azure_aks_cluster
aad_profile
Type: STRUCT
Provider name: properties.aadProfile
Description: The Azure Active Directory configuration.
admin_group_object_i_ds
Type: UNORDERED_LIST_STRING
Provider name: adminGroupObjectIDs
Description: The list of AAD group object IDs that will have admin role of the cluster.
client_app_id
Type: STRING
Provider name: clientAppID
Description: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.
enable_azure_rbac
Type: BOOLEAN
Provider name: enableAzureRBAC
Description: Whether to enable Azure RBAC for Kubernetes authorization.
managed
Type: BOOLEAN
Provider name: managed
Description: Whether to enable managed AAD.
server_app_id
Type: STRING
Provider name: serverAppID
Description: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.
server_app_secret
Type: STRING
Provider name: serverAppSecret
Description: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.
tenant_id
Type: STRING
Provider name: tenantID
Description: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment subscription.
agent_pool_profiles
Type: UNORDERED_LIST_STRUCT
Provider name: properties.agentPoolProfiles
Description: The agent pool properties.
availability_zones
Type: UNORDERED_LIST_STRING
Provider name: properties.availabilityZones
Description: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is ‘VirtualMachineScaleSets’.
capacity_reservation_group_id
Type: STRING
Provider name: properties.capacityReservationGroupID
Description: AKS will associate the specified agent pool with the Capacity Reservation Group.
count
Type: INT32
Provider name: properties.count
Description: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.
creation_data
Type: STRUCT
Provider name: properties.creationData
Description: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using a snapshot.
source_resource_id
Type: STRING
Provider name: sourceResourceId
Description: This is the ARM ID of the source object to be used to create the target object.
current_orchestrator_version
Type: STRING
Provider name: properties.currentOrchestratorVersion
Description: If orchestratorVersion is a fully specified version <major.minor.patch>, this field will be exactly equal to it. If orchestratorVersion is <major.minor>, this field will contain the full <major.minor.patch> version being used.
e_tag
Type: STRING
Provider name: properties.eTag
Description: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.
enable_auto_scaling
Type: BOOLEAN
Provider name: properties.enableAutoScaling
Description: Whether to enable auto-scaler
enable_encryption_at_host
Type: BOOLEAN
Provider name: properties.enableEncryptionAtHost
Description: This is only supported on certain VM sizes and in certain Azure regions. For more information, see: https://docs.microsoft.com/azure/aks/enable-host-encryption
enable_fips
Type: BOOLEAN
Provider name: properties.enableFIPS
Description: See Add a FIPS-enabled node pool for more details.
enable_node_public_ip
Type: BOOLEAN
Provider name: properties.enableNodePublicIP
Description: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node. The default is false.
enable_ultra_ssd
Type: BOOLEAN
Provider name: properties.enableUltraSSD
Description: Whether to enable UltraSSD
gpu_instance_profile
Type: STRING
Provider name: properties.gpuInstanceProfile
Description: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
gpu_profile
Type: STRUCT
Provider name: properties.gpuProfile
Description: GPU settings for the Agent Pool.
driver
Type: STRING
Provider name: driver
Description: Whether to install GPU drivers. When it’s not specified, default is Install.
host_group_id
Type: STRING
Provider name: properties.hostGroupID
Description: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/hostGroups/{hostGroupName}. For more information see Azure dedicated hosts.
kubelet_config
Type: STRUCT
Provider name: properties.kubeletConfig
Description: The Kubelet configuration on the agent pool nodes.
allowed_unsafe_sysctls
Type: UNORDERED_LIST_STRING
Provider name: allowedUnsafeSysctls
Description: Allowed list of unsafe sysctls or unsafe sysctl patterns (ending in *).
container_log_max_files
Type: INT32
Provider name: containerLogMaxFiles
Description: The maximum number of container log files that can be present for a container. The number must be ≥ 2.
container_log_max_size_mb
Type: INT32
Provider name: containerLogMaxSizeMB
Description: The maximum size (e.g. 10Mi) of container log file before it is rotated.
cpu_cfs_quota
Type: BOOLEAN
Provider name: cpuCfsQuota
Description: The default is true.
cpu_cfs_quota_period
Type: STRING
Provider name: cpuCfsQuotaPeriod
Description: The default is ‘100ms.’ Valid values are a sequence of decimal numbers with an optional fraction and a unit suffix. For example: ‘300ms’, ‘2h45m’. Supported units are ’ns’, ‘us’, ‘ms’, ’s’, ’m’, and ‘h’.
cpu_manager_policy
Type: STRING
Provider name: cpuManagerPolicy
Description: The default is ’none’. See Kubernetes CPU management policies for more information. Allowed values are ’none’ and ‘static’.
fail_swap_on
Type: BOOLEAN
Provider name: failSwapOn
Description: If set to true it will make the Kubelet fail to start if swap is enabled on the node.
image_gc_high_threshold
Type: INT32
Provider name: imageGcHighThreshold
Description: To disable image garbage collection, set to 100. The default is 85%
image_gc_low_threshold
Type: INT32
Provider name: imageGcLowThreshold
Description: This cannot be set higher than imageGcHighThreshold. The default is 80%
pod_max_pids
Type: INT32
Provider name: podMaxPids
Description: The maximum number of processes per pod.
topology_manager_policy
Type: STRING
Provider name: topologyManagerPolicy
Description: For more information see Kubernetes Topology Manager. The default is ’none’. Allowed values are ’none’, ‘best-effort’, ‘restricted’, and ‘single-numa-node’.
kubelet_disk_type
Type: STRING
Provider name: properties.kubeletDiskType
linux_os_config
Type: STRUCT
Provider name: properties.linuxOSConfig
Description: The OS configuration of Linux agent nodes.
swap_file_size_mb
Type: INT32
Provider name: swapFileSizeMB
Description: The size in MB of a swap file that will be created on each node.
sysctls
Type: STRUCT
Provider name: sysctls
Description: Sysctl settings for Linux agent nodes.
fs_aio_max_nr
Type: INT32
Provider name: fsAioMaxNr
Description: Sysctl setting fs.aio-max-nr.
fs_file_max
Type: INT32
Provider name: fsFileMax
Description: Sysctl setting fs.file-max.
fs_inotify_max_user_watches
Type: INT32
Provider name: fsInotifyMaxUserWatches
Description: Sysctl setting fs.inotify.max_user_watches.
fs_nr_open
Type: INT32
Provider name: fsNrOpen
Description: Sysctl setting fs.nr_open.
kernel_threads_max
Type: INT32
Provider name: kernelThreadsMax
Description: Sysctl setting kernel.threads-max.
net_core_netdev_max_backlog
Type: INT32
Provider name: netCoreNetdevMaxBacklog
Description: Sysctl setting net.core.netdev_max_backlog.
net_core_optmem_max
Type: INT32
Provider name: netCoreOptmemMax
Description: Sysctl setting net.core.optmem_max.
net_core_rmem_default
Type: INT32
Provider name: netCoreRmemDefault
Description: Sysctl setting net.core.rmem_default.
net_core_rmem_max
Type: INT32
Provider name: netCoreRmemMax
Description: Sysctl setting net.core.rmem_max.
net_core_somaxconn
Type: INT32
Provider name: netCoreSomaxconn
Description: Sysctl setting net.core.somaxconn.
net_core_wmem_default
Type: INT32
Provider name: netCoreWmemDefault
Description: Sysctl setting net.core.wmem_default.
net_core_wmem_max
Type: INT32
Provider name: netCoreWmemMax
Description: Sysctl setting net.core.wmem_max.
net_ipv4_ip_local_port_range
Type: STRING
Provider name: netIpv4IpLocalPortRange
Description: Sysctl setting net.ipv4.ip_local_port_range.
net_ipv4_neigh_default_gc_thresh1
Type: INT32
Provider name: netIpv4NeighDefaultGcThresh1
Description: Sysctl setting net.ipv4.neigh.default.gc_thresh1.
net_ipv4_neigh_default_gc_thresh2
Type: INT32
Provider name: netIpv4NeighDefaultGcThresh2
Description: Sysctl setting net.ipv4.neigh.default.gc_thresh2.
net_ipv4_neigh_default_gc_thresh3
Type: INT32
Provider name: netIpv4NeighDefaultGcThresh3
Description: Sysctl setting net.ipv4.neigh.default.gc_thresh3.
net_ipv4_tcp_fin_timeout
Type: INT32
Provider name: netIpv4TcpFinTimeout
Description: Sysctl setting net.ipv4.tcp_fin_timeout.
net_ipv4_tcp_keepalive_probes
Type: INT32
Provider name: netIpv4TcpKeepaliveProbes
Description: Sysctl setting net.ipv4.tcp_keepalive_probes.
net_ipv4_tcp_keepalive_time
Type: INT32
Provider name: netIpv4TcpKeepaliveTime
Description: Sysctl setting net.ipv4.tcp_keepalive_time.
net_ipv4_tcp_max_syn_backlog
Type: INT32
Provider name: netIpv4TcpMaxSynBacklog
Description: Sysctl setting net.ipv4.tcp_max_syn_backlog.
net_ipv4_tcp_max_tw_buckets
Type: INT32
Provider name: netIpv4TcpMaxTwBuckets
Description: Sysctl setting net.ipv4.tcp_max_tw_buckets.
net_ipv4_tcp_tw_reuse
Type: BOOLEAN
Provider name: netIpv4TcpTwReuse
Description: Sysctl setting net.ipv4.tcp_tw_reuse.
net_ipv4_tcpkeepalive_intvl
Type: INT32
Provider name: netIpv4TcpkeepaliveIntvl
Description: Sysctl setting net.ipv4.tcp_keepalive_intvl.
net_netfilter_nf_conntrack_buckets
Type: INT32
Provider name: netNetfilterNfConntrackBuckets
Description: Sysctl setting net.netfilter.nf_conntrack_buckets.
net_netfilter_nf_conntrack_max
Type: INT32
Provider name: netNetfilterNfConntrackMax
Description: Sysctl setting net.netfilter.nf_conntrack_max.
vm_max_map_count
Type: INT32
Provider name: vmMaxMapCount
Description: Sysctl setting vm.max_map_count.
vm_swappiness
Type: INT32
Provider name: vmSwappiness
Description: Sysctl setting vm.swappiness.
vm_vfs_cache_pressure
Type: INT32
Provider name: vmVfsCachePressure
Description: Sysctl setting vm.vfs_cache_pressure.
transparent_huge_page_defrag
Type: STRING
Provider name: transparentHugePageDefrag
Description: Valid values are ‘always’, ‘defer’, ‘defer+madvise’, ‘madvise’ and ’never’. The default is ‘madvise’. For more information see Transparent Hugepages.
transparent_huge_page_enabled
Type: STRING
Provider name: transparentHugePageEnabled
Description: Valid values are ‘always’, ‘madvise’, and ’never’. The default is ‘always’. For more information see Transparent Hugepages.
max_count
Type: INT32
Provider name: properties.maxCount
Description: The maximum number of nodes for auto-scaling
max_pods
Type: INT32
Provider name: properties.maxPods
Description: The maximum number of pods that can run on a node.
message_of_the_day
Type: STRING
Provider name: properties.messageOfTheDay
Description: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e., will be printed raw and not be executed as a script).
min_count
Type: INT32
Provider name: properties.minCount
Description: The minimum number of nodes for auto-scaling
mode
Type: STRING
Provider name: properties.mode
name
Type: STRING
Provider name: name
Description: Windows agent pool names must be 6 characters or less.
network_profile
Type: STRUCT
Provider name: properties.networkProfile
Description: Network-related settings of an agent pool.
allowed_host_ports
Type: UNORDERED_LIST_STRUCT
Provider name: allowedHostPorts
Description: The port ranges that are allowed to access. The specified ranges are allowed to overlap.
port_end
Type: INT32
Provider name: portEnd
Description: The maximum port that is included in the range. It should be ranged from 1 to 65535, and be greater than or equal to portStart.
port_start
Type: INT32
Provider name: portStart
Description: The minimum port that is included in the range. It should be ranged from 1 to 65535, and be less than or equal to portEnd.
protocol
Type: STRING
Provider name: protocol
Description: The network protocol of the port.
application_security_groups
Type: UNORDERED_LIST_STRING
Provider name: applicationSecurityGroups
Description: The IDs of the application security groups which agent pool will associate when created.
node_public_ip_tags
Type: UNORDERED_LIST_STRUCT
Provider name: nodePublicIPTags
Description: IPTags of instance-level public IPs.
ip_tag_type
Type: STRING
Provider name: ipTagType
Description: The IP tag type. Example: RoutingPreference.
tag
Type: STRING
Provider name: tag
Description: The value of the IP tag associated with the public IP. Example: Internet.
node_image_version
Type: STRING
Provider name: properties.nodeImageVersion
Description: The version of node image
node_public_ip_prefix_id
Type: STRING
Provider name: properties.nodePublicIPPrefixID
Description: This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/publicIPPrefixes/{publicIPPrefixName}
node_taints
Type: UNORDERED_LIST_STRING
Provider name: properties.nodeTaints
Description: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.
orchestrator_version
Type: STRING
Provider name: properties.orchestratorVersion
Description: Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool.
os_disk_size_gb
Type: INT32
Provider name: properties.osDiskSizeGB
os_disk_type
Type: STRING
Provider name: properties.osDiskType
os_sku
Type: STRING
Provider name: properties.osSKU
os_type
Type: STRING
Provider name: properties.osType
pod_subnet_id
Type: STRING
Provider name: properties.podSubnetID
Description: If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
power_state
Type: STRUCT
Provider name: properties.powerState
Description: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only be stopped if it is Running and provisioning state is Succeeded
code
Type: STRING
Provider name: code
Description: Tells whether the cluster is Running or Stopped
provisioning_state
Type: STRING
Provider name: properties.provisioningState
Description: The current deployment or provisioning state.
proximity_placement_group_id
Type: STRING
Provider name: properties.proximityPlacementGroupID
Description: The ID for Proximity Placement Group.
scale_down_mode
Type: STRING
Provider name: properties.scaleDownMode
Description: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.
scale_set_eviction_policy
Type: STRING
Provider name: properties.scaleSetEvictionPolicy
Description: This cannot be specified unless the scaleSetPriority is ‘Spot’. If not specified, the default is ‘Delete’.
scale_set_priority
Type: STRING
Provider name: properties.scaleSetPriority
Description: The Virtual Machine Scale Set priority. If not specified, the default is ‘Regular’.
security_profile
Type: STRUCT
Provider name: properties.securityProfile
Description: The security settings of an agent pool.
enable_secure_boot
Type: BOOLEAN
Provider name: enableSecureBoot
Description: Secure Boot is a feature of Trusted Launch which ensures that only signed operating systems and drivers can boot. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.
enable_vtpm
Type: BOOLEAN
Provider name: enableVTPM
Description: vTPM is a Trusted Launch feature for configuring a dedicated secure vault for keys and measurements held locally on the node. For more details, see aka.ms/aks/trustedlaunch. If not specified, the default is false.
spot_max_price
Type: DOUBLE
Provider name: properties.spotMaxPrice
Description: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing
type
Type: STRING
Provider name: properties.type
upgrade_settings
Type: STRUCT
Provider name: properties.upgradeSettings
Description: Settings for upgrading the agentpool
drain_timeout_in_minutes
Type: INT32
Provider name: drainTimeoutInMinutes
Description: The amount of time (in minutes) to wait on eviction of pods and graceful termination per node. This eviction wait time honors waiting on pod disruption budgets. If this time is exceeded, the upgrade fails. If not specified, the default is 30 minutes.
max_surge
Type: STRING
Provider name: maxSurge
Description: This can either be set to an integer (e.g. ‘5’) or a percentage (e.g. ‘50%’). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 10%. For more information, including best practices, see: https://docs.microsoft.com/azure/aks/upgrade-cluster#customize-node-surge-upgrade
node_soak_duration_in_minutes
Type: INT32
Provider name: nodeSoakDurationInMinutes
Description: The amount of time (in minutes) to wait after draining a node and before reimaging it and moving on to next node. If not specified, the default is 0 minutes.
vm_size
Type: STRING
Provider name: properties.vmSize
Description: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: https://docs.microsoft.com/azure/aks/quotas-skus-regions
vnet_subnet_id
Type: STRING
Provider name: properties.vnetSubnetID
Description: If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}
windows_profile
Type: STRUCT
Provider name: properties.windowsProfile
Description: The Windows agent pool’s specific profile.
disable_outbound_nat
Type: BOOLEAN
Provider name: disableOutboundNat
Description: The default value is false. Outbound NAT can only be disabled if the cluster outboundType is NAT Gateway and the Windows agent pool does not have node public IP enabled.
workload_runtime
Type: STRING
Provider name: properties.workloadRuntime
api_server_access_profile
Type: STRUCT
Provider name: properties.apiServerAccessProfile
Description: The access profile for managed cluster API server.
authorized_ip_ranges
Type: UNORDERED_LIST_STRING
Provider name: authorizedIPRanges
Description: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see API server authorized IP ranges.
disable_run_command
Type: BOOLEAN
Provider name: disableRunCommand
Description: Whether to disable run command for the cluster or not.
enable_private_cluster
Type: BOOLEAN
Provider name: enablePrivateCluster
Description: For more details, see Creating a private AKS cluster.
enable_private_cluster_public_fqdn
Type: BOOLEAN
Provider name: enablePrivateClusterPublicFQDN
Description: Whether to create additional public FQDN for private cluster or not.
private_dns_zone
Type: STRING
Provider name: privateDNSZone
Description: The default is System. For more details see configure private DNS zone. Allowed values are ‘system’ and ’none’.
auto_scaler_profile
Type: STRUCT
Provider name: properties.autoScalerProfile
Description: Parameters to be applied to the cluster-autoscaler when enabled
balance-similar-node-groups
Type: STRING
Provider name: balance-similar-node-groups
Description: Valid values are ’true’ and ‘false’
daemonset-eviction-for-empty-nodes
Type: BOOLEAN
Provider name: daemonset-eviction-for-empty-nodes
Description: If set to true, all daemonset pods on empty nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.
daemonset-eviction-for-occupied-nodes
Type: BOOLEAN
Provider name: daemonset-eviction-for-occupied-nodes
Description: If set to true, all daemonset pods on occupied nodes will be evicted before deletion of the node. If the daemonset pod cannot be evicted another node will be chosen for scaling. If set to false, the node will be deleted without ensuring that daemonset pods are deleted or evicted.
expander
Type: STRING
Provider name: expander
Description: If not specified, the default is ‘random’. See expanders for more information.
ignore-daemonsets-utilization
Type: BOOLEAN
Provider name: ignore-daemonsets-utilization
Description: If set to true, the resources used by daemonset will be taken into account when making scaling down decisions.
max-empty-bulk-delete
Type: STRING
Provider name: max-empty-bulk-delete
Description: The default is 10.
max-graceful-termination-sec
Type: STRING
Provider name: max-graceful-termination-sec
Description: The default is 600.
max-node-provision-time
Type: STRING
Provider name: max-node-provision-time
Description: The default is ‘15m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
max-total-unready-percentage
Type: STRING
Provider name: max-total-unready-percentage
Description: The default is 45. The maximum is 100 and the minimum is 0.
new-pod-scale-up-delay
Type: STRING
Provider name: new-pod-scale-up-delay
Description: For scenarios like burst/batch scale where you don’t want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they’re a certain age. The default is ‘0s’. Values must be an integer followed by a unit (’s’ for seconds, ’m’ for minutes, ‘h’ for hours, etc).
ok-total-unready-count
Type: STRING
Provider name: ok-total-unready-count
Description: This must be an integer. The default is 3.
scale-down-delay-after-add
Type: STRING
Provider name: scale-down-delay-after-add
Description: The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
scale-down-delay-after-delete
Type: STRING
Provider name: scale-down-delay-after-delete
Description: The default is the scan-interval. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
scale-down-delay-after-failure
Type: STRING
Provider name: scale-down-delay-after-failure
Description: The default is ‘3m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
scale-down-unneeded-time
Type: STRING
Provider name: scale-down-unneeded-time
Description: The default is ‘10m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
scale-down-unready-time
Type: STRING
Provider name: scale-down-unready-time
Description: The default is ‘20m’. Values must be an integer followed by an ’m’. No unit of time other than minutes (m) is supported.
scale-down-utilization-threshold
Type: STRING
Provider name: scale-down-utilization-threshold
Description: The default is ‘0.5’.
scan-interval
Type: STRING
Provider name: scan-interval
Description: The default is ‘10’. Values must be an integer number of seconds.
skip-nodes-with-local-storage
Type: STRING
Provider name: skip-nodes-with-local-storage
Description: The default is true.
skip-nodes-with-system-pods
Type: STRING
Provider name: skip-nodes-with-system-pods
Description: The default is true.
auto_upgrade_profile
Type: STRUCT
Provider name: properties.autoUpgradeProfile
Description: The auto upgrade configuration.
node_os_upgrade_channel
Type: STRING
Provider name: nodeOSUpgradeChannel
Description: Manner in which the OS on your nodes is updated. The default is NodeImage.
upgrade_channel
Type: STRING
Provider name: upgradeChannel
Description: For more information see setting the AKS cluster auto-upgrade channel.
azure_monitor_profile
Type: STRUCT
Provider name: properties.azureMonitorProfile
metrics
Type: STRUCT
Provider name: metrics
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable or disable the Azure Managed Prometheus addon for Prometheus monitoring. See aka.ms/AzureManagedPrometheus-aks-enable for details on enabling and disabling.
kube_state_metrics
Type: STRUCT
Provider name: kubeStateMetrics
metric_annotations_allow_list
Type: STRING
Provider name: metricAnnotationsAllowList
Description: Comma-separated list of Kubernetes annotation keys that will be used in the resource’s labels metric (Example: ’namespaces=[kubernetes.io/team,…],pods=[kubernetes.io/team],…’). By default the metric contains only resource name and namespace labels.
metric_labels_allowlist
Type: STRING
Provider name: metricLabelsAllowlist
Description: Comma-separated list of additional Kubernetes label keys that will be used in the resource’s labels metric (Example: ’namespaces=[k8s-label-1,k8s-label-n,…],pods=[app],…’). By default the metric contains only resource name and namespace labels.
azure_portal_fqdn
Type: STRING
Provider name: properties.azurePortalFQDN
Description: The Azure Portal requires certain Cross-Origin Resource Sharing (CORS) headers to be sent in some responses, which Kubernetes APIServer doesn’t handle by default. This special FQDN supports CORS, allowing the Azure Portal to function properly.
bootstrap_profile
Type: STRUCT
Provider name: properties.bootstrapProfile
Description: Profile of the cluster bootstrap configuration.
artifact_source
Type: STRING
Provider name: artifactSource
Description: The source where the artifacts are downloaded from.
container_registry_id
Type: STRING
Provider name: containerRegistryId
Description: The resource Id of Azure Container Registry. The registry must have private network access, premium SKU and zone redundancy.
current_kubernetes_version
Type: STRING
Provider name: properties.currentKubernetesVersion
Description: If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.
disable_local_accounts
Type: BOOLEAN
Provider name: properties.disableLocalAccounts
Description: If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. For more details see disable local accounts.
disk_encryption_set_id
Type: STRING
Provider name: properties.diskEncryptionSetID
Description: This is of the form: ‘/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/diskEncryptionSets/{encryptionSetName}’
dns_prefix
Type: STRING
Provider name: properties.dnsPrefix
Description: This cannot be updated once the Managed Cluster has been created.
e_tag
Type: STRING
Provider name: eTag
Description: Unique read-only string used to implement optimistic concurrency. The eTag value will change when the resource is updated. Specify an if-match or if-none-match header with the eTag value for a subsequent request to enable optimistic concurrency per the normal etag convention.
enable_pod_security_policy
Type: BOOLEAN
Provider name: properties.enablePodSecurityPolicy
Description: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and https://aka.ms/aks/psp.
enable_rbac
Type: BOOLEAN
Provider name: properties.enableRBAC
Description: Whether to enable Kubernetes Role-Based Access Control.
fqdn
Type: STRING
Provider name: properties.fqdn
Description: The FQDN of the master pool.
fqdn_subdomain
Type: STRING
Provider name: properties.fqdnSubdomain
Description: This cannot be updated once the Managed Cluster has been created.
http_proxy_config
Type: STRUCT
Provider name: properties.httpProxyConfig
Description: Configurations for provisioning the cluster with HTTP proxy servers.
http_proxy
Type: STRING
Provider name: httpProxy
Description: The HTTP proxy server endpoint to use.
https_proxy
Type: STRING
Provider name: httpsProxy
Description: The HTTPS proxy server endpoint to use.
no_proxy
Type: UNORDERED_LIST_STRING
Provider name: noProxy
Description: The endpoints that should not go through proxy.
trusted_ca
Type: STRING
Provider name: trustedCa
Description: Alternative CA cert to use for connecting to proxy servers.
id
Type: STRING
Provider name: id
Description: Fully qualified resource ID for the resource. E.g. “/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
identity
Type: STRUCT
Provider name: identity
Description: The identity of the managed cluster, if configured.
principal_id
Type: STRING
Provider name: principalId
Description: The principal id of the system assigned identity which is used by master components.
tenant_id
Type: STRING
Provider name: tenantId
Description: The tenant id of the system assigned identity which is used by master components.
type
Type: STRING
Provider name: type
Description: For more information see use managed identities in AKS.
ingress_profile
Type: STRUCT
Provider name: properties.ingressProfile
Description: Ingress profile for the managed cluster.
web_app_routing
Type: STRUCT
Provider name: webAppRouting
Description: App Routing settings for the ingress profile. You can find an overview and onboarding guide for this feature at https://learn.microsoft.com/en-us/azure/aks/app-routing?tabs=default%2Cdeploy-app-default.
dns_zone_resource_ids
Type: UNORDERED_LIST_STRING
Provider name: dnsZoneResourceIds
Description: Resource IDs of the DNS zones to be associated with the Application Routing add-on. Used only when Application Routing add-on is enabled. Public and private DNS zones can be in different resource groups, but all public DNS zones must be in the same resource group and all private DNS zones must be in the same resource group.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable the Application Routing add-on.
identity
Type: STRUCT
Provider name: identity
Description: Managed identity of the Application Routing add-on. This is the identity that should be granted permissions, for example, to manage the associated Azure DNS resource and get certificates from Azure Key Vault. See this overview of the add-on for more instructions.
client_id
Type: STRING
Provider name: clientId
Description: The client ID of the user assigned identity.
object_id
Type: STRING
Provider name: objectId
Description: The object ID of the user assigned identity.
resource_id
Type: STRING
Provider name: resourceId
Description: The resource ID of the user assigned identity.
nginx
Type: STRUCT
Provider name: nginx
Description: Configuration for the default NginxIngressController. See more at https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration#the-default-nginx-ingress-controller.
default_ingress_controller_type
Type: STRING
Provider name: defaultIngressControllerType
Description: Ingress type for the default NginxIngressController custom resource
kubernetes_version
Type: STRING
Provider name: properties.kubernetesVersion
Description: Both patch version <major.minor.patch> (e.g. 1.20.13) and <major.minor> (e.g. 1.20) are supported. When <major.minor> is specified, the latest supported GA patch version is chosen automatically. Updating the cluster with the same <major.minor> once it has been created (e.g. 1.14.x -> 1.14) will not trigger an upgrade, even if a newer patch version is available. When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x -> 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See upgrading an AKS cluster for more details.
linux_profile
Type: STRUCT
Provider name: properties.linuxProfile
Description: The profile for Linux VMs in the Managed Cluster.
admin_username
Type: STRING
Provider name: adminUsername
Description: The administrator username to use for Linux VMs.
ssh
Type: STRUCT
Provider name: ssh
Description: The SSH configuration for Linux-based VMs running on Azure.
public_keys
Type: UNORDERED_LIST_STRUCT
Provider name: publicKeys
Description: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.
key_data
Type: STRING
Provider name: keyData
Description: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or without headers.
location
Type: STRING
Provider name: location
Description: The geo-location where the resource lives
max_agent_pools
Type: INT64
Provider name: properties.maxAgentPools
Description: The max number of agent pools for the managed cluster.
metrics_profile
Type: STRUCT
Provider name: properties.metricsProfile
Description: Optional cluster metrics configuration.
cost_analysis
Type: STRUCT
Provider name: costAnalysis
enabled
Type: BOOLEAN
Provider name: enabled
Description: The Managed Cluster sku.tier must be set to ‘Standard’ or ‘Premium’ to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. If not specified, the default is false. For more information see aka.ms/aks/docs/cost-analysis.
name
Type: STRING
Provider name: name
Description: The name of the resource
network_profile
Type: STRUCT
Provider name: properties.networkProfile
Description: The network configuration profile.
advanced_networking
Type: STRUCT
Provider name: advancedNetworking
enabled
Type: BOOLEAN
Provider name: enabled
Description: Indicates the enablement of Advanced Networking functionalities of observability and security on AKS clusters. When this is set to true, all observability and security features will be set to enabled unless explicitly disabled. If not specified, the default is false.
observability
Type: STRUCT
Provider name: observability
enabled
Type: BOOLEAN
Provider name: enabled
Description: Indicates the enablement of Advanced Networking observability functionalities on clusters.
security
Type: STRUCT
Provider name: security
enabled
Type: BOOLEAN
Provider name: enabled
Description: This feature allows user to configure network policy based on DNS (FQDN) names. It can be enabled only on cilium based clusters. If not specified, the default is false.
dns_service_ip
Type: STRING
Provider name: dnsServiceIP
Description: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr.
ip_families
Type: UNORDERED_LIST_STRING
Provider name: ipFamilies
Description: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value is IPv4. For dual-stack, the expected values are IPv4 and IPv6.
load_balancer_profile
Type: STRUCT
Provider name: loadBalancerProfile
Description: Profile of the cluster load balancer.
allocated_outbound_ports
Type: INT32
Provider name: allocatedOutboundPorts
Description: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
backend_pool_type
Type: STRING
Provider name: backendPoolType
Description: The type of the managed inbound Load Balancer BackendPool.
effective_outbound_ips
Type: UNORDERED_LIST_STRUCT
Provider name: effectiveOutboundIPs
Description: The effective outbound IP resources of the cluster load balancer.
id
Type: STRING
Provider name: id
Description: The fully qualified Azure resource id.
enable_multiple_standard_load_balancers
Type: BOOLEAN
Provider name: enableMultipleStandardLoadBalancers
Description: Enable multiple standard load balancers per AKS cluster or not.
idle_timeout_in_minutes
Type: INT32
Provider name: idleTimeoutInMinutes
Description: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 30 minutes.
managed_outbound_ips
Type: STRUCT
Provider name: managedOutboundIPs
Description: Desired managed outbound IPs for the cluster load balancer.
count
Type: INT32
Provider name: count
Description: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 1.
count_i_pv6
Type: INT32
Provider name: countIPv6
Description: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
outbound_ip_prefixes
Type: STRUCT
Provider name: outboundIPPrefixes
Description: Desired outbound IP Prefix resources for the cluster load balancer.
public_ip_prefixes
Type: UNORDERED_LIST_STRUCT
Provider name: publicIPPrefixes
Description: A list of public IP prefix resources.
id
Type: STRING
Provider name: id
Description: The fully qualified Azure resource id.
outbound_ips
Type: STRUCT
Provider name: outboundIPs
Description: Desired outbound IP resources for the cluster load balancer.
public_ips
Type: UNORDERED_LIST_STRUCT
Provider name: publicIPs
Description: A list of public IP resources.
id
Type: STRING
Provider name: id
Description: The fully qualified Azure resource id.
load_balancer_sku
Type: STRING
Provider name: loadBalancerSku
Description: The default is ‘standard’. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
nat_gateway_profile
Type: STRUCT
Provider name: natGatewayProfile
Description: Profile of the cluster NAT gateway.
effective_outbound_ips
Type: UNORDERED_LIST_STRUCT
Provider name: effectiveOutboundIPs
Description: The effective outbound IP resources of the cluster NAT gateway.
id
Type: STRING
Provider name: id
Description: The fully qualified Azure resource id.
idle_timeout_in_minutes
Type: INT32
Provider name: idleTimeoutInMinutes
Description: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.
managed_outbound_ip_profile
Type: STRUCT
Provider name: managedOutboundIPProfile
Description: Profile of the managed outbound IP resources of the cluster NAT gateway.
count
Type: INT32
Provider name: count
Description: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1.
network_dataplane
Type: STRING
Provider name: networkDataplane
Description: Network dataplane used in the Kubernetes cluster.
network_mode
Type: STRING
Provider name: networkMode
Description: This cannot be specified if networkPlugin is anything other than ‘azure’.
network_plugin
Type: STRING
Provider name: networkPlugin
Description: Network plugin used for building the Kubernetes network.
network_plugin_mode
Type: STRING
Provider name: networkPluginMode
Description: The mode the network plugin should use.
network_policy
Type: STRING
Provider name: networkPolicy
Description: Network policy used for building the Kubernetes network.
outbound_type
Type: STRING
Provider name: outboundType
Description: This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.
pod_cidr
Type: STRING
Provider name: podCidr
Description: A CIDR notation IP range from which to assign pod IPs when kubenet is used.
pod_cidrs
Type: UNORDERED_LIST_STRING
Provider name: podCidrs
Description: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking.
service_cidr
Type: STRING
Provider name: serviceCidr
Description: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges.
service_cidrs
Type: UNORDERED_LIST_STRING
Provider name: serviceCidrs
Description: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is expected for dual-stack networking. They must not overlap with any Subnet IP ranges.
node_resource_group
Type: STRING
Provider name: properties.nodeResourceGroup
Description: The name of the resource group containing agent pool nodes.
node_resource_group_profile
Type: STRUCT
Provider name: properties.nodeResourceGroupProfile
Description: Profile of the node resource group configuration.
restriction_level
Type: STRING
Provider name: restrictionLevel
Description: The restriction level applied to the cluster’s node resource group. If not specified, the default is ‘Unrestricted’
oidc_issuer_profile
Type: STRUCT
Provider name: properties.oidcIssuerProfile
Description: The OIDC issuer profile of the Managed Cluster.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether the OIDC issuer is enabled.
issuer_url
Type: STRING
Provider name: issuerURL
Description: The OIDC issuer url of the Managed Cluster.
pod_identity_profile
Type: STRUCT
Provider name: properties.podIdentityProfile
Description: See use AAD pod identity for more details on AAD pod identity integration.
allow_network_plugin_kubenet
Type: BOOLEAN
Provider name: allowNetworkPluginKubenet
Description: Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. See using Kubenet network plugin with AAD Pod Identity for more information.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether the pod identity addon is enabled.
user_assigned_identities
Type: UNORDERED_LIST_STRUCT
Provider name: userAssignedIdentities
Description: The pod identities to use in the cluster.
binding_selector
Type: STRING
Provider name: bindingSelector
Description: The binding selector to use for the AzureIdentityBinding resource.
identity
Type: STRUCT
Provider name: identity
Description: The user assigned identity details.
client_id
Type: STRING
Provider name: clientId
Description: The client ID of the user assigned identity.
object_id
Type: STRING
Provider name: objectId
Description: The object ID of the user assigned identity.
resource_id
Type: STRING
Provider name: resourceId
Description: The resource ID of the user assigned identity.
name
Type: STRING
Provider name: name
Description: The name of the pod identity.
namespace
Type: STRING
Provider name: namespace
Description: The namespace of the pod identity.
provisioning_info
Type: STRUCT
Provider name: provisioningInfo
error
Type: STRUCT
Provider name: error
Description: Pod identity assignment error (if any).
provisioning_state
Type: STRING
Provider name: provisioningState
Description: The current provisioning state of the pod identity.
user_assigned_identity_exceptions
Type: UNORDERED_LIST_STRUCT
Provider name: userAssignedIdentityExceptions
Description: The pod identity exceptions to allow.
name
Type: STRING
Provider name: name
Description: The name of the pod identity exception.
namespace
Type: STRING
Provider name: namespace
Description: The namespace of the pod identity exception.
power_state
Type: STRUCT
Provider name: properties.powerState
Description: The Power State of the cluster.
code
Type: STRING
Provider name: code
Description: Tells whether the cluster is Running or Stopped
private_fqdn
Type: STRING
Provider name: properties.privateFQDN
Description: The FQDN of private cluster.
private_link_resources
Type: UNORDERED_LIST_STRUCT
Provider name: properties.privateLinkResources
Description: Private link resources associated with the cluster.
group_id
Type: STRING
Provider name: groupId
Description: The group ID of the resource.
id
Type: STRING
Provider name: id
Description: The ID of the private link resource.
name
Type: STRING
Provider name: name
Description: The name of the private link resource.
private_link_service_id
Type: STRING
Provider name: privateLinkServiceID
Description: The private link service ID of the resource, this field is exposed only to NRP internally.
required_members
Type: UNORDERED_LIST_STRING
Provider name: requiredMembers
Description: The RequiredMembers of the resource
type
Type: STRING
Provider name: type
Description: The resource type.
provisioning_state
Type: STRING
Provider name: properties.provisioningState
Description: The current provisioning state.
public_network_access
Type: STRING
Provider name: properties.publicNetworkAccess
Description: Allow or deny public network access for AKS
resource_group
Type: STRING
resource_uid
Type: STRING
Provider name: properties.resourceUID
Description: The resourceUID uniquely identifies ManagedClusters that reuse ARM ResourceIds (i.e: create, delete, create sequence)
security_profile
Type: STRUCT
Provider name: properties.securityProfile
Description: Security profile for the managed cluster.
azure_key_vault_kms
Type: STRUCT
Provider name: azureKeyVaultKms
Description: Azure Key Vault key management service settings for the security profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable Azure Key Vault key management service. The default is false.
key_id
Type: STRING
Provider name: keyId
Description: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty.
key_vault_network_access
Type: STRING
Provider name: keyVaultNetworkAccess
Description: Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.
key_vault_resource_id
Type: STRING
Provider name: keyVaultResourceId
Description: Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is Public, leave the field empty.
custom_ca_trust_certificates
Type: UNORDERED_LIST_STRING
Provider name: customCATrustCertificates
Description: A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in the cluster. For more information see Custom CA Trust Certificates.
defender
Type: STRUCT
Provider name: defender
Description: Microsoft Defender settings for the security profile.
log_analytics_workspace_resource_id
Type: STRING
Provider name: logAnalyticsWorkspaceResourceId
Description: Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty.
security_monitoring
Type: STRUCT
Provider name: securityMonitoring
Description: Microsoft Defender threat detection for Cloud settings for the security profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable Defender threat detection
image_cleaner
Type: STRUCT
Provider name: imageCleaner
Description: Image Cleaner settings for the security profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable Image Cleaner on AKS cluster.
interval_hours
Type: INT32
Provider name: intervalHours
Description: Image Cleaner scanning interval in hours.
workload_identity
Type: STRUCT
Provider name: workloadIdentity
Description: Workload identity settings for the security profile. Workload identity enables Kubernetes applications to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable workload identity.
service_mesh_profile
Type: STRUCT
Provider name: properties.serviceMeshProfile
istio
Type: STRUCT
Provider name: istio
certificate_authority
Type: STRUCT
Provider name: certificateAuthority
plugin
Type: STRUCT
Provider name: plugin
cert_chain_object_name
Type: STRING
Provider name: certChainObjectName
Description: Certificate chain object name in Azure Key Vault.
cert_object_name
Type: STRING
Provider name: certObjectName
Description: Intermediate certificate object name in Azure Key Vault.
key_object_name
Type: STRING
Provider name: keyObjectName
Description: Intermediate certificate private key object name in Azure Key Vault.
key_vault_id
Type: STRING
Provider name: keyVaultId
Description: The resource ID of the Key Vault.
root_cert_object_name
Type: STRING
Provider name: rootCertObjectName
Description: Root certificate object name in Azure Key Vault.
components
Type: STRUCT
Provider name: components
egress_gateways
Type: UNORDERED_LIST_STRUCT
Provider name: egressGateways
Description: Istio egress gateways.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable the egress gateway.
ingress_gateways
Type: UNORDERED_LIST_STRUCT
Provider name: ingressGateways
Description: Istio ingress gateways.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable the ingress gateway.
mode
Type: STRING
Provider name: mode
Description: Mode of an ingress gateway.
revisions
Type: UNORDERED_LIST_STRING
Provider name: revisions
Description: The list of revisions of the Istio control plane. When an upgrade is not in progress, this holds one value. When canary upgrade is in progress, this can only hold two consecutive values. For more information, see: https://learn.microsoft.com/en-us/azure/aks/istio-upgrade
mode
Type: STRING
Provider name: mode
Description: Mode of the service mesh.
service_principal_profile
Type: STRUCT
Provider name: properties.servicePrincipalProfile
Description: Information about a service principal identity for the cluster to use for manipulating Azure APIs.
client_id
Type: STRING
Provider name: clientId
Description: The ID for the service principal.
secret
Type: STRING
Provider name: secret
Description: The secret password associated with the service principal in plain text.
sku
Type: STRUCT
Provider name: sku
Description: The managed cluster SKU.
name
Type: STRING
Provider name: name
Description: The name of a managed cluster SKU.
tier
Type: STRING
Provider name: tier
Description: If not specified, the default is ‘Free’. See AKS Pricing Tier for more details.
storage_profile
Type: STRUCT
Provider name: properties.storageProfile
Description: Storage profile for the managed cluster.
blob_csi_driver
Type: STRUCT
Provider name: blobCSIDriver
Description: AzureBlob CSI Driver settings for the storage profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable AzureBlob CSI Driver. The default value is false.
disk_csi_driver
Type: STRUCT
Provider name: diskCSIDriver
Description: AzureDisk CSI Driver settings for the storage profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable AzureDisk CSI Driver. The default value is true.
file_csi_driver
Type: STRUCT
Provider name: fileCSIDriver
Description: AzureFile CSI Driver settings for the storage profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable AzureFile CSI Driver. The default value is true.
snapshot_controller
Type: STRUCT
Provider name: snapshotController
Description: Snapshot Controller settings for the storage profile.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable Snapshot Controller. The default value is true.
subscription_id
Type: STRING
subscription_name
Type: STRING
support_plan
Type: STRING
Provider name: properties.supportPlan
Description: The support plan for the Managed Cluster. If unspecified, the default is ‘KubernetesOfficial’.
system_data
Type: STRUCT
Provider name: systemData
Description: Azure Resource Manager metadata containing createdBy and modifiedBy information.
created_at
Type: STRING
Provider name: createdAt
Description: The timestamp of resource creation (UTC).
created_by
Type: STRING
Provider name: createdBy
Description: The identity that created the resource.
created_by_type
Type: STRING
Provider name: createdByType
Description: The type of identity that created the resource.
last_modified_at
Type: STRING
Provider name: lastModifiedAt
Description: The timestamp of resource last modification (UTC)
last_modified_by
Type: STRING
Provider name: lastModifiedBy
Description: The identity that last modified the resource.
last_modified_by_type
Type: STRING
Provider name: lastModifiedByType
Description: The type of identity that last modified the resource.
Type: UNORDERED_LIST_STRING
type
Type: STRING
Provider name: type
Description: The type of the resource. E.g. “Microsoft.Compute/virtualMachines” or “Microsoft.Storage/storageAccounts”
upgrade_settings
Type: STRUCT
Provider name: properties.upgradeSettings
Description: Settings for upgrading a cluster.
override_settings
Type: STRUCT
Provider name: overrideSettings
Description: Settings for overrides.
force_upgrade
Type: BOOLEAN
Provider name: forceUpgrade
Description: Whether to force upgrade the cluster. Note that this option instructs upgrade operation to bypass upgrade protections such as checking for deprecated API usage. Enable this option only with caution.
until
Type: STRING
Provider name: until
Description: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the effectiveness won’t change once an upgrade starts even if the until expires as upgrade proceeds. This field is not set by default. It must be set for the overrides to take effect.
windows_profile
Type: STRUCT
Provider name: properties.windowsProfile
Description: The profile for Windows VMs in the Managed Cluster.
admin_password
Type: STRING
Provider name: adminPassword
Description: Specifies the password of the administrator account.
Minimum-length: 8 characters
Max-length: 123 characters
Complexity requirements: 3 out of 4 conditions below need to be fulfilled
Has lower characters
Has upper characters
Has a digit
Has a special character (Regex match [\W_])
Disallowed values: “abc@123”, “P@$$w0rd”, “P@ssw0rd”, “P@ssword123”, “Pa$$word”, “pass@word1”, “Password!”, “Password1”, “Password22”, “iloveyou!"
admin_username
Type: STRING
Provider name: adminUsername
Description: Specifies the name of the administrator account.
Restriction: Cannot end in “.”
Disallowed values: “administrator”, “admin”, “user”, “user1”, “test”, “user2”, “test1”, “user3”, “admin1”, “1”, “123”, “a”, “actuser”, “adm”, “admin2”, “aspnet”, “backup”, “console”, “david”, “guest”, “john”, “owner”, “root”, “server”, “sql”, “support”, “support_388945a0”, “sys”, “test2”, “test3”, “user4”, “user5”.
Minimum-length: 1 character
Max-length: 20 characters
enable_csi_proxy
Type: BOOLEAN
Provider name: enableCSIProxy
Description: For more details on CSI proxy, see the CSI proxy GitHub repo.
gmsa_profile
Type: STRUCT
Provider name: gmsaProfile
Description: The Windows gMSA Profile in the Managed Cluster.
dns_server
Type: STRING
Provider name: dnsServer
Description: Specifies the DNS server for Windows gMSA.
Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.
enabled
Type: BOOLEAN
Provider name: enabled
Description: Specifies whether to enable Windows gMSA in the managed cluster.
root_domain_name
Type: STRING
Provider name: rootDomainName
Description: Specifies the root domain name for Windows gMSA.
Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.
license_type
Type: STRING
Provider name: licenseType
Description: The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
workload_auto_scaler_profile
Type: STRUCT
Provider name: properties.workloadAutoScalerProfile
keda
Type: STRUCT
Provider name: keda
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable KEDA.
vertical_pod_autoscaler
Type: STRUCT
Provider name: verticalPodAutoscaler
enabled
Type: BOOLEAN
Provider name: enabled
Description: Whether to enable VPA. Default value is false.
