Azure Classic v5.43.0, May 6 23

We recommend using Azure Native.

Azure Classic v5.43.0 published on Saturday, May 6, 2023 by Pulumi

pulumi/pulumi-azure

azure.containerservice.KubernetesCluster

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.43.0 published on Saturday, May 6, 2023 by Pulumi

pulumi/pulumi-azure

Example Usage

This example provisions a basic Managed Kubernetes Cluster.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("exampleKubernetesCluster", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        DnsPrefix = "exampleaks1",
        DefaultNodePool = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolArgs
        {
            Name = "default",
            NodeCount = 1,
            VmSize = "Standard_D2_v2",
        },
        Identity = new Azure.ContainerService.Inputs.KubernetesClusterIdentityArgs
        {
            Type = "SystemAssigned",
        },
        Tags = 
        {
            { "Environment", "Production" },
        },
    });

    return new Dictionary<string, object?>
    {
        ["clientCertificate"] = exampleKubernetesCluster.KubeConfigs.Apply(kubeConfigs => kubeConfigs[0].ClientCertificate),
        ["kubeConfig"] = exampleKubernetesCluster.KubeConfigRaw,
    };
});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/containerservice"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleKubernetesCluster, err := containerservice.NewKubernetesCluster(ctx, "exampleKubernetesCluster", &containerservice.KubernetesClusterArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			DnsPrefix:         pulumi.String("exampleaks1"),
			DefaultNodePool: &containerservice.KubernetesClusterDefaultNodePoolArgs{
				Name:      pulumi.String("default"),
				NodeCount: pulumi.Int(1),
				VmSize:    pulumi.String("Standard_D2_v2"),
			},
			Identity: &containerservice.KubernetesClusterIdentityArgs{
				Type: pulumi.String("SystemAssigned"),
			},
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("Production"),
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("clientCertificate", exampleKubernetesCluster.KubeConfigs.ApplyT(func(kubeConfigs []containerservice.KubernetesClusterKubeConfig) (*string, error) {
			return &kubeConfigs[0].ClientCertificate, nil
		}).(pulumi.StringPtrOutput))
		ctx.Export("kubeConfig", exampleKubernetesCluster.KubeConfigRaw)
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.containerservice.KubernetesCluster;
import com.pulumi.azure.containerservice.KubernetesClusterArgs;
import com.pulumi.azure.containerservice.inputs.KubernetesClusterDefaultNodePoolArgs;
import com.pulumi.azure.containerservice.inputs.KubernetesClusterIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .dnsPrefix("exampleaks1")
            .defaultNodePool(KubernetesClusterDefaultNodePoolArgs.builder()
                .name("default")
                .nodeCount(1)
                .vmSize("Standard_D2_v2")
                .build())
            .identity(KubernetesClusterIdentityArgs.builder()
                .type("SystemAssigned")
                .build())
            .tags(Map.of("Environment", "Production"))
            .build());

        ctx.export("clientCertificate", exampleKubernetesCluster.kubeConfigs().applyValue(kubeConfigs -> kubeConfigs[0].clientCertificate()));
        ctx.export("kubeConfig", exampleKubernetesCluster.kubeConfigRaw());
    }
}

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_kubernetes_cluster = azure.containerservice.KubernetesCluster("exampleKubernetesCluster",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    dns_prefix="exampleaks1",
    default_node_pool=azure.containerservice.KubernetesClusterDefaultNodePoolArgs(
        name="default",
        node_count=1,
        vm_size="Standard_D2_v2",
    ),
    identity=azure.containerservice.KubernetesClusterIdentityArgs(
        type="SystemAssigned",
    ),
    tags={
        "Environment": "Production",
    })
pulumi.export("clientCertificate", example_kubernetes_cluster.kube_configs[0].client_certificate)
pulumi.export("kubeConfig", example_kubernetes_cluster.kube_config_raw)

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("exampleKubernetesCluster", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    dnsPrefix: "exampleaks1",
    defaultNodePool: {
        name: "default",
        nodeCount: 1,
        vmSize: "Standard_D2_v2",
    },
    identity: {
        type: "SystemAssigned",
    },
    tags: {
        Environment: "Production",
    },
});
export const clientCertificate = exampleKubernetesCluster.kubeConfigs.apply(kubeConfigs => kubeConfigs[0].clientCertificate);
export const kubeConfig = exampleKubernetesCluster.kubeConfigRaw;

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleKubernetesCluster:
    type: azure:containerservice:KubernetesCluster
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      dnsPrefix: exampleaks1
      defaultNodePool:
        name: default
        nodeCount: 1
        vmSize: Standard_D2_v2
      identity:
        type: SystemAssigned
      tags:
        Environment: Production
outputs:
  clientCertificate: ${exampleKubernetesCluster.kubeConfigs[0].clientCertificate}
  kubeConfig: ${exampleKubernetesCluster.kubeConfigRaw}

Create KubernetesCluster Resource

new KubernetesCluster(name: string, args: KubernetesClusterArgs, opts?: CustomResourceOptions);

@overload
def KubernetesCluster(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      aci_connector_linux: Optional[KubernetesClusterAciConnectorLinuxArgs] = None,
                      api_server_access_profile: Optional[KubernetesClusterApiServerAccessProfileArgs] = None,
                      api_server_authorized_ip_ranges: Optional[Sequence[str]] = None,
                      auto_scaler_profile: Optional[KubernetesClusterAutoScalerProfileArgs] = None,
                      automatic_channel_upgrade: Optional[str] = None,
                      azure_active_directory_role_based_access_control: Optional[KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs] = None,
                      azure_policy_enabled: Optional[bool] = None,
                      confidential_computing: Optional[KubernetesClusterConfidentialComputingArgs] = None,
                      default_node_pool: Optional[KubernetesClusterDefaultNodePoolArgs] = None,
                      disk_encryption_set_id: Optional[str] = None,
                      dns_prefix: Optional[str] = None,
                      dns_prefix_private_cluster: Optional[str] = None,
                      edge_zone: Optional[str] = None,
                      enable_pod_security_policy: Optional[bool] = None,
                      http_application_routing_enabled: Optional[bool] = None,
                      http_proxy_config: Optional[KubernetesClusterHttpProxyConfigArgs] = None,
                      identity: Optional[KubernetesClusterIdentityArgs] = None,
                      image_cleaner_enabled: Optional[bool] = None,
                      image_cleaner_interval_hours: Optional[int] = None,
                      ingress_application_gateway: Optional[KubernetesClusterIngressApplicationGatewayArgs] = None,
                      key_management_service: Optional[KubernetesClusterKeyManagementServiceArgs] = None,
                      key_vault_secrets_provider: Optional[KubernetesClusterKeyVaultSecretsProviderArgs] = None,
                      kubelet_identity: Optional[KubernetesClusterKubeletIdentityArgs] = None,
                      kubernetes_version: Optional[str] = None,
                      linux_profile: Optional[KubernetesClusterLinuxProfileArgs] = None,
                      local_account_disabled: Optional[bool] = None,
                      location: Optional[str] = None,
                      maintenance_window: Optional[KubernetesClusterMaintenanceWindowArgs] = None,
                      microsoft_defender: Optional[KubernetesClusterMicrosoftDefenderArgs] = None,
                      monitor_metrics: Optional[KubernetesClusterMonitorMetricsArgs] = None,
                      name: Optional[str] = None,
                      network_profile: Optional[KubernetesClusterNetworkProfileArgs] = None,
                      node_resource_group: Optional[str] = None,
                      oidc_issuer_enabled: Optional[bool] = None,
                      oms_agent: Optional[KubernetesClusterOmsAgentArgs] = None,
                      open_service_mesh_enabled: Optional[bool] = None,
                      private_cluster_enabled: Optional[bool] = None,
                      private_cluster_public_fqdn_enabled: Optional[bool] = None,
                      private_dns_zone_id: Optional[str] = None,
                      public_network_access_enabled: Optional[bool] = None,
                      resource_group_name: Optional[str] = None,
                      role_based_access_control_enabled: Optional[bool] = None,
                      run_command_enabled: Optional[bool] = None,
                      service_mesh_profile: Optional[KubernetesClusterServiceMeshProfileArgs] = None,
                      service_principal: Optional[KubernetesClusterServicePrincipalArgs] = None,
                      sku_tier: Optional[str] = None,
                      storage_profile: Optional[KubernetesClusterStorageProfileArgs] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      web_app_routing: Optional[KubernetesClusterWebAppRoutingArgs] = None,
                      windows_profile: Optional[KubernetesClusterWindowsProfileArgs] = None,
                      workload_autoscaler_profile: Optional[KubernetesClusterWorkloadAutoscalerProfileArgs] = None,
                      workload_identity_enabled: Optional[bool] = None)
@overload
def KubernetesCluster(resource_name: str,
                      args: KubernetesClusterArgs,
                      opts: Optional[ResourceOptions] = None)

func NewKubernetesCluster(ctx *Context, name string, args KubernetesClusterArgs, opts ...ResourceOption) (*KubernetesCluster, error)

public KubernetesCluster(string name, KubernetesClusterArgs args, CustomResourceOptions? opts = null)

public KubernetesCluster(String name, KubernetesClusterArgs args)
public KubernetesCluster(String name, KubernetesClusterArgs args, CustomResourceOptions options)

type: azure:containerservice:KubernetesCluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

KubernetesCluster Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The KubernetesCluster resource accepts the following input properties:

DefaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

ResourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

AciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

ApiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

ApiServerAuthorizedIpRanges List<string>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

AutoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

AutomaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

AzureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

AzurePolicyEnabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

ConfidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

DiskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

DnsPrefix string

DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.

DnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

EnablePodSecurityPolicy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

HttpApplicationRoutingEnabled bool

Should HTTP Application Routing be enabled?

HttpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

Identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

ImageCleanerEnabled bool

Specifies whether Image Cleaner is enabled.

ImageCleanerIntervalHours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

IngressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

KeyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

KeyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

KubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

KubernetesVersion string

Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.

LinuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

LocalAccountDisabled bool

If true local accounts will be disabled. See the documentation for more information.

Location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

MaintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

MicrosoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

MonitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

Name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

NetworkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

NodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

OidcIssuerEnabled bool

Enable or Disable the OIDC issuer URL

OmsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

OpenServiceMeshEnabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

PrivateClusterEnabled bool

Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.

PrivateClusterPublicFqdnEnabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

PrivateDnsZoneId string

Either the ID of Private DNS Zone which should be delegated to this Cluster, System to have AKS manage this or None. In case of None you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created.

PublicNetworkAccessEnabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

RoleBasedAccessControlEnabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

RunCommandEnabled bool

Whether to enable run command for the cluster or not. Defaults to true.

ServiceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

ServicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

SkuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

StorageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

WebAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

WindowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

WorkloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

WorkloadIdentityEnabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

DefaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

ResourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

AciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

ApiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

ApiServerAuthorizedIpRanges []string

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

AutoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

AutomaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

AzureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

AzurePolicyEnabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

ConfidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

DiskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

DnsPrefix string

DnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

EnablePodSecurityPolicy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

HttpApplicationRoutingEnabled bool

Should HTTP Application Routing be enabled?

HttpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

Identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

ImageCleanerEnabled bool

Specifies whether Image Cleaner is enabled.

ImageCleanerIntervalHours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

IngressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

KeyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

KeyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

KubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

KubernetesVersion string

LinuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

LocalAccountDisabled bool

If true local accounts will be disabled. See the documentation for more information.

Location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

MaintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

MicrosoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

MonitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

Name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

NetworkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

NodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

OidcIssuerEnabled bool

Enable or Disable the OIDC issuer URL

OmsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

OpenServiceMeshEnabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

PrivateClusterEnabled bool

PrivateClusterPublicFqdnEnabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

PrivateDnsZoneId string

PublicNetworkAccessEnabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

RoleBasedAccessControlEnabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

RunCommandEnabled bool

Whether to enable run command for the cluster or not. Defaults to true.

ServiceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

ServicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

SkuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

StorageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

Tags map[string]string

A mapping of tags to assign to the resource.

WebAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

WindowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

WorkloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

WorkloadIdentityEnabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

defaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

resourceGroupName String

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

aciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges List<String>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automaticChannelUpgrade String

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled Boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

diskEncryptionSetId String

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix String

dnsPrefixPrivateCluster String

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy Boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

httpApplicationRoutingEnabled Boolean

Should HTTP Application Routing be enabled?

httpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled Boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours Integer

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

keyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetesVersion String

linuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

localAccountDisabled Boolean

If true local accounts will be disabled. See the documentation for more information.

location String

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name String

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup String

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

oidcIssuerEnabled Boolean

Enable or Disable the OIDC issuer URL

omsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

openServiceMeshEnabled Boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

privateClusterEnabled Boolean

privateClusterPublicFqdnEnabled Boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId String

publicNetworkAccessEnabled Boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled Boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled Boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

servicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier String

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags Map<String,String>

A mapping of tags to assign to the resource.

webAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled Boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

defaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

resourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

aciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges string[]

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

diskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix string

dnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

httpApplicationRoutingEnabled boolean

Should HTTP Application Routing be enabled?

httpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours number

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

keyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetesVersion string

linuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

localAccountDisabled boolean

If true local accounts will be disabled. See the documentation for more information.

location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

oidcIssuerEnabled boolean

Enable or Disable the OIDC issuer URL

omsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

openServiceMeshEnabled boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

privateClusterEnabled boolean

privateClusterPublicFqdnEnabled boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId string

publicNetworkAccessEnabled boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

servicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

webAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

default_node_pool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

resource_group_name str

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

aci_connector_linux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

api_server_access_profile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

api_server_authorized_ip_ranges Sequence[str]

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

auto_scaler_profile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automatic_channel_upgrade str

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azure_active_directory_role_based_access_control KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azure_policy_enabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidential_computing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

disk_encryption_set_id str

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dns_prefix str

dns_prefix_private_cluster str

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edge_zone str

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enable_pod_security_policy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

http_application_routing_enabled bool

Should HTTP Application Routing be enabled?

http_proxy_config KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

image_cleaner_enabled bool

Specifies whether Image Cleaner is enabled.

image_cleaner_interval_hours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingress_application_gateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

key_management_service KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

key_vault_secrets_provider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubelet_identity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetes_version str

linux_profile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

local_account_disabled bool

If true local accounts will be disabled. See the documentation for more information.

location str

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenance_window KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoft_defender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitor_metrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name str

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

network_profile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

node_resource_group str

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

oidc_issuer_enabled bool

Enable or Disable the OIDC issuer URL

oms_agent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

open_service_mesh_enabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

private_cluster_enabled bool

private_cluster_public_fqdn_enabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

private_dns_zone_id str

public_network_access_enabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

role_based_access_control_enabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

run_command_enabled bool

Whether to enable run command for the cluster or not. Defaults to true.

service_mesh_profile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

service_principal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

sku_tier str

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storage_profile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

web_app_routing KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windows_profile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workload_autoscaler_profile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workload_identity_enabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

defaultNodePool Property Map

A default_node_pool block as defined below.

resourceGroupName String

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

aciConnectorLinux Property Map

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile Property Map

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges List<String>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile Property Map

A auto_scaler_profile block as defined below.

automaticChannelUpgrade String

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl Property Map

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled Boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing Property Map

A confidential_computing block as defined below. For more details please the documentation

diskEncryptionSetId String

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix String

dnsPrefixPrivateCluster String

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy Boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

httpApplicationRoutingEnabled Boolean

Should HTTP Application Routing be enabled?

httpProxyConfig Property Map

A http_proxy_config block as defined below.

identity Property Map

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled Boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours Number

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway Property Map

A ingress_application_gateway block as defined below.

keyManagementService Property Map

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider Property Map

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeletIdentity Property Map

A kubelet_identity block as defined below.

kubernetesVersion String

linuxProfile Property Map

A linux_profile block as defined below.

localAccountDisabled Boolean

If true local accounts will be disabled. See the documentation for more information.

location String

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow Property Map

A maintenance_window block as defined below.

microsoftDefender Property Map

A microsoft_defender block as defined below.

monitorMetrics Property Map

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name String

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile Property Map

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup String

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

oidcIssuerEnabled Boolean

Enable or Disable the OIDC issuer URL

omsAgent Property Map

A oms_agent block as defined below.

openServiceMeshEnabled Boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

privateClusterEnabled Boolean

privateClusterPublicFqdnEnabled Boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId String

publicNetworkAccessEnabled Boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled Boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled Boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile Property Map

A service_mesh_profile block as defined below.

servicePrincipal Property Map

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier String

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile Property Map

A storage_profile block as defined below.

tags Map<String>

A mapping of tags to assign to the resource.

webAppRouting Property Map

A web_app_routing block as defined below.

windowsProfile Property Map

A windows_profile block as defined below.

workloadAutoscalerProfile Property Map

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled Boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the KubernetesCluster resource produces the following output properties:

Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
HttpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.
Id string: The provider-assigned unique ID for this managed resource.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
KubeAdminConfigs List<KubernetesClusterKubeAdminConfig>: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools.
KubeConfigs List<KubernetesClusterKubeConfig>: A kube_config block as defined below.
NodeResourceGroupId string: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
OidcIssuerUrl string: The OIDC issuer URL that is associated with the cluster.
PortalFqdn string: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
HttpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.
Id string: The provider-assigned unique ID for this managed resource.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
KubeAdminConfigs []KubernetesClusterKubeAdminConfig: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools.
KubeConfigs []KubernetesClusterKubeConfig: A kube_config block as defined below.
NodeResourceGroupId string: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
OidcIssuerUrl string: The OIDC issuer URL that is associated with the cluster.
PortalFqdn string: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn String: The FQDN of the Azure Kubernetes Managed Cluster.
httpApplicationRoutingZoneName String: The Zone Name of the HTTP Application Routing.
id String: The provider-assigned unique ID for this managed resource.
kubeAdminConfigRaw String: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeAdminConfigs List<KubernetesClusterKubeAdminConfig>: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeConfigRaw String: Raw Kubernetes config to be used by kubectl and other compatible tools.
kubeConfigs List<KubernetesClusterKubeConfig>: A kube_config block as defined below.
nodeResourceGroupId String: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
oidcIssuerUrl String: The OIDC issuer URL that is associated with the cluster.
portalFqdn String: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
privateFqdn String: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
httpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.
id string: The provider-assigned unique ID for this managed resource.
kubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeAdminConfigs KubernetesClusterKubeAdminConfig[]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools.
kubeConfigs KubernetesClusterKubeConfig[]: A kube_config block as defined below.
nodeResourceGroupId string: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
oidcIssuerUrl string: The OIDC issuer URL that is associated with the cluster.
portalFqdn string: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
privateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn str: The FQDN of the Azure Kubernetes Managed Cluster.
http_application_routing_zone_name str: The Zone Name of the HTTP Application Routing.
id str: The provider-assigned unique ID for this managed resource.
kube_admin_config_raw str: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kube_admin_configs Sequence[KubernetesClusterKubeAdminConfig]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kube_config_raw str: Raw Kubernetes config to be used by kubectl and other compatible tools.
kube_configs Sequence[KubernetesClusterKubeConfig]: A kube_config block as defined below.
node_resource_group_id str: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
oidc_issuer_url str: The OIDC issuer URL that is associated with the cluster.
portal_fqdn str: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
private_fqdn str: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn String: The FQDN of the Azure Kubernetes Managed Cluster.
httpApplicationRoutingZoneName String: The Zone Name of the HTTP Application Routing.
id String: The provider-assigned unique ID for this managed resource.
kubeAdminConfigRaw String: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeAdminConfigs List<Property Map>: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.
kubeConfigRaw String: Raw Kubernetes config to be used by kubectl and other compatible tools.
kubeConfigs List<Property Map>: A kube_config block as defined below.
nodeResourceGroupId String: The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.
oidcIssuerUrl String: The OIDC issuer URL that is associated with the cluster.
portalFqdn String: The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
privateFqdn String: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

Look up Existing KubernetesCluster Resource

Get an existing KubernetesCluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KubernetesClusterState, opts?: CustomResourceOptions): KubernetesCluster

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aci_connector_linux: Optional[KubernetesClusterAciConnectorLinuxArgs] = None,
        api_server_access_profile: Optional[KubernetesClusterApiServerAccessProfileArgs] = None,
        api_server_authorized_ip_ranges: Optional[Sequence[str]] = None,
        auto_scaler_profile: Optional[KubernetesClusterAutoScalerProfileArgs] = None,
        automatic_channel_upgrade: Optional[str] = None,
        azure_active_directory_role_based_access_control: Optional[KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs] = None,
        azure_policy_enabled: Optional[bool] = None,
        confidential_computing: Optional[KubernetesClusterConfidentialComputingArgs] = None,
        default_node_pool: Optional[KubernetesClusterDefaultNodePoolArgs] = None,
        disk_encryption_set_id: Optional[str] = None,
        dns_prefix: Optional[str] = None,
        dns_prefix_private_cluster: Optional[str] = None,
        edge_zone: Optional[str] = None,
        enable_pod_security_policy: Optional[bool] = None,
        fqdn: Optional[str] = None,
        http_application_routing_enabled: Optional[bool] = None,
        http_application_routing_zone_name: Optional[str] = None,
        http_proxy_config: Optional[KubernetesClusterHttpProxyConfigArgs] = None,
        identity: Optional[KubernetesClusterIdentityArgs] = None,
        image_cleaner_enabled: Optional[bool] = None,
        image_cleaner_interval_hours: Optional[int] = None,
        ingress_application_gateway: Optional[KubernetesClusterIngressApplicationGatewayArgs] = None,
        key_management_service: Optional[KubernetesClusterKeyManagementServiceArgs] = None,
        key_vault_secrets_provider: Optional[KubernetesClusterKeyVaultSecretsProviderArgs] = None,
        kube_admin_config_raw: Optional[str] = None,
        kube_admin_configs: Optional[Sequence[KubernetesClusterKubeAdminConfigArgs]] = None,
        kube_config_raw: Optional[str] = None,
        kube_configs: Optional[Sequence[KubernetesClusterKubeConfigArgs]] = None,
        kubelet_identity: Optional[KubernetesClusterKubeletIdentityArgs] = None,
        kubernetes_version: Optional[str] = None,
        linux_profile: Optional[KubernetesClusterLinuxProfileArgs] = None,
        local_account_disabled: Optional[bool] = None,
        location: Optional[str] = None,
        maintenance_window: Optional[KubernetesClusterMaintenanceWindowArgs] = None,
        microsoft_defender: Optional[KubernetesClusterMicrosoftDefenderArgs] = None,
        monitor_metrics: Optional[KubernetesClusterMonitorMetricsArgs] = None,
        name: Optional[str] = None,
        network_profile: Optional[KubernetesClusterNetworkProfileArgs] = None,
        node_resource_group: Optional[str] = None,
        node_resource_group_id: Optional[str] = None,
        oidc_issuer_enabled: Optional[bool] = None,
        oidc_issuer_url: Optional[str] = None,
        oms_agent: Optional[KubernetesClusterOmsAgentArgs] = None,
        open_service_mesh_enabled: Optional[bool] = None,
        portal_fqdn: Optional[str] = None,
        private_cluster_enabled: Optional[bool] = None,
        private_cluster_public_fqdn_enabled: Optional[bool] = None,
        private_dns_zone_id: Optional[str] = None,
        private_fqdn: Optional[str] = None,
        public_network_access_enabled: Optional[bool] = None,
        resource_group_name: Optional[str] = None,
        role_based_access_control_enabled: Optional[bool] = None,
        run_command_enabled: Optional[bool] = None,
        service_mesh_profile: Optional[KubernetesClusterServiceMeshProfileArgs] = None,
        service_principal: Optional[KubernetesClusterServicePrincipalArgs] = None,
        sku_tier: Optional[str] = None,
        storage_profile: Optional[KubernetesClusterStorageProfileArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        web_app_routing: Optional[KubernetesClusterWebAppRoutingArgs] = None,
        windows_profile: Optional[KubernetesClusterWindowsProfileArgs] = None,
        workload_autoscaler_profile: Optional[KubernetesClusterWorkloadAutoscalerProfileArgs] = None,
        workload_identity_enabled: Optional[bool] = None) -> KubernetesCluster

func GetKubernetesCluster(ctx *Context, name string, id IDInput, state *KubernetesClusterState, opts ...ResourceOption) (*KubernetesCluster, error)

public static KubernetesCluster Get(string name, Input<string> id, KubernetesClusterState? state, CustomResourceOptions? opts = null)

public static KubernetesCluster get(String name, Output<String> id, KubernetesClusterState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

ApiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

ApiServerAuthorizedIpRanges List<string>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

AutoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

AutomaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

AzureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

AzurePolicyEnabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

ConfidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

DefaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

DiskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

DnsPrefix string

DnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

EnablePodSecurityPolicy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

Fqdn string

The FQDN of the Azure Kubernetes Managed Cluster.

HttpApplicationRoutingEnabled bool

Should HTTP Application Routing be enabled?

HttpApplicationRoutingZoneName string

The Zone Name of the HTTP Application Routing.

HttpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

Identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

ImageCleanerEnabled bool

Specifies whether Image Cleaner is enabled.

ImageCleanerIntervalHours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

IngressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

KeyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

KeyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

KubeAdminConfigRaw string

Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

KubeAdminConfigs List<KubernetesClusterKubeAdminConfigArgs>

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

KubeConfigRaw string

Raw Kubernetes config to be used by kubectl and other compatible tools.

KubeConfigs List<KubernetesClusterKubeConfigArgs>

A kube_config block as defined below.

KubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

KubernetesVersion string

LinuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

LocalAccountDisabled bool

If true local accounts will be disabled. See the documentation for more information.

Location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

MaintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

MicrosoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

MonitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

Name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

NetworkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

NodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

NodeResourceGroupId string

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

OidcIssuerEnabled bool

Enable or Disable the OIDC issuer URL

OidcIssuerUrl string

The OIDC issuer URL that is associated with the cluster.

OmsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

OpenServiceMeshEnabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

PortalFqdn string

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

PrivateClusterEnabled bool

PrivateClusterPublicFqdnEnabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

PrivateDnsZoneId string

PrivateFqdn string

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

PublicNetworkAccessEnabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

ResourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

RoleBasedAccessControlEnabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

RunCommandEnabled bool

Whether to enable run command for the cluster or not. Defaults to true.

ServiceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

ServicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

SkuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

StorageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

WebAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

WindowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

WorkloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

WorkloadIdentityEnabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

AciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

ApiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

ApiServerAuthorizedIpRanges []string

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

AutoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

AutomaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

AzureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

AzurePolicyEnabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

ConfidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

DefaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

DiskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

DnsPrefix string

DnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

EdgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

EnablePodSecurityPolicy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

Fqdn string

The FQDN of the Azure Kubernetes Managed Cluster.

HttpApplicationRoutingEnabled bool

Should HTTP Application Routing be enabled?

HttpApplicationRoutingZoneName string

The Zone Name of the HTTP Application Routing.

HttpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

Identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

ImageCleanerEnabled bool

Specifies whether Image Cleaner is enabled.

ImageCleanerIntervalHours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

IngressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

KeyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

KeyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

KubeAdminConfigRaw string

KubeAdminConfigs []KubernetesClusterKubeAdminConfigArgs

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

KubeConfigRaw string

Raw Kubernetes config to be used by kubectl and other compatible tools.

KubeConfigs []KubernetesClusterKubeConfigArgs

A kube_config block as defined below.

KubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

KubernetesVersion string

LinuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

LocalAccountDisabled bool

If true local accounts will be disabled. See the documentation for more information.

Location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

MaintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

MicrosoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

MonitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

Name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

NetworkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

NodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

NodeResourceGroupId string

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

OidcIssuerEnabled bool

Enable or Disable the OIDC issuer URL

OidcIssuerUrl string

The OIDC issuer URL that is associated with the cluster.

OmsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

OpenServiceMeshEnabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

PortalFqdn string

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

PrivateClusterEnabled bool

PrivateClusterPublicFqdnEnabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

PrivateDnsZoneId string

PrivateFqdn string

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

PublicNetworkAccessEnabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

ResourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

RoleBasedAccessControlEnabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

RunCommandEnabled bool

Whether to enable run command for the cluster or not. Defaults to true.

ServiceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

ServicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

SkuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

StorageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

Tags map[string]string

A mapping of tags to assign to the resource.

WebAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

WindowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

WorkloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

WorkloadIdentityEnabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

aciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges List<String>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automaticChannelUpgrade String

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled Boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

defaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

diskEncryptionSetId String

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix String

dnsPrefixPrivateCluster String

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy Boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

fqdn String

The FQDN of the Azure Kubernetes Managed Cluster.

httpApplicationRoutingEnabled Boolean

Should HTTP Application Routing be enabled?

httpApplicationRoutingZoneName String

The Zone Name of the HTTP Application Routing.

httpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled Boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours Integer

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

keyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeAdminConfigRaw String

kubeAdminConfigs List<KubernetesClusterKubeAdminConfigArgs>

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

kubeConfigRaw String

Raw Kubernetes config to be used by kubectl and other compatible tools.

kubeConfigs List<KubernetesClusterKubeConfigArgs>

A kube_config block as defined below.

kubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetesVersion String

linuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

localAccountDisabled Boolean

If true local accounts will be disabled. See the documentation for more information.

location String

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name String

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup String

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

nodeResourceGroupId String

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

oidcIssuerEnabled Boolean

Enable or Disable the OIDC issuer URL

oidcIssuerUrl String

The OIDC issuer URL that is associated with the cluster.

omsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

openServiceMeshEnabled Boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

portalFqdn String

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

privateClusterEnabled Boolean

privateClusterPublicFqdnEnabled Boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId String

privateFqdn String

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

publicNetworkAccessEnabled Boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

resourceGroupName String

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled Boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled Boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

servicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier String

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags Map<String,String>

A mapping of tags to assign to the resource.

webAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled Boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

aciConnectorLinux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges string[]

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automaticChannelUpgrade string

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

defaultNodePool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

diskEncryptionSetId string

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix string

dnsPrefixPrivateCluster string

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone string

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

fqdn string

The FQDN of the Azure Kubernetes Managed Cluster.

httpApplicationRoutingEnabled boolean

Should HTTP Application Routing be enabled?

httpApplicationRoutingZoneName string

The Zone Name of the HTTP Application Routing.

httpProxyConfig KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours number

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

keyManagementService KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeAdminConfigRaw string

kubeAdminConfigs KubernetesClusterKubeAdminConfigArgs[]

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

kubeConfigRaw string

Raw Kubernetes config to be used by kubectl and other compatible tools.

kubeConfigs KubernetesClusterKubeConfigArgs[]

A kube_config block as defined below.

kubeletIdentity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetesVersion string

linuxProfile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

localAccountDisabled boolean

If true local accounts will be disabled. See the documentation for more information.

location string

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoftDefender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitorMetrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name string

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup string

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

nodeResourceGroupId string

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

oidcIssuerEnabled boolean

Enable or Disable the OIDC issuer URL

oidcIssuerUrl string

The OIDC issuer URL that is associated with the cluster.

omsAgent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

openServiceMeshEnabled boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

portalFqdn string

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

privateClusterEnabled boolean

privateClusterPublicFqdnEnabled boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId string

privateFqdn string

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

publicNetworkAccessEnabled boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

resourceGroupName string

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

servicePrincipal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier string

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

webAppRouting KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windowsProfile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workloadAutoscalerProfile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

aci_connector_linux KubernetesClusterAciConnectorLinuxArgs

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

api_server_access_profile KubernetesClusterApiServerAccessProfileArgs

An api_server_access_profile block as defined below.

api_server_authorized_ip_ranges Sequence[str]

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

auto_scaler_profile KubernetesClusterAutoScalerProfileArgs

A auto_scaler_profile block as defined below.

automatic_channel_upgrade str

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azure_active_directory_role_based_access_control KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs

A azure_active_directory_role_based_access_control block as defined below.

azure_policy_enabled bool

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidential_computing KubernetesClusterConfidentialComputingArgs

A confidential_computing block as defined below. For more details please the documentation

default_node_pool KubernetesClusterDefaultNodePoolArgs

A default_node_pool block as defined below.

disk_encryption_set_id str

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dns_prefix str

dns_prefix_private_cluster str

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edge_zone str

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enable_pod_security_policy bool

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

fqdn str

The FQDN of the Azure Kubernetes Managed Cluster.

http_application_routing_enabled bool

Should HTTP Application Routing be enabled?

http_application_routing_zone_name str

The Zone Name of the HTTP Application Routing.

http_proxy_config KubernetesClusterHttpProxyConfigArgs

A http_proxy_config block as defined below.

identity KubernetesClusterIdentityArgs

An identity block as defined below. One of either identity or service_principal must be specified.

image_cleaner_enabled bool

Specifies whether Image Cleaner is enabled.

image_cleaner_interval_hours int

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingress_application_gateway KubernetesClusterIngressApplicationGatewayArgs

A ingress_application_gateway block as defined below.

key_management_service KubernetesClusterKeyManagementServiceArgs

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

key_vault_secrets_provider KubernetesClusterKeyVaultSecretsProviderArgs

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kube_admin_config_raw str

kube_admin_configs Sequence[KubernetesClusterKubeAdminConfigArgs]

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

kube_config_raw str

Raw Kubernetes config to be used by kubectl and other compatible tools.

kube_configs Sequence[KubernetesClusterKubeConfigArgs]

A kube_config block as defined below.

kubelet_identity KubernetesClusterKubeletIdentityArgs

A kubelet_identity block as defined below.

kubernetes_version str

linux_profile KubernetesClusterLinuxProfileArgs

A linux_profile block as defined below.

local_account_disabled bool

If true local accounts will be disabled. See the documentation for more information.

location str

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenance_window KubernetesClusterMaintenanceWindowArgs

A maintenance_window block as defined below.

microsoft_defender KubernetesClusterMicrosoftDefenderArgs

A microsoft_defender block as defined below.

monitor_metrics KubernetesClusterMonitorMetricsArgs

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name str

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

network_profile KubernetesClusterNetworkProfileArgs

A network_profile block as defined below. Changing this forces a new resource to be created.

node_resource_group str

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

node_resource_group_id str

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

oidc_issuer_enabled bool

Enable or Disable the OIDC issuer URL

oidc_issuer_url str

The OIDC issuer URL that is associated with the cluster.

oms_agent KubernetesClusterOmsAgentArgs

A oms_agent block as defined below.

open_service_mesh_enabled bool

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

portal_fqdn str

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

private_cluster_enabled bool

private_cluster_public_fqdn_enabled bool

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

private_dns_zone_id str

private_fqdn str

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

public_network_access_enabled bool

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

resource_group_name str

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

role_based_access_control_enabled bool

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

run_command_enabled bool

Whether to enable run command for the cluster or not. Defaults to true.

service_mesh_profile KubernetesClusterServiceMeshProfileArgs

A service_mesh_profile block as defined below.

service_principal KubernetesClusterServicePrincipalArgs

A service_principal block as documented below. One of either identity or service_principal must be specified.

sku_tier str

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storage_profile KubernetesClusterStorageProfileArgs

A storage_profile block as defined below.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

web_app_routing KubernetesClusterWebAppRoutingArgs

A web_app_routing block as defined below.

windows_profile KubernetesClusterWindowsProfileArgs

A windows_profile block as defined below.

workload_autoscaler_profile KubernetesClusterWorkloadAutoscalerProfileArgs

A workload_autoscaler_profile block defined below.

workload_identity_enabled bool

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

aciConnectorLinux Property Map

A aci_connector_linux block as defined below. For more details, please visit Create and configure an AKS cluster to use virtual nodes.

apiServerAccessProfile Property Map

An api_server_access_profile block as defined below.

apiServerAuthorizedIpRanges List<String>

Deprecated:

This property has been renamed to authorized_ip_ranges within the api_server_access_profile block and will be removed in v4.0 of the provider

autoScalerProfile Property Map

A auto_scaler_profile block as defined below.

automaticChannelUpgrade String

The upgrade channel for this Kubernetes Cluster. Possible values are patch, rapid, node-image and stable. Omitting this field sets this value to none.

azureActiveDirectoryRoleBasedAccessControl Property Map

A azure_active_directory_role_based_access_control block as defined below.

azurePolicyEnabled Boolean

Should the Azure Policy Add-On be enabled? For more details please visit Understand Azure Policy for Azure Kubernetes Service

confidentialComputing Property Map

A confidential_computing block as defined below. For more details please the documentation

defaultNodePool Property Map

A default_node_pool block as defined below.

diskEncryptionSetId String

The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation. Changing this forces a new resource to be created.

dnsPrefix String

dnsPrefixPrivateCluster String

Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.

edgeZone String

Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

enablePodSecurityPolicy Boolean

Deprecated:

The AKS API has removed support for this field on 2020-10-15 and is no longer possible to configure this the Pod Security Policy.

fqdn String

The FQDN of the Azure Kubernetes Managed Cluster.

httpApplicationRoutingEnabled Boolean

Should HTTP Application Routing be enabled?

httpApplicationRoutingZoneName String

The Zone Name of the HTTP Application Routing.

httpProxyConfig Property Map

A http_proxy_config block as defined below.

identity Property Map

An identity block as defined below. One of either identity or service_principal must be specified.

imageCleanerEnabled Boolean

Specifies whether Image Cleaner is enabled.

imageCleanerIntervalHours Number

Specifies the interval in hours when images should be cleaned up. Defaults to 48.

ingressApplicationGateway Property Map

A ingress_application_gateway block as defined below.

keyManagementService Property Map

A key_management_service block as defined below. For more details, please visit Key Management Service (KMS) etcd encryption to an AKS cluster.

keyVaultSecretsProvider Property Map

A key_vault_secrets_provider block as defined below. For more details, please visit Azure Keyvault Secrets Provider for AKS.

kubeAdminConfigRaw String

kubeAdminConfigs List<Property Map>

A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled and local accounts enabled.

kubeConfigRaw String

Raw Kubernetes config to be used by kubectl and other compatible tools.

kubeConfigs List<Property Map>

A kube_config block as defined below.

kubeletIdentity Property Map

A kubelet_identity block as defined below.

kubernetesVersion String

linuxProfile Property Map

A linux_profile block as defined below.

localAccountDisabled Boolean

If true local accounts will be disabled. See the documentation for more information.

location String

The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.

maintenanceWindow Property Map

A maintenance_window block as defined below.

microsoftDefender Property Map

A microsoft_defender block as defined below.

monitorMetrics Property Map

Specifies a Prometheus add-on profile for the Kubernetes Cluster. A monitor_metrics block as defined below.

name String

The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.

networkProfile Property Map

A network_profile block as defined below. Changing this forces a new resource to be created.

nodeResourceGroup String

The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.

nodeResourceGroupId String

The ID of the Resource Group containing the resources for this Managed Kubernetes Cluster.

oidcIssuerEnabled Boolean

Enable or Disable the OIDC issuer URL

oidcIssuerUrl String

The OIDC issuer URL that is associated with the cluster.

omsAgent Property Map

A oms_agent block as defined below.

openServiceMeshEnabled Boolean

Is Open Service Mesh enabled? For more details, please visit Open Service Mesh for AKS.

portalFqdn String

The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

privateClusterEnabled Boolean

privateClusterPublicFqdnEnabled Boolean

Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to false.

privateDnsZoneId String

privateFqdn String

The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

publicNetworkAccessEnabled Boolean

Whether public network access is allowed for this Kubernetes Cluster. Defaults to true. Changing this forces a new resource to be created.

resourceGroupName String

Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.

roleBasedAccessControlEnabled Boolean

Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to true. Changing this forces a new resource to be created.

runCommandEnabled Boolean

Whether to enable run command for the cluster or not. Defaults to true.

serviceMeshProfile Property Map

A service_mesh_profile block as defined below.

servicePrincipal Property Map

A service_principal block as documented below. One of either identity or service_principal must be specified.

skuTier String

The SKU Tier that should be used for this Kubernetes Cluster. Possible values are Free, and Standard (which includes the Uptime SLA). Defaults to Free.

storageProfile Property Map

A storage_profile block as defined below.

tags Map<String>

A mapping of tags to assign to the resource.

webAppRouting Property Map

A web_app_routing block as defined below.

windowsProfile Property Map

A windows_profile block as defined below.

workloadAutoscalerProfile Property Map

A workload_autoscaler_profile block defined below.

workloadIdentityEnabled Boolean

Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to false.

Supporting Types

KubernetesClusterAciConnectorLinux

SubnetName string: The subnet name for the virtual nodes to run.
ConnectorIdentities List<KubernetesClusterAciConnectorLinuxConnectorIdentity>: A connector_identity block is exported. The exported attributes are defined below.

SubnetName string: The subnet name for the virtual nodes to run.
ConnectorIdentities []KubernetesClusterAciConnectorLinuxConnectorIdentity: A connector_identity block is exported. The exported attributes are defined below.

subnetName String: The subnet name for the virtual nodes to run.
connectorIdentities List<KubernetesClusterAciConnectorLinuxConnectorIdentity>: A connector_identity block is exported. The exported attributes are defined below.

subnetName string: The subnet name for the virtual nodes to run.
connectorIdentities KubernetesClusterAciConnectorLinuxConnectorIdentity[]: A connector_identity block is exported. The exported attributes are defined below.

subnet_name str: The subnet name for the virtual nodes to run.
connector_identities Sequence[KubernetesClusterAciConnectorLinuxConnectorIdentity]: A connector_identity block is exported. The exported attributes are defined below.

subnetName String: The subnet name for the virtual nodes to run.
connectorIdentities List<Property Map>: A connector_identity block is exported. The exported attributes are defined below.

KubernetesClusterAciConnectorLinuxConnectorIdentity

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

client_id str: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
object_id str: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
user_assigned_identity_id str: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

KubernetesClusterApiServerAccessProfile

AuthorizedIpRanges List<string>: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
SubnetId string: The ID of the Subnet where the API server endpoint is delegated to.
VnetIntegrationEnabled bool: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

AuthorizedIpRanges []string: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
SubnetId string: The ID of the Subnet where the API server endpoint is delegated to.
VnetIntegrationEnabled bool: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

authorizedIpRanges List<String>: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
subnetId String: The ID of the Subnet where the API server endpoint is delegated to.
vnetIntegrationEnabled Boolean: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

authorizedIpRanges string[]: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
subnetId string: The ID of the Subnet where the API server endpoint is delegated to.
vnetIntegrationEnabled boolean: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

authorized_ip_ranges Sequence[str]: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
subnet_id str: The ID of the Subnet where the API server endpoint is delegated to.
vnet_integration_enabled bool: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

authorizedIpRanges List<String>: Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"].
subnetId String: The ID of the Subnet where the API server endpoint is delegated to.
vnetIntegrationEnabled Boolean: Should API Server VNet Integration be enabled? For more details please visit Use API Server VNet Integration.

KubernetesClusterAutoScalerProfile

BalanceSimilarNodeGroups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
EmptyBulkDeleteMax string: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
Expander string: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
MaxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
MaxNodeProvisioningTime string: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
MaxUnreadyNodes int: Maximum Number of allowed unready nodes. Defaults to 3.
MaxUnreadyPercentage double: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
NewPodScaleUpDelay string: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
ScaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
ScaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
ScaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
ScaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
ScaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
ScaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
ScanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
SkipNodesWithLocalStorage bool: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
SkipNodesWithSystemPods bool: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

BalanceSimilarNodeGroups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
EmptyBulkDeleteMax string: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
Expander string: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
MaxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
MaxNodeProvisioningTime string: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
MaxUnreadyNodes int: Maximum Number of allowed unready nodes. Defaults to 3.
MaxUnreadyPercentage float64: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
NewPodScaleUpDelay string: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
ScaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
ScaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
ScaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
ScaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
ScaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
ScaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
ScanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
SkipNodesWithLocalStorage bool: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
SkipNodesWithSystemPods bool: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

balanceSimilarNodeGroups Boolean: Detect similar node groups and balance the number of nodes between them. Defaults to false.
emptyBulkDeleteMax String: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
expander String: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
maxGracefulTerminationSec String: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
maxNodeProvisioningTime String: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
maxUnreadyNodes Integer: Maximum Number of allowed unready nodes. Defaults to 3.
maxUnreadyPercentage Double: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
newPodScaleUpDelay String: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
scaleDownDelayAfterAdd String: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scaleDownDelayAfterDelete String: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scaleDownDelayAfterFailure String: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scaleDownUnneeded String: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scaleDownUnready String: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scaleDownUtilizationThreshold String: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scanInterval String: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
skipNodesWithLocalStorage Boolean: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
skipNodesWithSystemPods Boolean: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

balanceSimilarNodeGroups boolean: Detect similar node groups and balance the number of nodes between them. Defaults to false.
emptyBulkDeleteMax string: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
expander string: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
maxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
maxNodeProvisioningTime string: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
maxUnreadyNodes number: Maximum Number of allowed unready nodes. Defaults to 3.
maxUnreadyPercentage number: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
newPodScaleUpDelay string: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
scaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
skipNodesWithLocalStorage boolean: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
skipNodesWithSystemPods boolean: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

balance_similar_node_groups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
empty_bulk_delete_max str: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
expander str: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
max_graceful_termination_sec str: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
max_node_provisioning_time str: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
max_unready_nodes int: Maximum Number of allowed unready nodes. Defaults to 3.
max_unready_percentage float: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
new_pod_scale_up_delay str: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
scale_down_delay_after_add str: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scale_down_delay_after_delete str: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scale_down_delay_after_failure str: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scale_down_unneeded str: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scale_down_unready str: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scale_down_utilization_threshold str: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scan_interval str: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
skip_nodes_with_local_storage bool: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
skip_nodes_with_system_pods bool: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

balanceSimilarNodeGroups Boolean: Detect similar node groups and balance the number of nodes between them. Defaults to false.
emptyBulkDeleteMax String: Maximum number of empty nodes that can be deleted at the same time. Defaults to 10.
expander String: Expander to use. Possible values are least-waste, priority, most-pods and random. Defaults to random.
maxGracefulTerminationSec String: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
maxNodeProvisioningTime String: Maximum time the autoscaler waits for a node to be provisioned. Defaults to 15m.
maxUnreadyNodes Number: Maximum Number of allowed unready nodes. Defaults to 3.
maxUnreadyPercentage Number: Maximum percentage of unready nodes the cluster autoscaler will stop if the percentage is exceeded. Defaults to 45.
newPodScaleUpDelay String: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. Defaults to 10s.
scaleDownDelayAfterAdd String: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scaleDownDelayAfterDelete String: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scaleDownDelayAfterFailure String: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scaleDownUnneeded String: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scaleDownUnready String: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scaleDownUtilizationThreshold String: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scanInterval String: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.
skipNodesWithLocalStorage Boolean: If true cluster autoscaler will never delete nodes with pods with local storage, for example, EmptyDir or HostPath. Defaults to true.
skipNodesWithSystemPods Boolean: If true cluster autoscaler will never delete nodes with pods from kube-system (except for DaemonSet or mirror pods). Defaults to true.

KubernetesClusterAzureActiveDirectoryRoleBasedAccessControl

AdminGroupObjectIds List<string>: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
AzureRbacEnabled bool: Is Role Based Access Control based on Azure AD enabled?
ClientAppId string: The Client ID of an Azure Active Directory Application.
Managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
ServerAppId string: The Server ID of an Azure Active Directory Application.
ServerAppSecret string: The Server Secret of an Azure Active Directory Application.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

AdminGroupObjectIds []string: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
AzureRbacEnabled bool: Is Role Based Access Control based on Azure AD enabled?
ClientAppId string: The Client ID of an Azure Active Directory Application.
Managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
ServerAppId string: The Server ID of an Azure Active Directory Application.
ServerAppSecret string: The Server Secret of an Azure Active Directory Application.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

adminGroupObjectIds List<String>: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
azureRbacEnabled Boolean: Is Role Based Access Control based on Azure AD enabled?
clientAppId String: The Client ID of an Azure Active Directory Application.
managed Boolean: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
serverAppId String: The Server ID of an Azure Active Directory Application.
serverAppSecret String: The Server Secret of an Azure Active Directory Application.
tenantId String: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

adminGroupObjectIds string[]: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
azureRbacEnabled boolean: Is Role Based Access Control based on Azure AD enabled?
clientAppId string: The Client ID of an Azure Active Directory Application.
managed boolean: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
serverAppId string: The Server ID of an Azure Active Directory Application.
serverAppSecret string: The Server Secret of an Azure Active Directory Application.
tenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

admin_group_object_ids Sequence[str]: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
azure_rbac_enabled bool: Is Role Based Access Control based on Azure AD enabled?
client_app_id str: The Client ID of an Azure Active Directory Application.
managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
server_app_id str: The Server ID of an Azure Active Directory Application.
server_app_secret str: The Server Secret of an Azure Active Directory Application.
tenant_id str: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

adminGroupObjectIds List<String>: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
azureRbacEnabled Boolean: Is Role Based Access Control based on Azure AD enabled?
clientAppId String: The Client ID of an Azure Active Directory Application.
managed Boolean: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
serverAppId String: The Server ID of an Azure Active Directory Application.
serverAppSecret String: The Server Secret of an Azure Active Directory Application.
tenantId String: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

KubernetesClusterConfidentialComputing

SgxQuoteHelperEnabled bool: Should the SGX quote helper be enabled?

SgxQuoteHelperEnabled bool: Should the SGX quote helper be enabled?

sgxQuoteHelperEnabled Boolean: Should the SGX quote helper be enabled?

sgxQuoteHelperEnabled boolean: Should the SGX quote helper be enabled?

sgx_quote_helper_enabled bool: Should the SGX quote helper be enabled?

sgxQuoteHelperEnabled Boolean: Should the SGX quote helper be enabled?

KubernetesClusterDefaultNodePool

Name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
VmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
CapacityReservationGroupId string: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
CustomCaTrustEnabled bool: Specifies whether to trust a Custom CA.
EnableAutoScaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
EnableHostEncryption bool: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
EnableNodePublicIp bool: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
FipsEnabled bool: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
HostGroupId string: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
KubeletConfig KubernetesClusterDefaultNodePoolKubeletConfig: A kubelet_config block as defined below. Changing this forces a new resource to be created.
KubeletDiskType string: The type of disk used by kubelet. Possible values are OS and Temporary.
LinuxOsConfig KubernetesClusterDefaultNodePoolLinuxOsConfig: A linux_os_config block as defined below. Changing this forces a new resource to be created.
MaxCount int: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
MaxPods int: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
MessageOfTheDay string: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
MinCount int: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
NodeCount int: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
NodeLabels Dictionary<string, string>: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
NodeNetworkProfile KubernetesClusterDefaultNodePoolNodeNetworkProfile: A node_network_profile block as documented below.
NodePublicIpPrefixId string: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
NodeTaints List<string>: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
OnlyCriticalAddonsEnabled bool: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
OrchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
OsDiskSizeGb int: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
OsDiskType string: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
OsSku string: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
PodSubnetId string: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
ProximityPlacementGroupId string: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
ScaleDownMode string: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
Tags Dictionary<string, string>: A mapping of tags to assign to the Node Pool.
TemporaryNameForRotation string: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
Type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
UltraSsdEnabled bool: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
UpgradeSettings KubernetesClusterDefaultNodePoolUpgradeSettings: A upgrade_settings block as documented below.
VnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
WorkloadRuntime string: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
Zones List<string>: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

Name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
VmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
CapacityReservationGroupId string: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
CustomCaTrustEnabled bool: Specifies whether to trust a Custom CA.
EnableAutoScaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
EnableHostEncryption bool: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
EnableNodePublicIp bool: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
FipsEnabled bool: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
HostGroupId string: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
KubeletConfig KubernetesClusterDefaultNodePoolKubeletConfig: A kubelet_config block as defined below. Changing this forces a new resource to be created.
KubeletDiskType string: The type of disk used by kubelet. Possible values are OS and Temporary.
LinuxOsConfig KubernetesClusterDefaultNodePoolLinuxOsConfig: A linux_os_config block as defined below. Changing this forces a new resource to be created.
MaxCount int: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
MaxPods int: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
MessageOfTheDay string: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
MinCount int: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
NodeCount int: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
NodeLabels map[string]string: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
NodeNetworkProfile KubernetesClusterDefaultNodePoolNodeNetworkProfile: A node_network_profile block as documented below.
NodePublicIpPrefixId string: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
NodeTaints []string: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
OnlyCriticalAddonsEnabled bool: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
OrchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
OsDiskSizeGb int: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
OsDiskType string: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
OsSku string: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
PodSubnetId string: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
ProximityPlacementGroupId string: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
ScaleDownMode string: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
Tags map[string]string: A mapping of tags to assign to the Node Pool.
TemporaryNameForRotation string: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
Type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
UltraSsdEnabled bool: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
UpgradeSettings KubernetesClusterDefaultNodePoolUpgradeSettings: A upgrade_settings block as documented below.
VnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
WorkloadRuntime string: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
Zones []string: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

name String: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vmSize String: The size of the Virtual Machine, such as Standard_DS2_v2.
capacityReservationGroupId String: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
customCaTrustEnabled Boolean: Specifies whether to trust a Custom CA.
enableAutoScaling Boolean: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
enableHostEncryption Boolean: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
enableNodePublicIp Boolean: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
fipsEnabled Boolean: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
hostGroupId String: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
kubeletConfig KubernetesClusterDefaultNodePoolKubeletConfig: A kubelet_config block as defined below. Changing this forces a new resource to be created.
kubeletDiskType String: The type of disk used by kubelet. Possible values are OS and Temporary.
linuxOsConfig KubernetesClusterDefaultNodePoolLinuxOsConfig: A linux_os_config block as defined below. Changing this forces a new resource to be created.
maxCount Integer: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
maxPods Integer: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
messageOfTheDay String: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
minCount Integer: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
nodeCount Integer: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
nodeLabels Map<String,String>: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
nodeNetworkProfile KubernetesClusterDefaultNodePoolNodeNetworkProfile: A node_network_profile block as documented below.
nodePublicIpPrefixId String: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
nodeTaints List<String>: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
onlyCriticalAddonsEnabled Boolean: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
orchestratorVersion String: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
osDiskSizeGb Integer: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
osDiskType String: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
osSku String: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
podSubnetId String: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
proximityPlacementGroupId String: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
scaleDownMode String: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
tags Map<String,String>: A mapping of tags to assign to the Node Pool.
temporaryNameForRotation String: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
type String: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
ultraSsdEnabled Boolean: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
upgradeSettings KubernetesClusterDefaultNodePoolUpgradeSettings: A upgrade_settings block as documented below.
vnetSubnetId String: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
workloadRuntime String: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
zones List<String>: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
capacityReservationGroupId string: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
customCaTrustEnabled boolean: Specifies whether to trust a Custom CA.
enableAutoScaling boolean: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
enableHostEncryption boolean: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
enableNodePublicIp boolean: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
fipsEnabled boolean: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
hostGroupId string: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
kubeletConfig KubernetesClusterDefaultNodePoolKubeletConfig: A kubelet_config block as defined below. Changing this forces a new resource to be created.
kubeletDiskType string: The type of disk used by kubelet. Possible values are OS and Temporary.
linuxOsConfig KubernetesClusterDefaultNodePoolLinuxOsConfig: A linux_os_config block as defined below. Changing this forces a new resource to be created.
maxCount number: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
maxPods number: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
messageOfTheDay string: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
minCount number: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
nodeCount number: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
nodeLabels {[key: string]: string}: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
nodeNetworkProfile KubernetesClusterDefaultNodePoolNodeNetworkProfile: A node_network_profile block as documented below.
nodePublicIpPrefixId string: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
nodeTaints string[]: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
onlyCriticalAddonsEnabled boolean: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
orchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
osDiskSizeGb number: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
osDiskType string: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
osSku string: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
podSubnetId string: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
proximityPlacementGroupId string: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
scaleDownMode string: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
tags {[key: string]: string}: A mapping of tags to assign to the Node Pool.
temporaryNameForRotation string: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
ultraSsdEnabled boolean: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
upgradeSettings KubernetesClusterDefaultNodePoolUpgradeSettings: A upgrade_settings block as documented below.
vnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
workloadRuntime string: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
zones string[]: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

name str: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vm_size str: The size of the Virtual Machine, such as Standard_DS2_v2.
capacity_reservation_group_id str: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
custom_ca_trust_enabled bool: Specifies whether to trust a Custom CA.
enable_auto_scaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
enable_host_encryption bool: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
enable_node_public_ip bool: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
fips_enabled bool: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
host_group_id str: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
kubelet_config KubernetesClusterDefaultNodePoolKubeletConfig: A kubelet_config block as defined below. Changing this forces a new resource to be created.
kubelet_disk_type str: The type of disk used by kubelet. Possible values are OS and Temporary.
linux_os_config KubernetesClusterDefaultNodePoolLinuxOsConfig: A linux_os_config block as defined below. Changing this forces a new resource to be created.
max_count int: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
max_pods int: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
message_of_the_day str: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
min_count int: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
node_count int: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
node_labels Mapping[str, str]: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
node_network_profile KubernetesClusterDefaultNodePoolNodeNetworkProfile: A node_network_profile block as documented below.
node_public_ip_prefix_id str: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
node_taints Sequence[str]: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
only_critical_addons_enabled bool: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
orchestrator_version str: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
os_disk_size_gb int: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
os_disk_type str: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
os_sku str: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
pod_subnet_id str: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
proximity_placement_group_id str: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
scale_down_mode str: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
tags Mapping[str, str]: A mapping of tags to assign to the Node Pool.
temporary_name_for_rotation str: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
type str: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
ultra_ssd_enabled bool: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
upgrade_settings KubernetesClusterDefaultNodePoolUpgradeSettings: A upgrade_settings block as documented below.
vnet_subnet_id str: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
workload_runtime str: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
zones Sequence[str]: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

name String: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vmSize String: The size of the Virtual Machine, such as Standard_DS2_v2.
capacityReservationGroupId String: Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
customCaTrustEnabled Boolean: Specifies whether to trust a Custom CA.
enableAutoScaling Boolean: Should the Kubernetes Auto Scaler be enabled for this Node Pool?
enableHostEncryption Boolean: Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created.
enableNodePublicIp Boolean: Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created.
fipsEnabled Boolean: Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created.
hostGroupId String: Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.
kubeletConfig Property Map: A kubelet_config block as defined below. Changing this forces a new resource to be created.
kubeletDiskType String: The type of disk used by kubelet. Possible values are OS and Temporary.
linuxOsConfig Property Map: A linux_os_config block as defined below. Changing this forces a new resource to be created.
maxCount Number: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
maxPods Number: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
messageOfTheDay String: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
minCount Number: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000.
nodeCount Number: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 1000 and between min_count and max_count.
nodeLabels Map<String>: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool.
nodeNetworkProfile Property Map: A node_network_profile block as documented below.
nodePublicIpPrefixId String: Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. enable_node_public_ip should be true. Changing this forces a new resource to be created.
nodeTaints List<String>: A list of the taints added to new nodes during node pool create and scale. Changing this forces a new resource to be created.
onlyCriticalAddonsEnabled Boolean: Enabling this option will taint default node pool with CriticalAddonsOnly=true:NoSchedule taint. Changing this forces a new resource to be created.
orchestratorVersion String: Version of Kubernetes used for the Agents. If not specified, the default node pool will be created with the version specified by kubernetes_version. If both are unspecified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as 1.22 are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in the documentation.
osDiskSizeGb Number: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
osDiskType String: The type of disk which should be used for the Operating System. Possible values are Ephemeral and Managed. Defaults to Managed. Changing this forces a new resource to be created.
osSku String: Specifies the OS SKU used by the agent pool. Possible values include: Ubuntu, CBLMariner, Mariner, Windows2019, Windows2022. If not specified, the default is Ubuntu if OSType=Linux or Windows2019 if OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is deprecated. Changing this forces a new resource to be created.
podSubnetId String: The ID of the Subnet where the pods in the default Node Pool should exist. Changing this forces a new resource to be created.
proximityPlacementGroupId String: The ID of the Proximity Placement Group. Changing this forces a new resource to be created.
scaleDownMode String: Specifies the autoscaling behaviour of the Kubernetes Cluster. Allowed values are Delete and Deallocate. Defaults to Delete.
tags Map<String>: A mapping of tags to assign to the Node Pool.
temporaryNameForRotation String: Specifies the name of the temporary node pool used to cycle the default node pool for VM resizing.
type String: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets. Changing this forces a new resource to be created.
ultraSsdEnabled Boolean: Used to specify whether the UltraSSD is enabled in the Default Node Pool. Defaults to false. See the documentation for more information. Changing this forces a new resource to be created.
upgradeSettings Property Map: A upgrade_settings block as documented below.
vnetSubnetId String: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.
workloadRuntime String: Specifies the workload runtime used by the node pool. Possible values are OCIContainer and KataMshvVmIsolation.
zones List<String>: Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. Changing this forces a new Kubernetes Cluster to be created.

KubernetesClusterDefaultNodePoolKubeletConfig

AllowedUnsafeSysctls List<string>: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
ContainerLogMaxLine int: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
ContainerLogMaxSizeMb int: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
CpuCfsQuotaEnabled bool: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
CpuCfsQuotaPeriod string: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
CpuManagerPolicy string: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
ImageGcHighThreshold int: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
ImageGcLowThreshold int: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
PodMaxPid int: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
TopologyManagerPolicy string: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

AllowedUnsafeSysctls []string: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
ContainerLogMaxLine int: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
ContainerLogMaxSizeMb int: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
CpuCfsQuotaEnabled bool: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
CpuCfsQuotaPeriod string: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
CpuManagerPolicy string: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
ImageGcHighThreshold int: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
ImageGcLowThreshold int: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
PodMaxPid int: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
TopologyManagerPolicy string: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

allowedUnsafeSysctls List<String>: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
containerLogMaxLine Integer: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
containerLogMaxSizeMb Integer: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
cpuCfsQuotaEnabled Boolean: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
cpuCfsQuotaPeriod String: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
cpuManagerPolicy String: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
imageGcHighThreshold Integer: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
imageGcLowThreshold Integer: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
podMaxPid Integer: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
topologyManagerPolicy String: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

allowedUnsafeSysctls string[]: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
containerLogMaxLine number: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
containerLogMaxSizeMb number: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
cpuCfsQuotaEnabled boolean: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
cpuCfsQuotaPeriod string: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
cpuManagerPolicy string: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
imageGcHighThreshold number: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
imageGcLowThreshold number: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
podMaxPid number: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
topologyManagerPolicy string: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

allowed_unsafe_sysctls Sequence[str]: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
container_log_max_line int: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
container_log_max_size_mb int: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
cpu_cfs_quota_enabled bool: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
cpu_cfs_quota_period str: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
cpu_manager_policy str: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
image_gc_high_threshold int: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
image_gc_low_threshold int: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
pod_max_pid int: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
topology_manager_policy str: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

allowedUnsafeSysctls List<String>: Specifies the allow list of unsafe sysctls command or patterns (ending in *). Changing this forces a new resource to be created.
containerLogMaxLine Number: Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
containerLogMaxSizeMb Number: Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
cpuCfsQuotaEnabled Boolean: Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
cpuCfsQuotaPeriod String: Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
cpuManagerPolicy String: Specifies the CPU Manager policy to use. Possible values are none and static, Changing this forces a new resource to be created.
imageGcHighThreshold Number: Specifies the percent of disk usage above which image garbage collection is always run. Must be between 0 and 100. Changing this forces a new resource to be created.
imageGcLowThreshold Number: Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between 0 and 100. Changing this forces a new resource to be created.
podMaxPid Number: Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
topologyManagerPolicy String: Specifies the Topology Manager policy to use. Possible values are none, best-effort, restricted or single-numa-node. Changing this forces a new resource to be created.

KubernetesClusterDefaultNodePoolLinuxOsConfig

SwapFileSizeMb int: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
SysctlConfig KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig: A sysctl_config block as defined below. Changing this forces a new resource to be created.
TransparentHugePageDefrag string: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
TransparentHugePageEnabled string: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

SwapFileSizeMb int: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
SysctlConfig KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig: A sysctl_config block as defined below. Changing this forces a new resource to be created.
TransparentHugePageDefrag string: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
TransparentHugePageEnabled string: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

swapFileSizeMb Integer: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
sysctlConfig KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig: A sysctl_config block as defined below. Changing this forces a new resource to be created.
transparentHugePageDefrag String: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
transparentHugePageEnabled String: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

swapFileSizeMb number: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
sysctlConfig KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig: A sysctl_config block as defined below. Changing this forces a new resource to be created.
transparentHugePageDefrag string: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
transparentHugePageEnabled string: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

swap_file_size_mb int: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
sysctl_config KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig: A sysctl_config block as defined below. Changing this forces a new resource to be created.
transparent_huge_page_defrag str: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
transparent_huge_page_enabled str: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

swapFileSizeMb Number: Specifies the size of the swap file on each node in MB. Changing this forces a new resource to be created.
sysctlConfig Property Map: A sysctl_config block as defined below. Changing this forces a new resource to be created.
transparentHugePageDefrag String: specifies the defrag configuration for Transparent Huge Page. Possible values are always, defer, defer+madvise, madvise and never. Changing this forces a new resource to be created.
transparentHugePageEnabled String: Specifies the Transparent Huge Page enabled configuration. Possible values are always, madvise and never. Changing this forces a new resource to be created.

KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig

FsAioMaxNr int: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
FsFileMax int: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
FsInotifyMaxUserWatches int: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
FsNrOpen int: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
KernelThreadsMax int: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
NetCoreNetdevMaxBacklog int: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
NetCoreOptmemMax int: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
NetCoreRmemDefault int: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreRmemMax int: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreSomaxconn int: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
NetCoreWmemDefault int: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreWmemMax int: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetIpv4IpLocalPortRangeMax int: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
NetIpv4IpLocalPortRangeMin int: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh1 int: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh2 int: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh3 int: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
NetIpv4TcpFinTimeout int: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveIntvl int: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveProbes int: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveTime int: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
NetIpv4TcpMaxSynBacklog int: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
NetIpv4TcpMaxTwBuckets int: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
NetIpv4TcpTwReuse bool: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
NetNetfilterNfConntrackBuckets int: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
NetNetfilterNfConntrackMax int: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
VmMaxMapCount int: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
VmSwappiness int: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
VmVfsCachePressure int: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

FsAioMaxNr int: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
FsFileMax int: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
FsInotifyMaxUserWatches int: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
FsNrOpen int: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
KernelThreadsMax int: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
NetCoreNetdevMaxBacklog int: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
NetCoreOptmemMax int: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
NetCoreRmemDefault int: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreRmemMax int: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreSomaxconn int: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
NetCoreWmemDefault int: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetCoreWmemMax int: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
NetIpv4IpLocalPortRangeMax int: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
NetIpv4IpLocalPortRangeMin int: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh1 int: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh2 int: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
NetIpv4NeighDefaultGcThresh3 int: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
NetIpv4TcpFinTimeout int: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveIntvl int: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveProbes int: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
NetIpv4TcpKeepaliveTime int: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
NetIpv4TcpMaxSynBacklog int: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
NetIpv4TcpMaxTwBuckets int: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
NetIpv4TcpTwReuse bool: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
NetNetfilterNfConntrackBuckets int: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
NetNetfilterNfConntrackMax int: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
VmMaxMapCount int: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
VmSwappiness int: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
VmVfsCachePressure int: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

fsAioMaxNr Integer: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
fsFileMax Integer: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
fsInotifyMaxUserWatches Integer: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
fsNrOpen Integer: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
kernelThreadsMax Integer: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
netCoreNetdevMaxBacklog Integer: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
netCoreOptmemMax Integer: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
netCoreRmemDefault Integer: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreRmemMax Integer: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreSomaxconn Integer: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
netCoreWmemDefault Integer: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreWmemMax Integer: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMax Integer: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMin Integer: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh1 Integer: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh2 Integer: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh3 Integer: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
netIpv4TcpFinTimeout Integer: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveIntvl Integer: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveProbes Integer: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveTime Integer: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
netIpv4TcpMaxSynBacklog Integer: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
netIpv4TcpMaxTwBuckets Integer: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
netIpv4TcpTwReuse Boolean: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
netNetfilterNfConntrackBuckets Integer: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
netNetfilterNfConntrackMax Integer: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
vmMaxMapCount Integer: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
vmSwappiness Integer: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
vmVfsCachePressure Integer: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

fsAioMaxNr number: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
fsFileMax number: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
fsInotifyMaxUserWatches number: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
fsNrOpen number: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
kernelThreadsMax number: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
netCoreNetdevMaxBacklog number: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
netCoreOptmemMax number: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
netCoreRmemDefault number: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreRmemMax number: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreSomaxconn number: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
netCoreWmemDefault number: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreWmemMax number: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMax number: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMin number: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh1 number: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh2 number: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh3 number: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
netIpv4TcpFinTimeout number: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveIntvl number: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveProbes number: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveTime number: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
netIpv4TcpMaxSynBacklog number: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
netIpv4TcpMaxTwBuckets number: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
netIpv4TcpTwReuse boolean: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
netNetfilterNfConntrackBuckets number: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
netNetfilterNfConntrackMax number: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
vmMaxMapCount number: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
vmSwappiness number: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
vmVfsCachePressure number: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

fs_aio_max_nr int: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
fs_file_max int: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
fs_inotify_max_user_watches int: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
fs_nr_open int: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
kernel_threads_max int: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
net_core_netdev_max_backlog int: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
net_core_optmem_max int: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
net_core_rmem_default int: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
net_core_rmem_max int: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
net_core_somaxconn int: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
net_core_wmem_default int: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
net_core_wmem_max int: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
net_ipv4_ip_local_port_range_max int: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
net_ipv4_ip_local_port_range_min int: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
net_ipv4_neigh_default_gc_thresh1 int: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
net_ipv4_neigh_default_gc_thresh2 int: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
net_ipv4_neigh_default_gc_thresh3 int: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
net_ipv4_tcp_fin_timeout int: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
net_ipv4_tcp_keepalive_intvl int: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
net_ipv4_tcp_keepalive_probes int: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
net_ipv4_tcp_keepalive_time int: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
net_ipv4_tcp_max_syn_backlog int: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
net_ipv4_tcp_max_tw_buckets int: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
net_ipv4_tcp_tw_reuse bool: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
net_netfilter_nf_conntrack_buckets int: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
net_netfilter_nf_conntrack_max int: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
vm_max_map_count int: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
vm_swappiness int: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
vm_vfs_cache_pressure int: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

fsAioMaxNr Number: The sysctl setting fs.aio-max-nr. Must be between 65536 and 6553500. Changing this forces a new resource to be created.
fsFileMax Number: The sysctl setting fs.file-max. Must be between 8192 and 12000500. Changing this forces a new resource to be created.
fsInotifyMaxUserWatches Number: The sysctl setting fs.inotify.max_user_watches. Must be between 781250 and 2097152. Changing this forces a new resource to be created.
fsNrOpen Number: The sysctl setting fs.nr_open. Must be between 8192 and 20000500. Changing this forces a new resource to be created.
kernelThreadsMax Number: The sysctl setting kernel.threads-max. Must be between 20 and 513785. Changing this forces a new resource to be created.
netCoreNetdevMaxBacklog Number: The sysctl setting net.core.netdev_max_backlog. Must be between 1000 and 3240000. Changing this forces a new resource to be created.
netCoreOptmemMax Number: The sysctl setting net.core.optmem_max. Must be between 20480 and 4194304. Changing this forces a new resource to be created.
netCoreRmemDefault Number: The sysctl setting net.core.rmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreRmemMax Number: The sysctl setting net.core.rmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreSomaxconn Number: The sysctl setting net.core.somaxconn. Must be between 4096 and 3240000. Changing this forces a new resource to be created.
netCoreWmemDefault Number: The sysctl setting net.core.wmem_default. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netCoreWmemMax Number: The sysctl setting net.core.wmem_max. Must be between 212992 and 134217728. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMax Number: The sysctl setting net.ipv4.ip_local_port_range max value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4IpLocalPortRangeMin Number: The sysctl setting net.ipv4.ip_local_port_range min value. Must be between 1024 and 60999. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh1 Number: The sysctl setting net.ipv4.neigh.default.gc_thresh1. Must be between 128 and 80000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh2 Number: The sysctl setting net.ipv4.neigh.default.gc_thresh2. Must be between 512 and 90000. Changing this forces a new resource to be created.
netIpv4NeighDefaultGcThresh3 Number: The sysctl setting net.ipv4.neigh.default.gc_thresh3. Must be between 1024 and 100000. Changing this forces a new resource to be created.
netIpv4TcpFinTimeout Number: The sysctl setting net.ipv4.tcp_fin_timeout. Must be between 5 and 120. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveIntvl Number: The sysctl setting net.ipv4.tcp_keepalive_intvl. Must be between 10 and 75. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveProbes Number: The sysctl setting net.ipv4.tcp_keepalive_probes. Must be between 1 and 15. Changing this forces a new resource to be created.
netIpv4TcpKeepaliveTime Number: The sysctl setting net.ipv4.tcp_keepalive_time. Must be between 30 and 432000. Changing this forces a new resource to be created.
netIpv4TcpMaxSynBacklog Number: The sysctl setting net.ipv4.tcp_max_syn_backlog. Must be between 128 and 3240000. Changing this forces a new resource to be created.
netIpv4TcpMaxTwBuckets Number: The sysctl setting net.ipv4.tcp_max_tw_buckets. Must be between 8000 and 1440000. Changing this forces a new resource to be created.
netIpv4TcpTwReuse Boolean: The sysctl setting net.ipv4.tcp_tw_reuse. Changing this forces a new resource to be created.
netNetfilterNfConntrackBuckets Number: The sysctl setting net.netfilter.nf_conntrack_buckets. Must be between 65536 and 147456. Changing this forces a new resource to be created.
netNetfilterNfConntrackMax Number: The sysctl setting net.netfilter.nf_conntrack_max. Must be between 131072 and 1048576. Changing this forces a new resource to be created.
vmMaxMapCount Number: The sysctl setting vm.max_map_count. Must be between 65530 and 262144. Changing this forces a new resource to be created.
vmSwappiness Number: The sysctl setting vm.swappiness. Must be between 0 and 100. Changing this forces a new resource to be created.
vmVfsCachePressure Number: The sysctl setting vm.vfs_cache_pressure. Must be between 0 and 100. Changing this forces a new resource to be created.

KubernetesClusterDefaultNodePoolNodeNetworkProfile

NodePublicIpTags Dictionary<string, string>: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

NodePublicIpTags map[string]string: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

nodePublicIpTags Map<String,String>: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

nodePublicIpTags {[key: string]: string}: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

node_public_ip_tags Mapping[str, str]: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

nodePublicIpTags Map<String>: Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.

KubernetesClusterDefaultNodePoolUpgradeSettings

MaxSurge string: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

MaxSurge string: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

maxSurge String: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

maxSurge string: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

max_surge str: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

maxSurge String: The maximum number or percentage of nodes which will be added to the Node Pool size during an upgrade.

KubernetesClusterHttpProxyConfig

HttpProxy string: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
HttpsProxy string: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
NoProxies List<string>: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
TrustedCa string: The base64 encoded alternative CA certificate content in PEM format.

HttpProxy string: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
HttpsProxy string: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
NoProxies []string: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
TrustedCa string: The base64 encoded alternative CA certificate content in PEM format.

httpProxy String: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
httpsProxy String: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
noProxies List<String>: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
trustedCa String: The base64 encoded alternative CA certificate content in PEM format.

httpProxy string: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
httpsProxy string: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
noProxies string[]: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
trustedCa string: The base64 encoded alternative CA certificate content in PEM format.

http_proxy str: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
https_proxy str: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
no_proxies Sequence[str]: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
trusted_ca str: The base64 encoded alternative CA certificate content in PEM format.

httpProxy String: The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
httpsProxy String: The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
noProxies List<String>: The list of domains that will not use the proxy for communication. Changing this forces a new resource to be created.
trustedCa String: The base64 encoded alternative CA certificate content in PEM format.

KubernetesClusterIdentity

Type string: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
IdentityIds List<string>: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
PrincipalId string: The Principal ID associated with this Managed Service Identity.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

Type string: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
IdentityIds []string: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
PrincipalId string: The Principal ID associated with this Managed Service Identity.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

type String: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
identityIds List<String>: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
principalId String: The Principal ID associated with this Managed Service Identity.
tenantId String: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

type string: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
identityIds string[]: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
principalId string: The Principal ID associated with this Managed Service Identity.
tenantId string: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

type str: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
identity_ids Sequence[str]: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
principal_id str: The Principal ID associated with this Managed Service Identity.
tenant_id str: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

type String: Specifies the type of Managed Service Identity that should be configured on this Kubernetes Cluster. Possible values are SystemAssigned or UserAssigned.
identityIds List<String>: Specifies a list of User Assigned Managed Identity IDs to be assigned to this Kubernetes Cluster.
principalId String: The Principal ID associated with this Managed Service Identity.
tenantId String: The Tenant ID used for Azure Active Directory Application. If this isn't specified the Tenant ID of the current Subscription is used.

KubernetesClusterIngressApplicationGateway

EffectiveGatewayId string: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
GatewayId string: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
GatewayName string: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
IngressApplicationGatewayIdentities List<KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity>: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
SubnetCidr string: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
SubnetId string: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

EffectiveGatewayId string: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
GatewayId string: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
GatewayName string: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
IngressApplicationGatewayIdentities []KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
SubnetCidr string: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
SubnetId string: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

effectiveGatewayId String: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
gatewayId String: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
gatewayName String: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
ingressApplicationGatewayIdentities List<KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity>: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
subnetCidr String: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
subnetId String: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

effectiveGatewayId string: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
gatewayId string: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
gatewayName string: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
ingressApplicationGatewayIdentities KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity[]: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
subnetCidr string: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
subnetId string: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

effective_gateway_id str: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
gateway_id str: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
gateway_name str: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
ingress_application_gateway_identities Sequence[KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity]: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
subnet_cidr str: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
subnet_id str: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

effectiveGatewayId String: The ID of the Application Gateway associated with the ingress controller deployed to this Kubernetes Cluster.
gatewayId String: The ID of the Application Gateway to integrate with the ingress controller of this Kubernetes Cluster. See this page for further details.
gatewayName String: The name of the Application Gateway to be used or created in the Nodepool Resource Group, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
ingressApplicationGatewayIdentities List<Property Map>: An ingress_application_gateway_identity block is exported. The exported attributes are defined below.
subnetCidr String: The subnet CIDR to be used to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.
subnetId String: The ID of the subnet on which to create an Application Gateway, which in turn will be integrated with the ingress controller of this Kubernetes Cluster. See this page for further details.

KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

client_id str: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
object_id str: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
user_assigned_identity_id str: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

KubernetesClusterKeyManagementService

KeyVaultKeyId string: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
KeyVaultNetworkAccess string: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

KeyVaultKeyId string: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
KeyVaultNetworkAccess string: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

keyVaultKeyId String: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
keyVaultNetworkAccess String: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

keyVaultKeyId string: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
keyVaultNetworkAccess string: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

key_vault_key_id str: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
key_vault_network_access str: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

keyVaultKeyId String: Identifier of Azure Key Vault key. See key identifier format for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When enabled is false, leave the field empty.
keyVaultNetworkAccess String: Network access of the key vault Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

KubernetesClusterKeyVaultSecretsProvider

SecretIdentities List<KubernetesClusterKeyVaultSecretsProviderSecretIdentity>: An secret_identity block is exported. The exported attributes are defined below.
SecretRotationEnabled bool: Should the secret store CSI driver on the AKS cluster be enabled?
SecretRotationInterval string: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

SecretIdentities []KubernetesClusterKeyVaultSecretsProviderSecretIdentity: An secret_identity block is exported. The exported attributes are defined below.
SecretRotationEnabled bool: Should the secret store CSI driver on the AKS cluster be enabled?
SecretRotationInterval string: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

secretIdentities List<KubernetesClusterKeyVaultSecretsProviderSecretIdentity>: An secret_identity block is exported. The exported attributes are defined below.
secretRotationEnabled Boolean: Should the secret store CSI driver on the AKS cluster be enabled?
secretRotationInterval String: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

secretIdentities KubernetesClusterKeyVaultSecretsProviderSecretIdentity[]: An secret_identity block is exported. The exported attributes are defined below.
secretRotationEnabled boolean: Should the secret store CSI driver on the AKS cluster be enabled?
secretRotationInterval string: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

secret_identities Sequence[KubernetesClusterKeyVaultSecretsProviderSecretIdentity]: An secret_identity block is exported. The exported attributes are defined below.
secret_rotation_enabled bool: Should the secret store CSI driver on the AKS cluster be enabled?
secret_rotation_interval str: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

secretIdentities List<Property Map>: An secret_identity block is exported. The exported attributes are defined below.
secretRotationEnabled Boolean: Should the secret store CSI driver on the AKS cluster be enabled?
secretRotationInterval String: The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m.

KubernetesClusterKeyVaultSecretsProviderSecretIdentity

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

client_id str: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
object_id str: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
user_assigned_identity_id str: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

KubernetesClusterKubeAdminConfig

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate String: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey String: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate String: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host String: The Kubernetes cluster server host.
password String: A password or token used to authenticate to the Kubernetes cluster.
username String: A username used to authenticate to the Kubernetes cluster.

clientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host string: The Kubernetes cluster server host.
password string: A password or token used to authenticate to the Kubernetes cluster.
username string: A username used to authenticate to the Kubernetes cluster.

client_certificate str: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
client_key str: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
cluster_ca_certificate str: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host str: The Kubernetes cluster server host.
password str: A password or token used to authenticate to the Kubernetes cluster.
username str: A username used to authenticate to the Kubernetes cluster.

clientCertificate String: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey String: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate String: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host String: The Kubernetes cluster server host.
password String: A password or token used to authenticate to the Kubernetes cluster.
username String: A username used to authenticate to the Kubernetes cluster.

KubernetesClusterKubeConfig

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate String: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey String: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate String: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host String: The Kubernetes cluster server host.
password String: A password or token used to authenticate to the Kubernetes cluster.
username String: A username used to authenticate to the Kubernetes cluster.

clientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host string: The Kubernetes cluster server host.
password string: A password or token used to authenticate to the Kubernetes cluster.
username string: A username used to authenticate to the Kubernetes cluster.

client_certificate str: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
client_key str: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
cluster_ca_certificate str: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host str: The Kubernetes cluster server host.
password str: A password or token used to authenticate to the Kubernetes cluster.
username str: A username used to authenticate to the Kubernetes cluster.

clientCertificate String: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey String: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate String: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host String: The Kubernetes cluster server host.
password String: A password or token used to authenticate to the Kubernetes cluster.
username String: A username used to authenticate to the Kubernetes cluster.

KubernetesClusterKubeletIdentity

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

ClientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
ObjectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
UserAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId string: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId string: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId string: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

client_id str: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
object_id str: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
user_assigned_identity_id str: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

clientId String: The Client ID of the user-defined Managed Identity to be assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
objectId String: The Object ID of the user-defined Managed Identity assigned to the Kubelets.If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.
userAssignedIdentityId String: The ID of the User Assigned Identity assigned to the Kubelets. If not specified a Managed Identity is created automatically. Changing this forces a new resource to be created.

KubernetesClusterLinuxProfile

AdminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
SshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

AdminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
SshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

adminUsername String: The Admin Username for the Cluster. Changing this forces a new resource to be created.
sshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

adminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
sshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

admin_username str: The Admin Username for the Cluster. Changing this forces a new resource to be created.
ssh_key KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

adminUsername String: The Admin Username for the Cluster. Changing this forces a new resource to be created.
sshKey Property Map: An ssh_key block. Only one is currently allowed. Changing this will update the key on all node pools. More information can be found in the documentation.

KubernetesClusterLinuxProfileSshKey

KeyData string: The Public SSH Key used to access the cluster.

KeyData string: The Public SSH Key used to access the cluster.

keyData String: The Public SSH Key used to access the cluster.

keyData string: The Public SSH Key used to access the cluster.

key_data str: The Public SSH Key used to access the cluster.

keyData String: The Public SSH Key used to access the cluster.

KubernetesClusterMaintenanceWindow

Alloweds List<KubernetesClusterMaintenanceWindowAllowed>: One or more allowed blocks as defined below.
NotAlloweds List<KubernetesClusterMaintenanceWindowNotAllowed>: One or more not_allowed block as defined below.

Alloweds []KubernetesClusterMaintenanceWindowAllowed: One or more allowed blocks as defined below.
NotAlloweds []KubernetesClusterMaintenanceWindowNotAllowed: One or more not_allowed block as defined below.

alloweds List<KubernetesClusterMaintenanceWindowAllowed>: One or more allowed blocks as defined below.
notAlloweds List<KubernetesClusterMaintenanceWindowNotAllowed>: One or more not_allowed block as defined below.

alloweds KubernetesClusterMaintenanceWindowAllowed[]: One or more allowed blocks as defined below.
notAlloweds KubernetesClusterMaintenanceWindowNotAllowed[]: One or more not_allowed block as defined below.

alloweds Sequence[KubernetesClusterMaintenanceWindowAllowed]: One or more allowed blocks as defined below.
not_alloweds Sequence[KubernetesClusterMaintenanceWindowNotAllowed]: One or more not_allowed block as defined below.

alloweds List<Property Map>: One or more allowed blocks as defined below.
notAlloweds List<Property Map>: One or more not_allowed block as defined below.

KubernetesClusterMaintenanceWindowAllowed

Day string: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
Hours List<int>: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

Day string: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
Hours []int: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

day String: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
hours List<Integer>: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

day string: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
hours number[]: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

day str: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
hours Sequence[int]: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

day String: A day in a week. Possible values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday and Saturday.
hours List<Number>: An array of hour slots in a day. For example, specifying 1 will allow maintenance from 1:00am to 2:00am. Specifying 1, 2 will allow maintenance from 1:00am to 3:00m. Possible values are between 0 and 23.

KubernetesClusterMaintenanceWindowNotAllowed

End string: The end of a time span, formatted as an RFC3339 string.
Start string: The start of a time span, formatted as an RFC3339 string.

End string: The end of a time span, formatted as an RFC3339 string.
Start string: The start of a time span, formatted as an RFC3339 string.

end String: The end of a time span, formatted as an RFC3339 string.
start String: The start of a time span, formatted as an RFC3339 string.

end string: The end of a time span, formatted as an RFC3339 string.
start string: The start of a time span, formatted as an RFC3339 string.

end str: The end of a time span, formatted as an RFC3339 string.
start str: The start of a time span, formatted as an RFC3339 string.

end String: The end of a time span, formatted as an RFC3339 string.
start String: The start of a time span, formatted as an RFC3339 string.

KubernetesClusterMicrosoftDefender

LogAnalyticsWorkspaceId string: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

LogAnalyticsWorkspaceId string: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

logAnalyticsWorkspaceId String: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

logAnalyticsWorkspaceId string: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

log_analytics_workspace_id str: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

logAnalyticsWorkspaceId String: Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to.

KubernetesClusterMonitorMetrics

AnnotationsAllowed string: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
LabelsAllowed string: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

AnnotationsAllowed string: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
LabelsAllowed string: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

annotationsAllowed String: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
labelsAllowed String: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

annotationsAllowed string: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
labelsAllowed string: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

annotations_allowed str: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
labels_allowed str: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

annotationsAllowed String: Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric.
labelsAllowed String: Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric.

KubernetesClusterNetworkProfile

NetworkPlugin string

Network plugin to use for networking. Currently supported values are azure, kubenet and none. Changing this forces a new resource to be created.

DnsServiceIp string

IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.

DockerBridgeCidr string

IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.

Deprecated:

docker_bridge_cidr has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.

EbpfDataPlane string

Specifies the eBPF data plane used for building the Kubernetes network. Possible value is cilium. Changing this forces a new resource to be created.

IpVersions List<string>

Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created.

LoadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfile

A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.

LoadBalancerSku string

Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard. Changing this forces a new resource to be created.

NatGatewayProfile KubernetesClusterNetworkProfileNatGatewayProfile

A nat_gateway_profile block as defined below. This can only be specified when load_balancer_sku is set to standard and outbound_type is set to managedNATGateway or userAssignedNATGateway. Changing this forces a new resource to be created.

NetworkMode string

Network mode to be used with Azure CNI. Possible values are bridge and transparent. Changing this forces a new resource to be created.

NetworkPluginMode string

Specifies the network plugin mode used for building the Kubernetes network. Possible value is Overlay. Changing this forces a new resource to be created.

NetworkPolicy string

Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.

OutboundType string

The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer. Changing this forces a new resource to be created.

PodCidr string

The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.

PodCidrs List<string>

A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.

ServiceCidr string

The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

ServiceCidrs List<string>

A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created.

NetworkPlugin string

Network plugin to use for networking. Currently supported values are azure, kubenet and none. Changing this forces a new resource to be created.

DnsServiceIp string

IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.

DockerBridgeCidr string

IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.

Deprecated:

docker_bridge_cidr has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.

EbpfDataPlane string

Specifies the eBPF data plane used for building the Kubernetes network. Possible value is cilium. Changing this forces a new resource to be created.

IpVersions []string

LoadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfile

A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.

LoadBalancerSku string

Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard. Changing this forces a new resource to be created.

NatGatewayProfile KubernetesClusterNetworkProfileNatGatewayProfile

NetworkMode string

Network mode to be used with Azure CNI. Possible values are bridge and transparent. Changing this forces a new resource to be created.

NetworkPluginMode string

Specifies the network plugin mode used for building the Kubernetes network. Possible value is Overlay. Changing this forces a new resource to be created.

NetworkPolicy string

OutboundType string

PodCidr string

The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.

PodCidrs []string

ServiceCidr string

The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

ServiceCidrs []string

networkPlugin String

Network plugin to use for networking. Currently supported values are azure, kubenet and none. Changing this forces a new resource to be created.

dnsServiceIp String

IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.

dockerBridgeCidr String

IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.

Deprecated:

docker_bridge_cidr has been deprecated as the API no longer supports it and will be removed in version 4.0 of the provider.

ebpfDataPlane String

Specifies the eBPF data plane used for building the Kubernetes network. Possible value is cilium. Changing this forces a new resource to be created.

ipVersions List<String>

loadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfile

A load_balancer_profile block as defined below. This can only be specified when load_balancer_sku is set to standard. Changing this forces a new resource to be created.

loadBalancerSku String

Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are basic and standard. Defaults to standard. Changing this forces a new resource to be created.

natGatewayProfile KubernetesClusterNetworkProfileNatGatewayProfile

networkMode String

Network mode to be used with Azure CNI. Possible values are bridge and transparent. Changing this forces a new resource to be created.

networkPluginMode String

Specifies the network plugin mode used for building the Kubernetes network. Possible value is Overlay. Changing this forces a new resource to be created.

networkPolicy String

Sets up network policy to be used with Azure CN

azure.containerservice.KubernetesCluster

On this page

On this page

Example Usage

Create KubernetesCluster Resource

KubernetesCluster Resource Properties

Inputs

Outputs

Look up Existing KubernetesCluster Resource

Supporting Types

KubernetesClusterAciConnectorLinux

KubernetesClusterAciConnectorLinuxConnectorIdentity

KubernetesClusterApiServerAccessProfile

KubernetesClusterAutoScalerProfile

KubernetesClusterAzureActiveDirectoryRoleBasedAccessControl

KubernetesClusterConfidentialComputing

KubernetesClusterDefaultNodePool

KubernetesClusterDefaultNodePoolKubeletConfig

KubernetesClusterDefaultNodePoolLinuxOsConfig

KubernetesClusterDefaultNodePoolLinuxOsConfigSysctlConfig

KubernetesClusterDefaultNodePoolNodeNetworkProfile

KubernetesClusterDefaultNodePoolUpgradeSettings

KubernetesClusterHttpProxyConfig

KubernetesClusterIdentity

KubernetesClusterIngressApplicationGateway

KubernetesClusterIngressApplicationGatewayIngressApplicationGatewayIdentity

KubernetesClusterKeyManagementService

KubernetesClusterKeyVaultSecretsProvider

KubernetesClusterKeyVaultSecretsProviderSecretIdentity

KubernetesClusterKubeAdminConfig

KubernetesClusterKubeConfig

KubernetesClusterKubeletIdentity

KubernetesClusterLinuxProfile

KubernetesClusterLinuxProfileSshKey

KubernetesClusterMaintenanceWindow

KubernetesClusterMaintenanceWindowAllowed

KubernetesClusterMaintenanceWindowNotAllowed

KubernetesClusterMicrosoftDefender

KubernetesClusterMonitorMetrics

KubernetesClusterNetworkProfile