KubernetesCluster is the Schema for the KubernetesClusters API. Manages a managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service)
Type
CRD
Group
containerservice.azure.upbound.io
Version
v1beta1
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
KubernetesClusterSpec defines the desired state of KubernetesCluster
No description provided.
A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
Reference to a Subnet in network to populate subnetName.
Policies for referencing.
Selector for a Subnet in network to populate subnetName.
Policies for selection.
An api_server_access_profile block as defined below.
Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
Deprecated in favor of spec.forProvider.apiServerAccessProfile[0].authorizedIpRanges
A auto_scaler_profile block as defined below.
A azure_active_directory_role_based_access_control block as defined below.
A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
A confidential_computing block as defined below. For more details please the documentation
A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the custom_ca_trust_enabled feature enabled.
A default_node_pool block as defined below.
A kubelet_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
Specifies the allow list of unsafe sysctls command or patterns (ending in *).
A linux_os_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
A sysctl_config block as defined below.
A node_network_profile block as documented below.
A list of Application Security Group IDs which should be associated with this Node Pool.
No description provided.
Reference to a Subnet in network to populate podSubnetId.
Policies for referencing.
Selector for a Subnet in network to populate podSubnetId.
Policies for selection.
A upgrade_settings block as documented below.
Reference to a Subnet in network to populate vnetSubnetId.
Policies for referencing.
Selector for a Subnet in network to populate vnetSubnetId.
Policies for selection.
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. temporary_name_for_rotation must be specified when changing this property.
A http_proxy_config block as defined below.
The list of domains that will not use the proxy for communication.
An identity block as defined below. One of either identity or service_principal must be specified.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
An ingress_application_gateway block as defined below.
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.
A key_vault_secrets_provider block as defined below.
A kubelet_identity block as defined below.
A linux_profile block as defined below.
A maintenance_window block as defined below.
A microsoft_defender block as defined below.
Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.
A network_profile block as defined below.
Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created.
A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.
The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
A nat_gateway_profile block as defined below. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway. Changing this forces a new resource to be created.
A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
An oms_agent block as defined below.
Reference to a PrivateDNSZone in network to populate privateDnsZoneId.
Policies for referencing.
Selector for a PrivateDNSZone in network to populate privateDnsZoneId.
Policies for selection.
Reference to a ResourceGroup in azure to populate resourceGroupName.
Policies for referencing.
Selector for a ResourceGroup in azure to populate resourceGroupName.
Policies for selection.
A service_mesh_profile block as defined below.
A service_principal block as documented below. One of either identity or service_principal must be specified.
A storage_profile block as defined below.
A web_app_routing block as defined below.
A windows_profile block as defined below.
A gmsa block as defined below.
A workload_autoscaler_profile block defined below.
THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.
A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
Reference to a Subnet in network to populate subnetName.
Policies for referencing.
Selector for a Subnet in network to populate subnetName.
Policies for selection.
An api_server_access_profile block as defined below.
Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
Deprecated in favor of spec.forProvider.apiServerAccessProfile[0].authorizedIpRanges
A auto_scaler_profile block as defined below.
A azure_active_directory_role_based_access_control block as defined below.
A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
A confidential_computing block as defined below. For more details please the documentation
A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the custom_ca_trust_enabled feature enabled.
A default_node_pool block as defined below.
A kubelet_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
Specifies the allow list of unsafe sysctls command or patterns (ending in *).
A linux_os_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
A sysctl_config block as defined below.
A node_network_profile block as documented below.
A list of Application Security Group IDs which should be associated with this Node Pool.
No description provided.
Reference to a Subnet in network to populate podSubnetId.
Policies for referencing.
Selector for a Subnet in network to populate podSubnetId.
Policies for selection.
A upgrade_settings block as documented below.
Reference to a Subnet in network to populate vnetSubnetId.
Policies for referencing.
Selector for a Subnet in network to populate vnetSubnetId.
Policies for selection.
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. temporary_name_for_rotation must be specified when changing this property.
A http_proxy_config block as defined below.
The list of domains that will not use the proxy for communication.
An identity block as defined below. One of either identity or service_principal must be specified.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
An ingress_application_gateway block as defined below.
Reference to a Subnet in network to populate subnetId.
Policies for referencing.
Selector for a Subnet in network to populate subnetId.
Policies for selection.
A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.
A key_vault_secrets_provider block as defined below.
A kubelet_identity block as defined below.
A linux_profile block as defined below.
A maintenance_window block as defined below.
A microsoft_defender block as defined below.
Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.
A network_profile block as defined below.
Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created.
A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.
The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
A nat_gateway_profile block as defined below. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway. Changing this forces a new resource to be created.
A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
An oms_agent block as defined below.
Reference to a PrivateDNSZone in network to populate privateDnsZoneId.
Policies for referencing.
Selector for a PrivateDNSZone in network to populate privateDnsZoneId.
Policies for selection.
A service_mesh_profile block as defined below.
A service_principal block as documented below. One of either identity or service_principal must be specified.
A storage_profile block as defined below.
A web_app_routing block as defined below.
A windows_profile block as defined below.
A gmsa block as defined below.
A workload_autoscaler_profile block defined below.
THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md
ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.
Policies for referencing.
PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.
WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.
KubernetesClusterStatus defines the observed state of KubernetesCluster.
No description provided.
A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
A connector_identity block is exported. The exported attributes are defined below.
An api_server_access_profile block as defined below.
Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
Deprecated in favor of spec.forProvider.apiServerAccessProfile[0].authorizedIpRanges
A auto_scaler_profile block as defined below.
A azure_active_directory_role_based_access_control block as defined below.
A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
A confidential_computing block as defined below. For more details please the documentation
A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the custom_ca_trust_enabled feature enabled.
A default_node_pool block as defined below.
A kubelet_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
Specifies the allow list of unsafe sysctls command or patterns (ending in *).
A linux_os_config block as defined below. temporary_name_for_rotation must be specified when changing this block.
A sysctl_config block as defined below.
A node_network_profile block as documented below.
A list of Application Security Group IDs which should be associated with this Node Pool.
No description provided.
A upgrade_settings block as documented below.
Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. temporary_name_for_rotation must be specified when changing this property.
A http_proxy_config block as defined below.
The list of domains that will not use the proxy for communication.
An identity block as defined below. One of either identity or service_principal must be specified.
Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
An ingress_application_gateway block as defined below.
An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.
A key_vault_secrets_provider block as defined below.
An secret_identity block is exported. The exported attributes are defined below.
A kubelet_identity block as defined below.
A linux_profile block as defined below.
A maintenance_window block as defined below.
A microsoft_defender block as defined below.
Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.
A network_profile block as defined below.
Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created.
A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.
The outcome (resource IDs) of the specified arguments.
The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
A nat_gateway_profile block as defined below. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway. Changing this forces a new resource to be created.
The outcome (resource IDs) of the specified arguments.
A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.
An oms_agent block as defined below.
An oms_agent_identity block is exported. The exported attributes are defined below.
A service_mesh_profile block as defined below.
A service_principal block as documented below. One of either identity or service_principal must be specified.
A storage_profile block as defined below.
A web_app_routing block as defined below.
A web_app_routing_identity block is exported. The exported attributes are defined below.
A windows_profile block as defined below.
A gmsa block as defined below.
A workload_autoscaler_profile block defined below.
Conditions of the resource.
example
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
metadata:
labels:
testing.upbound.io/example-name: example
name: example
spec:
forProvider:
apiServerAccessProfile:
- authorizedIpRanges:
- 192.168.1.0/24
defaultNodePool:
- name: default
nodeCount: 1
vmSize: Standard_D2_v2
dnsPrefix: exampleaks1
identity:
- type: SystemAssigned
location: West Europe
resourceGroupNameSelector:
matchLabels:
testing.upbound.io/example-name: example-containerservice
tags:
Environment: Production
© 2022 Upbound, Inc.
Discover the building blocksfor your internal cloud platform.