enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - node
Public StringIp Prefix Id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - only
Critical BooleanAddons Enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - orchestrator
Version String Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- os
Disk IntegerSize Gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - os
Disk StringType - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - os
Sku String - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - pod
Subnet StringId - The ID of the Subnet where the pods in the default Node Pool should exist.
- proximity
Placement StringGroup Id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- scale
Down StringMode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - snapshot
Id String - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - Map<String,String>
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- temporary
Name StringFor Rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- type String
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- ultra
Ssd BooleanEnabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - upgrade
Settings KubernetesCluster Default Node Pool Upgrade Settings - A
upgrade_settings
block as documented below. - vnet
Subnet StringId The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- workload
Runtime String - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - zones List<String>
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
- name string
- The name which should be used for the default Kubernetes Node Pool.
- vm
Size string - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - auto
Scaling booleanEnabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- capacity
Reservation stringGroup Id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- fips
Enabled boolean - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - gpu
Instance string - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - host
Encryption booleanEnabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- host
Group stringId - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- kubelet
Config KubernetesCluster Default Node Pool Kubelet Config - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - kubelet
Disk stringType - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - linux
Os KubernetesConfig Cluster Default Node Pool Linux Os Config - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - max
Count number - max
Pods number - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - min
Count number - node
Count number - node
Labels {[key: string]: string} - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- node
Network KubernetesProfile Cluster Default Node Pool Node Network Profile - A
node_network_profile
block as documented below. - node
Public booleanIp Enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - node
Public stringIp Prefix Id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - only
Critical booleanAddons Enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - orchestrator
Version string Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- os
Disk numberSize Gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - os
Disk stringType - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - os
Sku string - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - pod
Subnet stringId - The ID of the Subnet where the pods in the default Node Pool should exist.
- proximity
Placement stringGroup Id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- scale
Down stringMode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - snapshot
Id string - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - {[key: string]: string}
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- temporary
Name stringFor Rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- type string
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- ultra
Ssd booleanEnabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - upgrade
Settings KubernetesCluster Default Node Pool Upgrade Settings - A
upgrade_settings
block as documented below. - vnet
Subnet stringId The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- workload
Runtime string - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - zones string[]
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
- name str
- The name which should be used for the default Kubernetes Node Pool.
- vm_
size str - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - auto_
scaling_ boolenabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- capacity_
reservation_ strgroup_ id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- fips_
enabled bool - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - gpu_
instance str - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - host_
encryption_ boolenabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- host_
group_ strid - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- kubelet_
config KubernetesCluster Default Node Pool Kubelet Config - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - kubelet_
disk_ strtype - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - linux_
os_ Kubernetesconfig Cluster Default Node Pool Linux Os Config - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - max_
count int - max_
pods int - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - min_
count int - node_
count int - node_
labels Mapping[str, str] - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- node_
network_ Kubernetesprofile Cluster Default Node Pool Node Network Profile - A
node_network_profile
block as documented below. - node_
public_ boolip_ enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - node_
public_ strip_ prefix_ id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - only_
critical_ booladdons_ enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - orchestrator_
version str Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- os_
disk_ intsize_ gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - os_
disk_ strtype - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - os_
sku str - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - pod_
subnet_ strid - The ID of the Subnet where the pods in the default Node Pool should exist.
- proximity_
placement_ strgroup_ id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- scale_
down_ strmode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - snapshot_
id str - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - Mapping[str, str]
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- temporary_
name_ strfor_ rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- type str
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- ultra_
ssd_ boolenabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - upgrade_
settings KubernetesCluster Default Node Pool Upgrade Settings - A
upgrade_settings
block as documented below. - vnet_
subnet_ strid The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- workload_
runtime str - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - zones Sequence[str]
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
- name String
- The name which should be used for the default Kubernetes Node Pool.
- vm
Size String - The size of the Virtual Machine, such as
Standard_DS2_v2
.temporary_name_for_rotation
must be specified when attempting a resize. - auto
Scaling BooleanEnabled Should the Kubernetes Auto Scaler be enabled for this Node Pool?
Note: This requires that the
type
is set toVirtualMachineScaleSets
.Note: If you're using AutoScaling, you may wish to use
ignoreChanges
functionality to ignore changes to thenode_count
field.- capacity
Reservation StringGroup Id - Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- fips
Enabled Boolean - Should the nodes in this Node Pool have Federal Information Processing Standard enabled?
temporary_name_for_rotation
must be specified when changing this block. Changing this forces a new resource to be created. - gpu
Instance String - Specifies the GPU MIG instance profile for supported GPU VM SKU. The allowed values are
MIG1g
,MIG2g
,MIG3g
,MIG4g
andMIG7g
. Changing this forces a new resource to be created. - host
Encryption BooleanEnabled Should the nodes in the Default Node Pool have host encryption enabled?
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the Feature
Microsoft.ContainerService/EnableEncryptionAtHost
is enabled and the Resource Provider is registered.- host
Group StringId - Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
- kubelet
Config Property Map - A
kubelet_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - kubelet
Disk StringType - The type of disk used by kubelet. Possible values are
OS
andTemporary
. - linux
Os Property MapConfig - A
linux_os_config
block as defined below.temporary_name_for_rotation
must be specified when changing this block. - max
Count Number - max
Pods Number - The maximum number of pods that can run on each agent.
temporary_name_for_rotation
must be specified when changing this property. - min
Count Number - node
Count Number - node
Labels Map<String> - A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
- node
Network Property MapProfile - A
node_network_profile
block as documented below. - node
Public BooleanIp Enabled - Should nodes in this Node Pool have a Public IP Address?
temporary_name_for_rotation
must be specified when changing this property. - node
Public StringIp Prefix Id - Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool.
node_public_ip_enabled
should betrue
. Changing this forces a new resource to be created. - only
Critical BooleanAddons Enabled - Enabling this option will taint default node pool with
CriticalAddonsOnly=true:NoSchedule
taint.temporary_name_for_rotation
must be specified when changing this property. - orchestrator
Version String Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by
kubernetes_version
. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as1.22
are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.Note: This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
- os
Disk NumberSize Gb - The size of the OS Disk which should be used for each agent in the Node Pool.
temporary_name_for_rotation
must be specified when attempting a change. - os
Disk StringType - The type of disk which should be used for the Operating System. Possible values are
Ephemeral
andManaged
. Defaults toManaged
.temporary_name_for_rotation
must be specified when attempting a change. - os
Sku String - Specifies the OS SKU used by the agent pool. Possible values are
AzureLinux
,Ubuntu
,Windows2019
andWindows2022
. If not specified, the default isUbuntu
if OSType=Linux orWindows2019
if OSType=Windows. And the default Windows OSSKU will be changed toWindows2022
after Windows2019 is deprecated. Changing this fromAzureLinux
orUbuntu
toAzureLinux
orUbuntu
will not replace the resource, otherwisetemporary_name_for_rotation
must be specified when attempting a change. - pod
Subnet StringId - The ID of the Subnet where the pods in the default Node Pool should exist.
- proximity
Placement StringGroup Id - The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
- scale
Down StringMode - Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are
Delete
andDeallocate
. Defaults toDelete
. - snapshot
Id String - The ID of the Snapshot which should be used to create this default Node Pool.
temporary_name_for_rotation
must be specified when changing this property. - Map<String>
A mapping of tags to assign to the Node Pool.
At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you may wish to use
ignore_changes
functionality to ignore changes to the casing until this is fixed in the AKS API.- temporary
Name StringFor Rotation - Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
- type String
The type of Node Pool which should be created. Possible values are
VirtualMachineScaleSets
. Defaults toVirtualMachineScaleSets
. Changing this forces a new resource to be created.Note: When creating a cluster that supports multiple node pools, the cluster must use
VirtualMachineScaleSets
. For more information on the limitations of clusters using multiple node pools see the documentation.- ultra
Ssd BooleanEnabled - Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to
false
. See the documentation for more information.temporary_name_for_rotation
must be specified when attempting a change. - upgrade
Settings Property Map - A
upgrade_settings
block as documented below. - vnet
Subnet StringId The ID of a Subnet where the Kubernetes Node Pool should exist.
Note: A Route Table must be configured on this Subnet.
- workload
Runtime String - Specifies the workload runtime used by the node pool. Possible value is
OCIContainer
. - zones List<String>
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located.
temporary_name_for_rotation
must be specified when changing this property.Note: This requires that the
type
is set toVirtualMachineScaleSets
and thatload_balancer_sku
is set tostandard
.
KubernetesClusterDefaultNodePoolKubeletConfig, KubernetesClusterDefaultNodePoolKubeletConfigArgs
- Allowed
Unsafe List<string>Sysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - Container
Log intMax Line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- Container
Log intMax Size Mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- Cpu
Cfs boolQuota Enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - Cpu
Cfs stringQuota Period - Specifies the CPU CFS quota period value.
- Cpu
Manager stringPolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - Image
Gc intHigh Threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - Image
Gc intLow Threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - Pod
Max intPid - Specifies the maximum number of processes per pod.
- Topology
Manager stringPolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
- Allowed
Unsafe []stringSysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - Container
Log intMax Line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- Container
Log intMax Size Mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- Cpu
Cfs boolQuota Enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - Cpu
Cfs stringQuota Period - Specifies the CPU CFS quota period value.
- Cpu
Manager stringPolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - Image
Gc intHigh Threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - Image
Gc intLow Threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - Pod
Max intPid - Specifies the maximum number of processes per pod.
- Topology
Manager stringPolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
- allowed
Unsafe List<String>Sysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - container
Log IntegerMax Line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- container
Log IntegerMax Size Mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- cpu
Cfs BooleanQuota Enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - cpu
Cfs StringQuota Period - Specifies the CPU CFS quota period value.
- cpu
Manager StringPolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - image
Gc IntegerHigh Threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - image
Gc IntegerLow Threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - pod
Max IntegerPid - Specifies the maximum number of processes per pod.
- topology
Manager StringPolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
- allowed
Unsafe string[]Sysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - container
Log numberMax Line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- container
Log numberMax Size Mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- cpu
Cfs booleanQuota Enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - cpu
Cfs stringQuota Period - Specifies the CPU CFS quota period value.
- cpu
Manager stringPolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - image
Gc numberHigh Threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - image
Gc numberLow Threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - pod
Max numberPid - Specifies the maximum number of processes per pod.
- topology
Manager stringPolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
- allowed_
unsafe_ Sequence[str]sysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - container_
log_ intmax_ line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- container_
log_ intmax_ size_ mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- cpu_
cfs_ boolquota_ enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - cpu_
cfs_ strquota_ period - Specifies the CPU CFS quota period value.
- cpu_
manager_ strpolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - image_
gc_ inthigh_ threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - image_
gc_ intlow_ threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - pod_
max_ intpid - Specifies the maximum number of processes per pod.
- topology_
manager_ strpolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
- allowed
Unsafe List<String>Sysctls - Specifies the allow list of unsafe sysctls command or patterns (ending in
*
). - container
Log NumberMax Line - Specifies the maximum number of container log files that can be present for a container. must be at least 2.
- container
Log NumberMax Size Mb - Specifies the maximum size (e.g. 10MB) of container log file before it is rotated.
- cpu
Cfs BooleanQuota Enabled - Is CPU CFS quota enforcement for containers enabled? Defaults to
true
. - cpu
Cfs StringQuota Period - Specifies the CPU CFS quota period value.
- cpu
Manager StringPolicy - Specifies the CPU Manager policy to use. Possible values are
none
andstatic
,. - image
Gc NumberHigh Threshold - Specifies the percent of disk usage above which image garbage collection is always run. Must be between
0
and100
. - image
Gc NumberLow Threshold - Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between
0
and100
. - pod
Max NumberPid - Specifies the maximum number of processes per pod.
- topology
Manager StringPolicy - Specifies the Topology Manager policy to use. Possible values are
none
,best-effort
,restricted
orsingle-numa-node
.
KubernetesClusterDefaultNodePoolLinuxOsConfig, KubernetesClusterDefaultNodePoolLinuxOsConfigArgs
- Swap
File intSize Mb - Specifies the size of the swap file on each node in MB.
- Sysctl
Config KubernetesCluster Default Node Pool Linux Os Config Sysctl Config - A
sysctl_config
block as defined below. - Transparent
Huge stringPage Defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - Transparent
Huge stringPage Enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
- Swap
File intSize Mb - Specifies the size of the swap file on each node in MB.
- Sysctl
Config KubernetesCluster Default Node Pool Linux Os Config Sysctl Config - A
sysctl_config
block as defined below. - Transparent
Huge stringPage Defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - Transparent
Huge stringPage Enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
- swap
File IntegerSize Mb - Specifies the size of the swap file on each node in MB.
- sysctl
Config KubernetesCluster Default Node Pool Linux Os Config Sysctl Config - A
sysctl_config
block as defined below. - transparent
Huge StringPage Defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - transparent
Huge StringPage Enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
- swap
File numberSize Mb - Specifies the size of the swap file on each node in MB.
- sysctl
Config KubernetesCluster Default Node Pool Linux Os Config Sysctl Config - A
sysctl_config
block as defined below. - transparent
Huge stringPage Defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - transparent
Huge stringPage Enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
- swap_
file_ intsize_ mb - Specifies the size of the swap file on each node in MB.
- sysctl_
config KubernetesCluster Default Node Pool Linux Os Config Sysctl Config - A
sysctl_config
block as defined below. - transparent_
huge_ strpage_ defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - transparent_
huge_ strpage_ enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
- swap
File NumberSize Mb - Specifies the size of the swap file on each node in MB.
- sysctl
Config Property Map - A
sysctl_config
block as defined below. - transparent
Huge StringPage Defrag - specifies the defrag configuration for Transparent Huge Page. Possible values are
always
,defer
,defer+madvise
,madvise
andnever
. - transparent
Huge StringPage Enabled - Specifies the Transparent Huge Page enabled configuration. Possible values are
always
,madvise
andnever
.
KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig, KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfigArgs
- Fs
Aio intMax Nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - Fs
File intMax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - Fs
Inotify intMax User Watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - Fs
Nr intOpen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - Kernel
Threads intMax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - Net
Core intNetdev Max Backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - Net
Core intOptmem Max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - Net
Core intRmem Default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - Net
Core intRmem Max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - Net
Core intSomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - Net
Core intWmem Default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - Net
Core intWmem Max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - Net
Ipv4Ip intLocal Port Range Max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - Net
Ipv4Ip intLocal Port Range Min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - Net
Ipv4Neigh intDefault Gc Thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - Net
Ipv4Neigh intDefault Gc Thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - Net
Ipv4Neigh intDefault Gc Thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - Net
Ipv4Tcp intFin Timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - Net
Ipv4Tcp intKeepalive Intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - Net
Ipv4Tcp intKeepalive Probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - Net
Ipv4Tcp intKeepalive Time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - Net
Ipv4Tcp intMax Syn Backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - Net
Ipv4Tcp intMax Tw Buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - Net
Ipv4Tcp boolTw Reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- Net
Netfilter intNf Conntrack Buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - Net
Netfilter intNf Conntrack Max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - Vm
Max intMap Count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - Vm
Swappiness int - The sysctl setting vm.swappiness. Must be between
0
and100
. - Vm
Vfs intCache Pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
- Fs
Aio intMax Nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - Fs
File intMax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - Fs
Inotify intMax User Watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - Fs
Nr intOpen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - Kernel
Threads intMax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - Net
Core intNetdev Max Backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - Net
Core intOptmem Max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - Net
Core intRmem Default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - Net
Core intRmem Max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - Net
Core intSomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - Net
Core intWmem Default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - Net
Core intWmem Max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - Net
Ipv4Ip intLocal Port Range Max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - Net
Ipv4Ip intLocal Port Range Min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - Net
Ipv4Neigh intDefault Gc Thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - Net
Ipv4Neigh intDefault Gc Thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - Net
Ipv4Neigh intDefault Gc Thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - Net
Ipv4Tcp intFin Timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - Net
Ipv4Tcp intKeepalive Intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - Net
Ipv4Tcp intKeepalive Probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - Net
Ipv4Tcp intKeepalive Time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - Net
Ipv4Tcp intMax Syn Backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - Net
Ipv4Tcp intMax Tw Buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - Net
Ipv4Tcp boolTw Reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- Net
Netfilter intNf Conntrack Buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - Net
Netfilter intNf Conntrack Max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - Vm
Max intMap Count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - Vm
Swappiness int - The sysctl setting vm.swappiness. Must be between
0
and100
. - Vm
Vfs intCache Pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
- fs
Aio IntegerMax Nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - fs
File IntegerMax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - fs
Inotify IntegerMax User Watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - fs
Nr IntegerOpen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - kernel
Threads IntegerMax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - net
Core IntegerNetdev Max Backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - net
Core IntegerOptmem Max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - net
Core IntegerRmem Default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - net
Core IntegerRmem Max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - net
Core IntegerSomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - net
Core IntegerWmem Default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - net
Core IntegerWmem Max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - net
Ipv4Ip IntegerLocal Port Range Max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - net
Ipv4Ip IntegerLocal Port Range Min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - net
Ipv4Neigh IntegerDefault Gc Thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - net
Ipv4Neigh IntegerDefault Gc Thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - net
Ipv4Neigh IntegerDefault Gc Thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - net
Ipv4Tcp IntegerFin Timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - net
Ipv4Tcp IntegerKeepalive Intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - net
Ipv4Tcp IntegerKeepalive Probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - net
Ipv4Tcp IntegerKeepalive Time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - net
Ipv4Tcp IntegerMax Syn Backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - net
Ipv4Tcp IntegerMax Tw Buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - net
Ipv4Tcp BooleanTw Reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- net
Netfilter IntegerNf Conntrack Buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - net
Netfilter IntegerNf Conntrack Max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - vm
Max IntegerMap Count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - vm
Swappiness Integer - The sysctl setting vm.swappiness. Must be between
0
and100
. - vm
Vfs IntegerCache Pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
- fs
Aio numberMax Nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - fs
File numberMax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - fs
Inotify numberMax User Watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - fs
Nr numberOpen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - kernel
Threads numberMax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - net
Core numberNetdev Max Backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - net
Core numberOptmem Max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - net
Core numberRmem Default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - net
Core numberRmem Max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - net
Core numberSomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - net
Core numberWmem Default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - net
Core numberWmem Max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - net
Ipv4Ip numberLocal Port Range Max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - net
Ipv4Ip numberLocal Port Range Min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - net
Ipv4Neigh numberDefault Gc Thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - net
Ipv4Neigh numberDefault Gc Thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - net
Ipv4Neigh numberDefault Gc Thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - net
Ipv4Tcp numberFin Timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - net
Ipv4Tcp numberKeepalive Intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - net
Ipv4Tcp numberKeepalive Probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - net
Ipv4Tcp numberKeepalive Time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - net
Ipv4Tcp numberMax Syn Backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - net
Ipv4Tcp numberMax Tw Buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - net
Ipv4Tcp booleanTw Reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- net
Netfilter numberNf Conntrack Buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - net
Netfilter numberNf Conntrack Max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - vm
Max numberMap Count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - vm
Swappiness number - The sysctl setting vm.swappiness. Must be between
0
and100
. - vm
Vfs numberCache Pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
- fs_
aio_ intmax_ nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - fs_
file_ intmax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - fs_
inotify_ intmax_ user_ watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - fs_
nr_ intopen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - kernel_
threads_ intmax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - net_
core_ intnetdev_ max_ backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - net_
core_ intoptmem_ max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - net_
core_ intrmem_ default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - net_
core_ intrmem_ max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - net_
core_ intsomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - net_
core_ intwmem_ default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - net_
core_ intwmem_ max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - net_
ipv4_ intip_ local_ port_ range_ max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - net_
ipv4_ intip_ local_ port_ range_ min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - net_
ipv4_ intneigh_ default_ gc_ thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - net_
ipv4_ intneigh_ default_ gc_ thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - net_
ipv4_ intneigh_ default_ gc_ thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - net_
ipv4_ inttcp_ fin_ timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - net_
ipv4_ inttcp_ keepalive_ intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - net_
ipv4_ inttcp_ keepalive_ probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - net_
ipv4_ inttcp_ keepalive_ time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - net_
ipv4_ inttcp_ max_ syn_ backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - net_
ipv4_ inttcp_ max_ tw_ buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - net_
ipv4_ booltcp_ tw_ reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- net_
netfilter_ intnf_ conntrack_ buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - net_
netfilter_ intnf_ conntrack_ max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - vm_
max_ intmap_ count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - vm_
swappiness int - The sysctl setting vm.swappiness. Must be between
0
and100
. - vm_
vfs_ intcache_ pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
- fs
Aio NumberMax Nr - The sysctl setting fs.aio-max-nr. Must be between
65536
and6553500
. - fs
File NumberMax - The sysctl setting fs.file-max. Must be between
8192
and12000500
. - fs
Inotify NumberMax User Watches - The sysctl setting fs.inotify.max_user_watches. Must be between
781250
and2097152
. - fs
Nr NumberOpen - The sysctl setting fs.nr_open. Must be between
8192
and20000500
. - kernel
Threads NumberMax - The sysctl setting kernel.threads-max. Must be between
20
and513785
. - net
Core NumberNetdev Max Backlog - The sysctl setting net.core.netdev_max_backlog. Must be between
1000
and3240000
. - net
Core NumberOptmem Max - The sysctl setting net.core.optmem_max. Must be between
20480
and4194304
. - net
Core NumberRmem Default - The sysctl setting net.core.rmem_default. Must be between
212992
and134217728
. - net
Core NumberRmem Max - The sysctl setting net.core.rmem_max. Must be between
212992
and134217728
. - net
Core NumberSomaxconn - The sysctl setting net.core.somaxconn. Must be between
4096
and3240000
. - net
Core NumberWmem Default - The sysctl setting net.core.wmem_default. Must be between
212992
and134217728
. - net
Core NumberWmem Max - The sysctl setting net.core.wmem_max. Must be between
212992
and134217728
. - net
Ipv4Ip NumberLocal Port Range Max - The sysctl setting net.ipv4.ip_local_port_range max value. Must be between
32768
and65535
. - net
Ipv4Ip NumberLocal Port Range Min - The sysctl setting net.ipv4.ip_local_port_range min value. Must be between
1024
and60999
. - net
Ipv4Neigh NumberDefault Gc Thresh1 - The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between
128
and80000
. - net
Ipv4Neigh NumberDefault Gc Thresh2 - The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between
512
and90000
. - net
Ipv4Neigh NumberDefault Gc Thresh3 - The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between
1024
and100000
. - net
Ipv4Tcp NumberFin Timeout - The sysctl setting net.ipv4.tcp_fin_timeout. Must be between
5
and120
. - net
Ipv4Tcp NumberKeepalive Intvl - The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between
10
and90
. - net
Ipv4Tcp NumberKeepalive Probes - The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between
1
and15
. - net
Ipv4Tcp NumberKeepalive Time - The sysctl setting net.ipv4.tcp_keepalive_time. Must be between
30
and432000
. - net
Ipv4Tcp NumberMax Syn Backlog - The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between
128
and3240000
. - net
Ipv4Tcp NumberMax Tw Buckets - The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between
8000
and1440000
. - net
Ipv4Tcp BooleanTw Reuse - The sysctl setting net.ipv4.tcp_tw_reuse.
- net
Netfilter NumberNf Conntrack Buckets - The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between
65536
and524288
. - net
Netfilter NumberNf Conntrack Max - The sysctl setting net.netfilter.nf_conntrack_max. Must be between
131072
and2097152
. - vm
Max NumberMap Count - The sysctl setting vm.max_map_count. Must be between
65530
and262144
. - vm
Swappiness Number - The sysctl setting vm.swappiness. Must be between
0
and100
. - vm
Vfs NumberCache Pressure - The sysctl setting vm.vfs_cache_pressure. Must be between
0
and100
.
KubernetesClusterDefaultNodePoolNodeNetworkProfile, KubernetesClusterDefaultNodePoolNodeNetworkProfileArgs
- Allowed
Host List<KubernetesPorts Cluster Default Node Pool Node Network Profile Allowed Host Port> - One or more
allowed_host_ports
blocks as defined below. - Application
Security List<string>Group Ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- Dictionary<string, string>
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
- Allowed
Host []KubernetesPorts Cluster Default Node Pool Node Network Profile Allowed Host Port - One or more
allowed_host_ports
blocks as defined below. - Application
Security []stringGroup Ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- map[string]string
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
- allowed
Host List<KubernetesPorts Cluster Default Node Pool Node Network Profile Allowed Host Port> - One or more
allowed_host_ports
blocks as defined below. - application
Security List<String>Group Ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- Map<String,String>
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
- allowed
Host KubernetesPorts Cluster Default Node Pool Node Network Profile Allowed Host Port[] - One or more
allowed_host_ports
blocks as defined below. - application
Security string[]Group Ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- {[key: string]: string}
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
- allowed_
host_ Sequence[Kubernetesports Cluster Default Node Pool Node Network Profile Allowed Host Port] - One or more
allowed_host_ports
blocks as defined below. - application_
security_ Sequence[str]group_ ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- Mapping[str, str]
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
- allowed
Host List<Property Map>Ports - One or more
allowed_host_ports
blocks as defined below. - application
Security List<String>Group Ids - A list of Application Security Group IDs which should be associated with this Node Pool.
- Map<String>
- Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPort, KubernetesClusterDefaultNodePoolNodeNetworkProfileAllowedHostPortArgs
- port_
end int - Specifies the end of the port range.
- port_
start int - Specifies the start of the port range.
- protocol str
- Specifies the protocol of the port range. Possible values are
TCP
andUDP
.
KubernetesClusterDefaultNodePoolUpgradeSettings, KubernetesClusterDefaultNodePoolUpgradeSettingsArgs
- Max
Surge string The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- Drain
Timeout intIn Minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- Node
Soak intDuration In Minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
- Max
Surge string The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- Drain
Timeout intIn Minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- Node
Soak intDuration In Minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
- max
Surge String The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- drain
Timeout IntegerIn Minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- node
Soak IntegerDuration In Minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
- max
Surge string The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- drain
Timeout numberIn Minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- node
Soak numberDuration In Minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
- max_
surge str The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- drain_
timeout_ intin_ minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- node_
soak_ intduration_ in_ minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
- max
Surge String The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.
Note: If a percentage is provided, the number of surge nodes is calculated from the
node_count
value on the current cluster. Node surge can allow a cluster to have more nodes thanmax_count
during an upgrade. Ensure that your cluster has enough IP space during an upgrade.- drain
Timeout NumberIn Minutes - The amount of time in minutes to wait on eviction of pods and graceful termination per node. This eviction wait time honors pod disruption budgets for upgrades. If this time is exceeded, the upgrade fails. Unsetting this after configuring it will force a new resource to be created.
- node
Soak NumberDuration In Minutes - The amount of time in minutes to wait after draining a node and before reimaging and moving on to next node. Defaults to
0
.
KubernetesClusterHttpProxyConfig, KubernetesClusterHttpProxyConfigArgs
- Http
Proxy string - The proxy address to be used when communicating over HTTP.
- Https
Proxy string - The proxy address to be used when communicating over HTTPS.
- No
Proxies List<string> - Trusted
Ca string - The base64 encoded alternative CA certificate content in PEM format.
- Http
Proxy string - The proxy address to be used when communicating over HTTP.
- Https
Proxy string - The proxy address to be used when communicating over HTTPS.
- No
Proxies []string - Trusted
Ca string - The base64 encoded alternative CA certificate content in PEM format.
- http
Proxy String - The proxy address to be used when communicating over HTTP.
- https
Proxy String - The proxy address to be used when communicating over HTTPS.
- no
Proxies List<String> - trusted
Ca String - The base64 encoded alternative CA certificate content in PEM format.
- http
Proxy string - The proxy address to be used when communicating over HTTP.
- https
Proxy string - The proxy address to be used when communicating over HTTPS.
- no
Proxies string[] - trusted
Ca string - The base64 encoded alternative CA certificate content in PEM format.
- http_
proxy str - The proxy address to be used when communicating over HTTP.
- https_
proxy str - The proxy address to be used when communicating over HTTPS.
- no_
proxies Sequence[str] - trusted_
ca str - The base64 encoded alternative CA certificate content in PEM format.
- http
Proxy String - The proxy address to be used when communicating over HTTP.
- https
Proxy String - The proxy address to be used when communicating over HTTPS.
- no
Proxies List<String> - trusted
Ca String - The base64 encoded alternative CA certificate content in PEM format.
KubernetesClusterIdentity, KubernetesClusterIdentityArgs
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - Identity
Ids List<string> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- Principal
Id string - The Principal ID associated with this Managed Service Identity.
- Tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - Identity
Ids []string Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- Principal
Id string - The Principal ID associated with this Managed Service Identity.
- Tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- type String
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- principal
Id String - The Principal ID associated with this Managed Service Identity.
- tenant
Id String - The Tenant ID associated with this Managed Service Identity.
- type string
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - identity
Ids string[] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- principal
Id string - The Principal ID associated with this Managed Service Identity.
- tenant
Id string - The Tenant ID associated with this Managed Service Identity.
- type str
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - identity_
ids Sequence[str] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- principal_
id str - The Principal ID associated with this Managed Service Identity.
- tenant_
id str - The Tenant ID associated with this Managed Service Identity.
- type String
- Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are
SystemAssigned
orUserAssigned
. - identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
Note: This is required when
type
is set toUserAssigned
. Currently only one User Assigned Identity is supported.- principal
Id String - The Principal ID associated with this Managed Service Identity.
- tenant
Id String - The Tenant ID associated with this Managed Service Identity.
KubernetesClusterIngressApplicationGateway, KubernetesClusterIngressApplicationGatewayArgs
- Effective
Gateway stringId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- Gateway
Id string - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Gateway
Name string - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Ingress
Application List<KubernetesGateway Identities Cluster Ingress Application Gateway Ingress Application Gateway Identity> - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - Subnet
Cidr string - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Subnet
Id string The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
- Effective
Gateway stringId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- Gateway
Id string - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Gateway
Name string - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Ingress
Application []KubernetesGateway Identities Cluster Ingress Application Gateway Ingress Application Gateway Identity - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - Subnet
Cidr string - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- Subnet
Id string The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
- effective
Gateway StringId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- gateway
Id String - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- gateway
Name String - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- ingress
Application List<KubernetesGateway Identities Cluster Ingress Application Gateway Ingress Application Gateway Identity> - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - subnet
Cidr String - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- subnet
Id String The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
- effective
Gateway stringId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- gateway
Id string - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- gateway
Name string - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- ingress
Application KubernetesGateway Identities Cluster Ingress Application Gateway Ingress Application Gateway Identity[] - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - subnet
Cidr string - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- subnet
Id string The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
- effective_
gateway_ strid - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- gateway_
id str - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- gateway_
name str - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- ingress_
application_ Sequence[Kubernetesgateway_ identities Cluster Ingress Application Gateway Ingress Application Gateway Identity] - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - subnet_
cidr str - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- subnet_
id str The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
- effective
Gateway StringId - The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
- gateway
Id String - The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
- gateway
Name String - The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- ingress
Application List<Property Map>Gateway Identities - An
ingress_application_gateway_identity
block is exported. The exported attributes are defined below. - subnet
Cidr String - The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
- subnet
Id String The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
Note: Exactly one of
gateway_id
,subnet_id
orsubnet_cidr
must be specified.Note: If specifying
ingress_application_gateway
in conjunction withonly_critical_addons_enabled
, the AGIC pod will fail to start. A separateazure.containerservice.KubernetesClusterNodePool
is required to run the AGIC pod successfully. This is because AGIC is classed as a "non-critical addon".
KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity, KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client_
id str - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object_
id str - The Object ID of the user-defined Managed Identity used for Web App Routing
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
KubernetesClusterKeyManagementService, KubernetesClusterKeyManagementServiceArgs
- Key
Vault stringKey Id - Identifier of Azure Key Vault key. See key identifier format for more details.
- Key
Vault stringNetwork Access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
- Key
Vault stringKey Id - Identifier of Azure Key Vault key. See key identifier format for more details.
- Key
Vault stringNetwork Access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
- key
Vault StringKey Id - Identifier of Azure Key Vault key. See key identifier format for more details.
- key
Vault StringNetwork Access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
- key
Vault stringKey Id - Identifier of Azure Key Vault key. See key identifier format for more details.
- key
Vault stringNetwork Access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
- key_
vault_ strkey_ id - Identifier of Azure Key Vault key. See key identifier format for more details.
- key_
vault_ strnetwork_ access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
- key
Vault StringKey Id - Identifier of Azure Key Vault key. See key identifier format for more details.
- key
Vault StringNetwork Access - Network access of the key vault Network access of key vault. The possible values are
Public
andPrivate
.Public
means the key vault allows public access from all networks.Private
means the key vault disables public access and enables private link. Defaults toPublic
.
KubernetesClusterKeyVaultSecretsProvider, KubernetesClusterKeyVaultSecretsProviderArgs
- Secret
Identities List<KubernetesCluster Key Vault Secrets Provider Secret Identity> - An
secret_identity
block is exported. The exported attributes are defined below. - Secret
Rotation boolEnabled - Should the secret store CSI driver on the AKS cluster be enabled?
- Secret
Rotation stringInterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
- Secret
Identities []KubernetesCluster Key Vault Secrets Provider Secret Identity - An
secret_identity
block is exported. The exported attributes are defined below. - Secret
Rotation boolEnabled - Should the secret store CSI driver on the AKS cluster be enabled?
- Secret
Rotation stringInterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
- secret
Identities List<KubernetesCluster Key Vault Secrets Provider Secret Identity> - An
secret_identity
block is exported. The exported attributes are defined below. - secret
Rotation BooleanEnabled - Should the secret store CSI driver on the AKS cluster be enabled?
- secret
Rotation StringInterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
- secret
Identities KubernetesCluster Key Vault Secrets Provider Secret Identity[] - An
secret_identity
block is exported. The exported attributes are defined below. - secret
Rotation booleanEnabled - Should the secret store CSI driver on the AKS cluster be enabled?
- secret
Rotation stringInterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
- secret_
identities Sequence[KubernetesCluster Key Vault Secrets Provider Secret Identity] - An
secret_identity
block is exported. The exported attributes are defined below. - secret_
rotation_ boolenabled - Should the secret store CSI driver on the AKS cluster be enabled?
- secret_
rotation_ strinterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
- secret
Identities List<Property Map> - An
secret_identity
block is exported. The exported attributes are defined below. - secret
Rotation BooleanEnabled - Should the secret store CSI driver on the AKS cluster be enabled?
- secret
Rotation StringInterval The interval to poll for secret rotation. This attribute is only set when
secret_rotation
is true. Defaults to2m
.Note: To enable
key_vault_secrets_provider
eithersecret_rotation_enabled
orsecret_rotation_interval
must be specified.
KubernetesClusterKeyVaultSecretsProviderSecretIdentity, KubernetesClusterKeyVaultSecretsProviderSecretIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client_
id str - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object_
id str - The Object ID of the user-defined Managed Identity used for Web App Routing
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
KubernetesClusterKubeAdminConfig, KubernetesClusterKubeAdminConfigArgs
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- Cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- Host string
- The Kubernetes cluster server host.
- Password string
- A password or token used to authenticate to the Kubernetes cluster.
- Username string
- A username used to authenticate to the Kubernetes cluster.
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- Cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- Host string
- The Kubernetes cluster server host.
- Password string
- A password or token used to authenticate to the Kubernetes cluster.
- Username string
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key String - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca StringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host String
- The Kubernetes cluster server host.
- password String
- A password or token used to authenticate to the Kubernetes cluster.
- username String
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host string
- The Kubernetes cluster server host.
- password string
- A password or token used to authenticate to the Kubernetes cluster.
- username string
- A username used to authenticate to the Kubernetes cluster.
- client_
certificate str - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client_
key str - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster_
ca_ strcertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host str
- The Kubernetes cluster server host.
- password str
- A password or token used to authenticate to the Kubernetes cluster.
- username str
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key String - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca StringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host String
- The Kubernetes cluster server host.
- password String
- A password or token used to authenticate to the Kubernetes cluster.
- username String
- A username used to authenticate to the Kubernetes cluster.
KubernetesClusterKubeConfig, KubernetesClusterKubeConfigArgs
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- Cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- Host string
- The Kubernetes cluster server host.
- Password string
- A password or token used to authenticate to the Kubernetes cluster.
- Username string
- A username used to authenticate to the Kubernetes cluster.
- Client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- Client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- Cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- Host string
- The Kubernetes cluster server host.
- Password string
- A password or token used to authenticate to the Kubernetes cluster.
- Username string
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key String - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca StringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host String
- The Kubernetes cluster server host.
- password String
- A password or token used to authenticate to the Kubernetes cluster.
- username String
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate string - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key string - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca stringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host string
- The Kubernetes cluster server host.
- password string
- A password or token used to authenticate to the Kubernetes cluster.
- username string
- A username used to authenticate to the Kubernetes cluster.
- client_
certificate str - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client_
key str - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster_
ca_ strcertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host str
- The Kubernetes cluster server host.
- password str
- A password or token used to authenticate to the Kubernetes cluster.
- username str
- A username used to authenticate to the Kubernetes cluster.
- client
Certificate String - Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
- client
Key String - Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
- cluster
Ca StringCertificate - Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
- host String
- The Kubernetes cluster server host.
- password String
- A password or token used to authenticate to the Kubernetes cluster.
- username String
- A username used to authenticate to the Kubernetes cluster.
KubernetesClusterKubeletIdentity, KubernetesClusterKubeletIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- Object
Id string - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- Client
Id string - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- Object
Id string - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- client
Id String - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- object
Id String - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- client
Id string - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- object
Id string - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- client_
id str - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- object_
id str - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- client
Id String - The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- object
Id String - The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
KubernetesClusterLinuxProfile, KubernetesClusterLinuxProfileArgs
- Admin
Username string - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- Ssh
Key KubernetesCluster Linux Profile Ssh Key - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
- Admin
Username string - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- Ssh
Key KubernetesCluster Linux Profile Ssh Key - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
- admin
Username String - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- ssh
Key KubernetesCluster Linux Profile Ssh Key - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
- admin
Username string - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- ssh
Key KubernetesCluster Linux Profile Ssh Key - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
- admin_
username str - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- ssh_
key KubernetesCluster Linux Profile Ssh Key - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
- admin
Username String - The Admin Username for the Cluster. Changing this forces a new resource to be created.
- ssh
Key Property Map - An
ssh_key
block as defined below. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.
KubernetesClusterLinuxProfileSshKey, KubernetesClusterLinuxProfileSshKeyArgs
- Key
Data string - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
- Key
Data string - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
- key
Data String - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
- key
Data string - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
- key_
data str - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
- key
Data String - The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.
KubernetesClusterMaintenanceWindow, KubernetesClusterMaintenanceWindowArgs
- Alloweds
List<Kubernetes
Cluster Maintenance Window Allowed> - One or more
allowed
blocks as defined below. - Not
Alloweds List<KubernetesCluster Maintenance Window Not Allowed> - One or more
not_allowed
block as defined below.
- Alloweds
[]Kubernetes
Cluster Maintenance Window Allowed - One or more
allowed
blocks as defined below. - Not
Alloweds []KubernetesCluster Maintenance Window Not Allowed - One or more
not_allowed
block as defined below.
- alloweds
List<Kubernetes
Cluster Maintenance Window Allowed> - One or more
allowed
blocks as defined below. - not
Alloweds List<KubernetesCluster Maintenance Window Not Allowed> - One or more
not_allowed
block as defined below.
- alloweds
Kubernetes
Cluster Maintenance Window Allowed[] - One or more
allowed
blocks as defined below. - not
Alloweds KubernetesCluster Maintenance Window Not Allowed[] - One or more
not_allowed
block as defined below.
- alloweds
Sequence[Kubernetes
Cluster Maintenance Window Allowed] - One or more
allowed
blocks as defined below. - not_
alloweds Sequence[KubernetesCluster Maintenance Window Not Allowed] - One or more
not_allowed
block as defined below.
- alloweds List<Property Map>
- One or more
allowed
blocks as defined below. - not
Alloweds List<Property Map> - One or more
not_allowed
block as defined below.
KubernetesClusterMaintenanceWindowAllowed, KubernetesClusterMaintenanceWindowAllowedArgs
- Day string
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - Hours List<int>
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
- Day string
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - Hours []int
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
- day String
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - hours List<Integer>
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
- day string
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - hours number[]
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
- day str
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - hours Sequence[int]
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
- day String
- A day in a week. Possible values are
Sunday
,Monday
,Tuesday
,Wednesday
,Thursday
,Friday
andSaturday
. - hours List<Number>
- An array of hour slots in a day. For example, specifying
1
will allow maintenance from 1:00am to 2:00am. Specifying1
,2
will allow maintenance from 1:00am to 3:00m. Possible values are between0
and23
.
KubernetesClusterMaintenanceWindowAutoUpgrade, KubernetesClusterMaintenanceWindowAutoUpgradeArgs
- Duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - Frequency string
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - Interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- Day
Of intMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- Day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - Not
Alloweds List<KubernetesCluster Maintenance Window Auto Upgrade Not Allowed> - One or more
not_allowed
block as defined below. - Start
Date string - The date on which the maintenance window begins to take effect.
- Start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - Utc
Offset string - Used to determine the timezone for cluster maintenance.
- Week
Index string - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
- Duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - Frequency string
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - Interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- Day
Of intMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- Day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - Not
Alloweds []KubernetesCluster Maintenance Window Auto Upgrade Not Allowed - One or more
not_allowed
block as defined below. - Start
Date string - The date on which the maintenance window begins to take effect.
- Start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - Utc
Offset string - Used to determine the timezone for cluster maintenance.
- Week
Index string - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
- duration Integer
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency String
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval Integer
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of IntegerMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of StringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds List<KubernetesCluster Maintenance Window Auto Upgrade Not Allowed> - One or more
not_allowed
block as defined below. - start
Date String - The date on which the maintenance window begins to take effect.
- start
Time String - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset String - Used to determine the timezone for cluster maintenance.
- week
Index String - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
- duration number
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency string
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval number
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of numberMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds KubernetesCluster Maintenance Window Auto Upgrade Not Allowed[] - One or more
not_allowed
block as defined below. - start
Date string - The date on which the maintenance window begins to take effect.
- start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset string - Used to determine the timezone for cluster maintenance.
- week
Index string - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
- duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency str
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day_
of_ intmonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day_
of_ strweek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not_
alloweds Sequence[KubernetesCluster Maintenance Window Auto Upgrade Not Allowed] - One or more
not_allowed
block as defined below. - start_
date str - The date on which the maintenance window begins to take effect.
- start_
time str - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc_
offset str - Used to determine the timezone for cluster maintenance.
- week_
index str - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
- duration Number
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency String
- Frequency of maintenance. Possible options are
Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval Number
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of NumberMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of StringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds List<Property Map> - One or more
not_allowed
block as defined below. - start
Date String - The date on which the maintenance window begins to take effect.
- start
Time String - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset String - Used to determine the timezone for cluster maintenance.
- week
Index String - Specifies on which instance of the allowed days specified in
day_of_week
the maintenance occurs. Options areFirst
,Second
,Third
,Fourth
, andLast
. Required in combination with relative monthly frequency.
KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowed, KubernetesClusterMaintenanceWindowAutoUpgradeNotAllowedArgs
KubernetesClusterMaintenanceWindowNodeOs, KubernetesClusterMaintenanceWindowNodeOsArgs
- Duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - Frequency string
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - Interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- Day
Of intMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- Day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - Not
Alloweds List<KubernetesCluster Maintenance Window Node Os Not Allowed> - One or more
not_allowed
block as defined below. - Start
Date string - The date on which the maintenance window begins to take effect.
- Start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - Utc
Offset string - Used to determine the timezone for cluster maintenance.
- Week
Index string - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
- Duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - Frequency string
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - Interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- Day
Of intMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- Day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - Not
Alloweds []KubernetesCluster Maintenance Window Node Os Not Allowed - One or more
not_allowed
block as defined below. - Start
Date string - The date on which the maintenance window begins to take effect.
- Start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - Utc
Offset string - Used to determine the timezone for cluster maintenance.
- Week
Index string - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
- duration Integer
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency String
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval Integer
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of IntegerMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of StringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds List<KubernetesCluster Maintenance Window Node Os Not Allowed> - One or more
not_allowed
block as defined below. - start
Date String - The date on which the maintenance window begins to take effect.
- start
Time String - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset String - Used to determine the timezone for cluster maintenance.
- week
Index String - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
- duration number
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency string
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval number
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of numberMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of stringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds KubernetesCluster Maintenance Window Node Os Not Allowed[] - One or more
not_allowed
block as defined below. - start
Date string - The date on which the maintenance window begins to take effect.
- start
Time string - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset string - Used to determine the timezone for cluster maintenance.
- week
Index string - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
- duration int
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency str
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval int
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day_
of_ intmonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day_
of_ strweek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not_
alloweds Sequence[KubernetesCluster Maintenance Window Node Os Not Allowed] - One or more
not_allowed
block as defined below. - start_
date str - The date on which the maintenance window begins to take effect.
- start_
time str - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc_
offset str - Used to determine the timezone for cluster maintenance.
- week_
index str - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
- duration Number
- The duration of the window for maintenance to run in hours. Possible options are between
4
to24
. - frequency String
- Frequency of maintenance. Possible options are
Daily
,Weekly
,AbsoluteMonthly
andRelativeMonthly
. - interval Number
- The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- day
Of NumberMonth - The day of the month for the maintenance run. Required in combination with AbsoluteMonthly frequency. Value between 0 and 31 (inclusive).
- day
Of StringWeek - The day of the week for the maintenance run. Required in combination with weekly frequency. Possible values are
Friday
,Monday
,Saturday
,Sunday
,Thursday
,Tuesday
andWednesday
. - not
Alloweds List<Property Map> - One or more
not_allowed
block as defined below. - start
Date String - The date on which the maintenance window begins to take effect.
- start
Time String - The time for maintenance to begin, based on the timezone determined by
utc_offset
. Format isHH:mm
. - utc
Offset String - Used to determine the timezone for cluster maintenance.
- week
Index String - The week in the month used for the maintenance run. Options are
First
,Second
,Third
,Fourth
, andLast
.
KubernetesClusterMaintenanceWindowNodeOsNotAllowed, KubernetesClusterMaintenanceWindowNodeOsNotAllowedArgs
KubernetesClusterMaintenanceWindowNotAllowed, KubernetesClusterMaintenanceWindowNotAllowedArgs
KubernetesClusterMicrosoftDefender, KubernetesClusterMicrosoftDefenderArgs
- Log
Analytics stringWorkspace Id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
- Log
Analytics stringWorkspace Id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
- log
Analytics StringWorkspace Id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
- log
Analytics stringWorkspace Id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
- log_
analytics_ strworkspace_ id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
- log
Analytics StringWorkspace Id - Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.
KubernetesClusterMonitorMetrics, KubernetesClusterMonitorMetricsArgs
- Annotations
Allowed string - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- Labels
Allowed string Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
- Annotations
Allowed string - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- Labels
Allowed string Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
- annotations
Allowed String - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- labels
Allowed String Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
- annotations
Allowed string - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- labels
Allowed string Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
- annotations_
allowed str - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- labels_
allowed str Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
- annotations
Allowed String - Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
- labels
Allowed String Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.
Note: Both properties
annotations_allowed
andlabels_allowed
are required if you are enabling Managed Prometheus with an existing Azure Monitor Workspace.
KubernetesClusterNetworkProfile, KubernetesClusterNetworkProfileArgs
- Network
Plugin string Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- Dns
Service stringIp - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- Ip
Versions List<string> Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- Load
Balancer KubernetesProfile Cluster Network Profile Load Balancer Profile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - Load
Balancer stringSku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - Nat
Gateway KubernetesProfile Cluster Network Profile Nat Gateway Profile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - Network
Data stringPlane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- Network
Mode string Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- Network
Plugin stringMode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- Network
Policy string Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- Outbound
Type string - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - Pod
Cidr string - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - Pod
Cidrs List<string> - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- Service
Cidr string - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- Service
Cidrs List<string> A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
- Network
Plugin string Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- Dns
Service stringIp - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- Ip
Versions []string Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- Load
Balancer KubernetesProfile Cluster Network Profile Load Balancer Profile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - Load
Balancer stringSku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - Nat
Gateway KubernetesProfile Cluster Network Profile Nat Gateway Profile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - Network
Data stringPlane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- Network
Mode string Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- Network
Plugin stringMode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- Network
Policy string Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- Outbound
Type string - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - Pod
Cidr string - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - Pod
Cidrs []string - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- Service
Cidr string - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- Service
Cidrs []string A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
- network
Plugin String Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- dns
Service StringIp - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- ip
Versions List<String> Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- load
Balancer KubernetesProfile Cluster Network Profile Load Balancer Profile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - load
Balancer StringSku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - nat
Gateway KubernetesProfile Cluster Network Profile Nat Gateway Profile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - network
Data StringPlane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- network
Mode String Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- network
Plugin StringMode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- network
Policy String Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- outbound
Type String - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - pod
Cidr String - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - pod
Cidrs List<String> - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- service
Cidr String - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- service
Cidrs List<String> A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
- network
Plugin string Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- dns
Service stringIp - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- ip
Versions string[] Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- load
Balancer KubernetesProfile Cluster Network Profile Load Balancer Profile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - load
Balancer stringSku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - nat
Gateway KubernetesProfile Cluster Network Profile Nat Gateway Profile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - network
Data stringPlane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- network
Mode string Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- network
Plugin stringMode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- network
Policy string Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- outbound
Type string - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - pod
Cidr string - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - pod
Cidrs string[] - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- service
Cidr string - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- service
Cidrs string[] A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
- network_
plugin str Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- dns_
service_ strip - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- ip_
versions Sequence[str] Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- load_
balancer_ Kubernetesprofile Cluster Network Profile Load Balancer Profile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - load_
balancer_ strsku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - nat_
gateway_ Kubernetesprofile Cluster Network Profile Nat Gateway Profile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - network_
data_ strplane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- network_
mode str Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- network_
plugin_ strmode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- network_
policy str Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- outbound_
type str - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - pod_
cidr str - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - pod_
cidrs Sequence[str] - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- service_
cidr str - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- service_
cidrs Sequence[str] A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
- network
Plugin String Network plugin to use for networking. Currently supported values are
azure
,kubenet
andnone
. Changing this forces a new resource to be created.Note: When
network_plugin
is set toazure
- thepod_cidr
field must not be set, unless specifyingnetwork_plugin_mode
tooverlay
.- dns
Service StringIp - IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
- ip
Versions List<String> Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are
IPv4
and/orIPv6
.IPv4
must always be specified. Changing this forces a new resource to be created.->Note: To configure dual-stack networking
ip_versions
should be set to["IPv4", "IPv6"]
.->Note: Dual-stack networking requires that the Preview Feature
Microsoft.ContainerService/AKS-EnableDualStack
is enabled and the Resource Provider is re-registered, see the documentation for more information.- load
Balancer Property MapProfile - A
load_balancer_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
. Changing this forces a new resource to be created. - load
Balancer StringSku - Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are
basic
andstandard
. Defaults tostandard
. Changing this forces a new resource to be created. - nat
Gateway Property MapProfile - A
nat_gateway_profile
block as defined below. This can only be specified whenload_balancer_sku
is set tostandard
andoutbound_type
is set tomanagedNATGateway
oruserAssignedNATGateway
. Changing this forces a new resource to be created. - network
Data StringPlane Specifies the data plane used for building the Kubernetes network. Possible values are
azure
andcilium
. Defaults toazure
. Disabling this forces a new resource to be created.Note: When
network_data_plane
is set tocilium
, thenetwork_plugin
field can only be set toazure
.Note: When
network_data_plane
is set tocilium
, one of eithernetwork_plugin_mode = "overlay"
orpod_subnet_id
must be specified.- network
Mode String Network mode to be used with Azure CNI. Possible values are
bridge
andtransparent
. Changing this forces a new resource to be created.Note:
network_mode
can only be set tobridge
for existing Kubernetes Clusters and cannot be used to provision new Clusters - this will be removed by Azure in the future.Note: This property can only be set when
network_plugin
is set toazure
.- network
Plugin StringMode Specifies the network plugin mode used for building the Kubernetes network. Possible value is
overlay
.Note: When
network_plugin_mode
is set tooverlay
, thenetwork_plugin
field can only be set toazure
. When upgrading from Azure CNI without overlay,pod_subnet_id
must be specified.- network
Policy String Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are
calico
,azure
andcilium
.Note: When
network_policy
is set toazure
, thenetwork_plugin
field can only be set toazure
.Note: When
network_policy
is set tocilium
, thenetwork_data_plane
field must be set tocilium
.- outbound
Type String - The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are
loadBalancer
,userDefinedRouting
,managedNATGateway
anduserAssignedNATGateway
. Defaults toloadBalancer
. More information on supported migration paths foroutbound_type
can be found in this documentation. - pod
Cidr String - The CIDR to use for pod IP addresses. This field can only be set when
network_plugin
is set tokubenet
ornetwork_plugin_mode
is set tooverlay
. Changing this forces a new resource to be created. - pod
Cidrs List<String> - A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
- service
Cidr String - The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.
- service
Cidrs List<String> A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
Note: This range should not be used by any network element on or connected to this VNet. Service address CIDR must be smaller than /12.
docker_bridge_cidr
,dns_service_ip
andservice_cidr
should all be empty or all should be set.
KubernetesClusterNetworkProfileLoadBalancerProfile, KubernetesClusterNetworkProfileLoadBalancerProfileArgs
- Backend
Pool stringType - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - Effective
Outbound List<string>Ips - The outcome (resource IDs) of the specified arguments.
- Idle
Timeout intIn Minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - Managed
Outbound intIp Count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - Managed
Outbound intIpv6Count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- Outbound
Ip List<string>Address Ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- Outbound
Ip List<string>Prefix Ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- Outbound
Ports intAllocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
- Backend
Pool stringType - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - Effective
Outbound []stringIps - The outcome (resource IDs) of the specified arguments.
- Idle
Timeout intIn Minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - Managed
Outbound intIp Count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - Managed
Outbound intIpv6Count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- Outbound
Ip []stringAddress Ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- Outbound
Ip []stringPrefix Ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- Outbound
Ports intAllocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
- backend
Pool StringType - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - effective
Outbound List<String>Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout IntegerIn Minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - managed
Outbound IntegerIp Count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - managed
Outbound IntegerIpv6Count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- outbound
Ip List<String>Address Ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ip List<String>Prefix Ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ports IntegerAllocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
- backend
Pool stringType - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - effective
Outbound string[]Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout numberIn Minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - managed
Outbound numberIp Count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - managed
Outbound numberIpv6Count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- outbound
Ip string[]Address Ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ip string[]Prefix Ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ports numberAllocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
- backend_
pool_ strtype - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - effective_
outbound_ Sequence[str]ips - The outcome (resource IDs) of the specified arguments.
- idle_
timeout_ intin_ minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - managed_
outbound_ intip_ count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - managed_
outbound_ intipv6_ count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- outbound_
ip_ Sequence[str]address_ ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- outbound_
ip_ Sequence[str]prefix_ ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- outbound_
ports_ intallocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
- backend
Pool StringType - The type of the managed inbound Load Balancer Backend Pool. Possible values are
NodeIP
andNodeIPConfiguration
. Defaults toNodeIPConfiguration
. See the documentation for more information. - effective
Outbound List<String>Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout NumberIn Minutes - Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between
4
and100
inclusive. Defaults to30
. - managed
Outbound NumberIp Count - Count of desired managed outbound IPs for the cluster load balancer. Must be between
1
and100
inclusive. - managed
Outbound NumberIpv6Count The desired number of IPv6 outbound IPs created and managed by Azure for the cluster load balancer. Must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
Note:
managed_outbound_ipv6_count
requires dual-stack networking. To enable dual-stack networking the Preview FeatureMicrosoft.ContainerService/AKS-EnableDualStack
needs to be enabled and the Resource Provider re-registered, see the documentation for more information.- outbound
Ip List<String>Address Ids The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
Note: Set
outbound_ip_address_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_address_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ip List<String>Prefix Ids The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
Note: Set
outbound_ip_prefix_ids
to an empty slice[]
in order to unlink it from the cluster. Unlinking aoutbound_ip_prefix_ids
will revert the load balancing for the cluster back to a managed one.- outbound
Ports NumberAllocated - Number of desired SNAT port for each VM in the clusters load balancer. Must be between
0
and64000
inclusive. Defaults to0
.
KubernetesClusterNetworkProfileNatGatewayProfile, KubernetesClusterNetworkProfileNatGatewayProfileArgs
- Effective
Outbound List<string>Ips - The outcome (resource IDs) of the specified arguments.
- Idle
Timeout intIn Minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - Managed
Outbound intIp Count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
- Effective
Outbound []stringIps - The outcome (resource IDs) of the specified arguments.
- Idle
Timeout intIn Minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - Managed
Outbound intIp Count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
- effective
Outbound List<String>Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout IntegerIn Minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - managed
Outbound IntegerIp Count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
- effective
Outbound string[]Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout numberIn Minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - managed
Outbound numberIp Count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
- effective_
outbound_ Sequence[str]ips - The outcome (resource IDs) of the specified arguments.
- idle_
timeout_ intin_ minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - managed_
outbound_ intip_ count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
- effective
Outbound List<String>Ips - The outcome (resource IDs) of the specified arguments.
- idle
Timeout NumberIn Minutes - Desired outbound flow idle timeout in minutes for the managed nat gateway. Must be between
4
and120
inclusive. Defaults to4
. - managed
Outbound NumberIp Count - Count of desired managed outbound IPs for the managed nat gateway. Must be between
1
and16
inclusive.
KubernetesClusterOmsAgent, KubernetesClusterOmsAgentArgs
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- Msi
Auth boolFor Monitoring Enabled - Is managed identity authentication for monitoring enabled?
- Oms
Agent List<KubernetesIdentities Cluster Oms Agent Oms Agent Identity> - An
oms_agent_identity
block is exported. The exported attributes are defined below.
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- Msi
Auth boolFor Monitoring Enabled - Is managed identity authentication for monitoring enabled?
- Oms
Agent []KubernetesIdentities Cluster Oms Agent Oms Agent Identity - An
oms_agent_identity
block is exported. The exported attributes are defined below.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- msi
Auth BooleanFor Monitoring Enabled - Is managed identity authentication for monitoring enabled?
- oms
Agent List<KubernetesIdentities Cluster Oms Agent Oms Agent Identity> - An
oms_agent_identity
block is exported. The exported attributes are defined below.
- log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- msi
Auth booleanFor Monitoring Enabled - Is managed identity authentication for monitoring enabled?
- oms
Agent KubernetesIdentities Cluster Oms Agent Oms Agent Identity[] - An
oms_agent_identity
block is exported. The exported attributes are defined below.
- log_
analytics_ strworkspace_ id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- msi_
auth_ boolfor_ monitoring_ enabled - Is managed identity authentication for monitoring enabled?
- oms_
agent_ Sequence[Kubernetesidentities Cluster Oms Agent Oms Agent Identity] - An
oms_agent_identity
block is exported. The exported attributes are defined below.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace which the OMS Agent should send data to.
- msi
Auth BooleanFor Monitoring Enabled - Is managed identity authentication for monitoring enabled?
- oms
Agent List<Property Map>Identities - An
oms_agent_identity
block is exported. The exported attributes are defined below.
KubernetesClusterOmsAgentOmsAgentIdentity, KubernetesClusterOmsAgentOmsAgentIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client_
id str - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object_
id str - The Object ID of the user-defined Managed Identity used for Web App Routing
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
KubernetesClusterServiceMeshProfile, KubernetesClusterServiceMeshProfileArgs
- Mode string
- The mode of the service mesh. Possible value is
Istio
. - Revisions List<string>
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Kubernetes
Cluster Service Mesh Profile Certificate Authority - A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - External
Ingress boolGateway Enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- Internal
Ingress boolGateway Enabled - Is Istio Internal Ingress Gateway enabled?
- Mode string
- The mode of the service mesh. Possible value is
Istio
. - Revisions []string
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Kubernetes
Cluster Service Mesh Profile Certificate Authority - A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - External
Ingress boolGateway Enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- Internal
Ingress boolGateway Enabled - Is Istio Internal Ingress Gateway enabled?
- mode String
- The mode of the service mesh. Possible value is
Istio
. - revisions List<String>
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Kubernetes
Cluster Service Mesh Profile Certificate Authority - A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - external
Ingress BooleanGateway Enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- internal
Ingress BooleanGateway Enabled - Is Istio Internal Ingress Gateway enabled?
- mode string
- The mode of the service mesh. Possible value is
Istio
. - revisions string[]
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Kubernetes
Cluster Service Mesh Profile Certificate Authority - A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - external
Ingress booleanGateway Enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- internal
Ingress booleanGateway Enabled - Is Istio Internal Ingress Gateway enabled?
- mode str
- The mode of the service mesh. Possible value is
Istio
. - revisions Sequence[str]
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Kubernetes
Cluster Service Mesh Profile Certificate Authority - A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - external_
ingress_ boolgateway_ enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- internal_
ingress_ boolgateway_ enabled - Is Istio Internal Ingress Gateway enabled?
- mode String
- The mode of the service mesh. Possible value is
Istio
. - revisions List<String>
Specify 1 or 2 Istio control plane revisions for managing minor upgrades using the canary upgrade process. For example, create the resource with
revisions
set to["asm-1-20"]
, or leave it empty (therevisions
will only be known after apply). To start the canary upgrade, changerevisions
to["asm-1-20", "asm-1-21"]
. To roll back the canary upgrade, revert to["asm-1-20"]
. To confirm the upgrade, change to["asm-1-21"]
.NOTE: Upgrading to a new (canary) revision does not affect existing sidecar proxies. You need to apply the canary revision label to selected namespaces and restart pods with kubectl to inject the new sidecar proxy. Learn more.
- Property Map
- A
certificate_authority
block as defined below. When this property is specified,key_vault_secrets_provider
is also required to be set. This configuration allows you to bring your own root certificate and keys for Istio CA in the Istio-based service mesh add-on for Azure Kubernetes Service. - external
Ingress BooleanGateway Enabled Is Istio External Ingress Gateway enabled?
NOTE: Currently only one Internal Ingress Gateway and one External Ingress Gateway are allowed per cluster
- internal
Ingress BooleanGateway Enabled - Is Istio Internal Ingress Gateway enabled?
KubernetesClusterServiceMeshProfileCertificateAuthority, KubernetesClusterServiceMeshProfileCertificateAuthorityArgs
- Cert
Chain stringObject Name - The certificate chain object name in Azure Key Vault.
- Cert
Object stringName - The intermediate certificate object name in Azure Key Vault.
- Key
Object stringName The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- Key
Vault stringId - The resource ID of the Key Vault.
- Root
Cert stringObject Name - The root certificate object name in Azure Key Vault.
- Cert
Chain stringObject Name - The certificate chain object name in Azure Key Vault.
- Cert
Object stringName - The intermediate certificate object name in Azure Key Vault.
- Key
Object stringName The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- Key
Vault stringId - The resource ID of the Key Vault.
- Root
Cert stringObject Name - The root certificate object name in Azure Key Vault.
- cert
Chain StringObject Name - The certificate chain object name in Azure Key Vault.
- cert
Object StringName - The intermediate certificate object name in Azure Key Vault.
- key
Object StringName The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- key
Vault StringId - The resource ID of the Key Vault.
- root
Cert StringObject Name - The root certificate object name in Azure Key Vault.
- cert
Chain stringObject Name - The certificate chain object name in Azure Key Vault.
- cert
Object stringName - The intermediate certificate object name in Azure Key Vault.
- key
Object stringName The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- key
Vault stringId - The resource ID of the Key Vault.
- root
Cert stringObject Name - The root certificate object name in Azure Key Vault.
- cert_
chain_ strobject_ name - The certificate chain object name in Azure Key Vault.
- cert_
object_ strname - The intermediate certificate object name in Azure Key Vault.
- key_
object_ strname The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- key_
vault_ strid - The resource ID of the Key Vault.
- root_
cert_ strobject_ name - The root certificate object name in Azure Key Vault.
- cert
Chain StringObject Name - The certificate chain object name in Azure Key Vault.
- cert
Object StringName - The intermediate certificate object name in Azure Key Vault.
- key
Object StringName The intermediate certificate private key object name in Azure Key Vault.
Note: For more information on Istio-based service mesh add-on with plug-in CA certificates and how to generate these certificates,
- key
Vault StringId - The resource ID of the Key Vault.
- root
Cert StringObject Name - The root certificate object name in Azure Key Vault.
KubernetesClusterServicePrincipal, KubernetesClusterServicePrincipalArgs
- Client
Id string - The Client ID for the Service Principal.
- Client
Secret string - The Client Secret for the Service Principal.
- Client
Id string - The Client ID for the Service Principal.
- Client
Secret string - The Client Secret for the Service Principal.
- client
Id String - The Client ID for the Service Principal.
- client
Secret String - The Client Secret for the Service Principal.
- client
Id string - The Client ID for the Service Principal.
- client
Secret string - The Client Secret for the Service Principal.
- client_
id str - The Client ID for the Service Principal.
- client_
secret str - The Client Secret for the Service Principal.
- client
Id String - The Client ID for the Service Principal.
- client
Secret String - The Client Secret for the Service Principal.
KubernetesClusterStorageProfile, KubernetesClusterStorageProfileArgs
- Blob
Driver boolEnabled - Is the Blob CSI driver enabled? Defaults to
false
. - Disk
Driver boolEnabled - Is the Disk CSI driver enabled? Defaults to
true
. - File
Driver boolEnabled - Is the File CSI driver enabled? Defaults to
true
. - Snapshot
Controller boolEnabled - Is the Snapshot Controller enabled? Defaults to
true
.
- Blob
Driver boolEnabled - Is the Blob CSI driver enabled? Defaults to
false
. - Disk
Driver boolEnabled - Is the Disk CSI driver enabled? Defaults to
true
. - File
Driver boolEnabled - Is the File CSI driver enabled? Defaults to
true
. - Snapshot
Controller boolEnabled - Is the Snapshot Controller enabled? Defaults to
true
.
- blob
Driver BooleanEnabled - Is the Blob CSI driver enabled? Defaults to
false
. - disk
Driver BooleanEnabled - Is the Disk CSI driver enabled? Defaults to
true
. - file
Driver BooleanEnabled - Is the File CSI driver enabled? Defaults to
true
. - snapshot
Controller BooleanEnabled - Is the Snapshot Controller enabled? Defaults to
true
.
- blob
Driver booleanEnabled - Is the Blob CSI driver enabled? Defaults to
false
. - disk
Driver booleanEnabled - Is the Disk CSI driver enabled? Defaults to
true
. - file
Driver booleanEnabled - Is the File CSI driver enabled? Defaults to
true
. - snapshot
Controller booleanEnabled - Is the Snapshot Controller enabled? Defaults to
true
.
- blob_
driver_ boolenabled - Is the Blob CSI driver enabled? Defaults to
false
. - disk_
driver_ boolenabled - Is the Disk CSI driver enabled? Defaults to
true
. - file_
driver_ boolenabled - Is the File CSI driver enabled? Defaults to
true
. - snapshot_
controller_ boolenabled - Is the Snapshot Controller enabled? Defaults to
true
.
- blob
Driver BooleanEnabled - Is the Blob CSI driver enabled? Defaults to
false
. - disk
Driver BooleanEnabled - Is the Disk CSI driver enabled? Defaults to
true
. - file
Driver BooleanEnabled - Is the File CSI driver enabled? Defaults to
true
. - snapshot
Controller BooleanEnabled - Is the Snapshot Controller enabled? Defaults to
true
.
KubernetesClusterWebAppRouting, KubernetesClusterWebAppRoutingArgs
- Dns
Zone List<string>Ids - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- Web
App List<KubernetesRouting Identities Cluster Web App Routing Web App Routing Identity> - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
- Dns
Zone []stringIds - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- Web
App []KubernetesRouting Identities Cluster Web App Routing Web App Routing Identity - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
- dns
Zone List<String>Ids - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- web
App List<KubernetesRouting Identities Cluster Web App Routing Web App Routing Identity> - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
- dns
Zone string[]Ids - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- web
App KubernetesRouting Identities Cluster Web App Routing Web App Routing Identity[] - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
- dns_
zone_ Sequence[str]ids - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- web_
app_ Sequence[Kubernetesrouting_ identities Cluster Web App Routing Web App Routing Identity] - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
- dns
Zone List<String>Ids - Specifies the list of the DNS Zone IDs in which DNS entries are created for applications deployed to the cluster when Web App Routing is enabled. If not using Bring-Your-Own DNS zones this property should be set to an empty list.
- web
App List<Property Map>Routing Identities - A
web_app_routing_identity
block is exported. The exported attributes are defined below.
KubernetesClusterWebAppRoutingWebAppRoutingIdentity, KubernetesClusterWebAppRoutingWebAppRoutingIdentityArgs
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- Client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- Object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- User
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id string - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id string - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned stringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
- client_
id str - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object_
id str - The Object ID of the user-defined Managed Identity used for Web App Routing
- user_
assigned_ stridentity_ id - The ID of the User Assigned Identity used for Web App Routing.
- client
Id String - The Client ID of the user-defined Managed Identity used for Web App Routing.
- object
Id String - The Object ID of the user-defined Managed Identity used for Web App Routing
- user
Assigned StringIdentity Id - The ID of the User Assigned Identity used for Web App Routing.
KubernetesClusterWindowsProfile, KubernetesClusterWindowsProfileArgs
- Admin
Password string - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- Admin
Username string - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- Gmsa
Kubernetes
Cluster Windows Profile Gmsa - A
gmsa
block as defined below. - License string
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
- Admin
Password string - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- Admin
Username string - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- Gmsa
Kubernetes
Cluster Windows Profile Gmsa - A
gmsa
block as defined below. - License string
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
- admin
Password String - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- admin
Username String - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- gmsa
Kubernetes
Cluster Windows Profile Gmsa - A
gmsa
block as defined below. - license String
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
- admin
Password string - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- admin
Username string - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- gmsa
Kubernetes
Cluster Windows Profile Gmsa - A
gmsa
block as defined below. - license string
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
- admin_
password str - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- admin_
username str - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- gmsa
Kubernetes
Cluster Windows Profile Gmsa - A
gmsa
block as defined below. - license str
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
- admin
Password String - The Admin Password for Windows VMs. Length must be between 14 and 123 characters.
- admin
Username String - The Admin Username for Windows VMs. Changing this forces a new resource to be created.
- gmsa Property Map
- A
gmsa
block as defined below. - license String
- Specifies the type of on-premise license which should be used for Node Pool Windows Virtual Machine. At this time the only possible value is
Windows_Server
.
KubernetesClusterWindowsProfileGmsa, KubernetesClusterWindowsProfileGmsaArgs
- Dns
Server string - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- Root
Domain string Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
- Dns
Server string - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- Root
Domain string Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
- dns
Server String - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- root
Domain String Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
- dns
Server string - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- root
Domain string Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
- dns_
server str - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- root_
domain str Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
- dns
Server String - Specifies the DNS server for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
- root
Domain String Specifies the root domain name for Windows gMSA. Set this to an empty string if you have configured the DNS server in the VNet which was used to create the managed cluster.
Note: The properties
dns_server
androot_domain
must both either be set or unset, i.e. empty.
KubernetesClusterWorkloadAutoscalerProfile, KubernetesClusterWorkloadAutoscalerProfileArgs
- Keda
Enabled bool - Specifies whether KEDA Autoscaler can be used for workloads.
- Vertical
Pod boolAutoscaler Enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
- Keda
Enabled bool - Specifies whether KEDA Autoscaler can be used for workloads.
- Vertical
Pod boolAutoscaler Enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
- keda
Enabled Boolean - Specifies whether KEDA Autoscaler can be used for workloads.
- vertical
Pod BooleanAutoscaler Enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
- keda
Enabled boolean - Specifies whether KEDA Autoscaler can be used for workloads.
- vertical
Pod booleanAutoscaler Enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
- keda_
enabled bool - Specifies whether KEDA Autoscaler can be used for workloads.
- vertical_
pod_ boolautoscaler_ enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
- keda
Enabled Boolean - Specifies whether KEDA Autoscaler can be used for workloads.
- vertical
Pod BooleanAutoscaler Enabled Specifies whether Vertical Pod Autoscaler should be enabled.
Note: This requires that the Preview Feature
Microsoft.ContainerService/AKS-VPAPreview
is enabled and the Resource Provider is re-registered, see the documentation for more information.
Import
Managed Kubernetes Clusters can be imported using the resource id
, e.g.
$ pulumi import azure:containerservice/kubernetesCluster:KubernetesCluster cluster1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.