Azure.Provisioning.ContainerService Namespace

The port range.

Network settings of an agent pool.

The security settings of an agent pool.

A node pool snapshot resource.

The list of available upgrades for an agent pool.

Available upgrades for an AgentPool.

Settings for upgrading an agentpool.

Current status on a group of nodes of the same vm size.

Version information about a product/service that is compatible with a service mesh revision.

Agent Pool.

A date range. For example, between '2022-12-23' and '2023-01-05'.

Contains the IPTag associated with the object.

Profile for Linux VMs in the container service cluster.

A machine. Contains details about the underlying virtual machine. A machine may be visible here but not in kubectl get nodes; if so it may be because the machine has not been registered with the Kubernetes API Server yet.

The machine IP address details.

The properties of the machine.

For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'.

Planned maintenance configuration, used to configure when updates can be deployed to a Managed Cluster. See planned maintenance for more information about planned maintenance.

For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'.

One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or 'relativeMonthly' for your maintenance schedule.

For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'.

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Managed cluster.

Profile of network configuration.

A private endpoint connection.

A private link resource.

The state of a private link service connection.

Contains information about SSH certificate public key data.

Time in a week.

A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

Defines binding between a resource and role.

Details about a user assigned identity.

Istio components configuration.

Istio egress gateway configuration.

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Plugin certificates information for Service Mesh.

Istio service mesh configuration.

Kubelet configurations of agent nodes. See AKS custom node configuration for more details.

OS configurations of Linux agent nodes. See AKS custom node configuration for more details.

Overrides for localDNS profile.

Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.

AADProfile specifies attributes for Azure Active Directory integration. For more details see managed AAD on AKS.

A Kubernetes add-on profile for a managed cluster.

Information of user assigned identity used by this add-on.

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Security profile to enable security features on cilium based cluster.

Profile for the container service agent pool.

Access profile for managed cluster API server.

Parameters to be applied to the cluster-autoscaler when enabled.

Auto upgrade profile for a managed cluster.

The bootstrap profile.

Delegated resource properties - internal use only.

Cluster HTTP proxy configuration.

Identity for the managed cluster.

Application Routing add-on settings for the ingress profile.

Profile of the managed cluster load balancer.

Desired managed outbound IPs for the cluster load balancer.

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

Namespace managed by ARM.

Properties of a namespace managed by ARM.

Profile of the managed cluster NAT gateway.

Node provisioning profile for the managed cluster.

The OIDC issuer profile of the Managed Cluster.

Details about the pod identity assigned to the Managed Cluster.

A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server. See disable AAD Pod Identity for a specific Pod/Application for more details.

The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on pod identity integration.

An error response from the pod identity provisioning.

The list of available upgrade versions.

Available upgrades for an AgentPool.

Security profile for the container service cluster.

Microsoft Defender settings for the security profile.

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Azure Key Vault key management service settings for the security profile.

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

The SKU of a Managed Cluster.

Storage profile for the container service cluster.

The list of available upgrades for compute pools.

Profile for Windows VMs in the managed cluster.

Workload Auto-scaler profile for the managed cluster.

User assigned identity properties.

Specifications on number of machines.

Holds information on upgrades and compatibility for given major.minor mesh release.

Mesh revision profile for a mesh.

Upgrade profile for given mesh.

Mesh upgrade profile properties for a major.minor release.

Default network policy of the namespace, specifying ingress and egress rules.

Resource quota for the namespace.

Service mesh profile for a managed cluster.

Sysctl settings for Linux agent nodes.

Settings for overrides when upgrading a cluster.

Windows gMSA Profile in the managed cluster.

Defines the built-in roles for ContainerService resources.

Whether to install GPU drivers. When it's not specified, default is Install.

The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools.

The network protocol of the port.

SSH access method of an agent pool.

The type of Agent Pool.

The expander to use when scaling up. If not specified, the default is 'random'. See expanders for more information.

The artifact source. The source where the artifacts are downloaded from.

To determine if address belongs IPv4 or IPv6 family.

The load balancer sku for the managed cluster. The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.

The week index. Specifies on which week of the month the dayOfWeek applies.

The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than 'azure'.

Network plugin used for building the Kubernetes network.

The mode the network plugin should use.

Network policy used for building the Kubernetes network.

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

The operating system type. The default is Linux.

The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.

The current provisioning state.

The private link service connection status.

PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS.

Tells whether the cluster is Running or Stopped.

The current provisioning state of trusted access role binding.

The weekday enum.

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Mode of an ingress gateway.

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Different support tiers for AKS managed clusters.

Destination server for DNS queries to be forwarded from localDNS.

Forward policy for selecting upstream DNS server. See forward plugin for more information.

Mode of enablement for localDNS.

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.

Log level for DNS queries in localDNS.

Policy for serving stale data. See cache plugin for more information.

System-generated state of localDNS.

Enable advanced network acceleration options. This allows users to configure acceleration using BPF host routing. This can be enabled only with Cilium dataplane. If not specified, the default value is None (no acceleration). The acceleration mode can be changed on a pre-existing cluster. See https://aka.ms/acnsperformance for a detailed explanation.

Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true.

Network access of the key vault. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

The type of the managed inbound Load Balancer BackendPool.

The current provisioning state of the namespace.

Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.

The restriction level applied to the cluster's node resource group. If not specified, the default is 'Unrestricted'.

The current provisioning state of the pod identity.

The name of a managed cluster SKU.

The tier of a managed cluster SKU. If not specified, the default is 'Free'. See AKS Pricing Tier for more details.

Action if Kubernetes namespace with same name already exists.

Delete options of a namespace.

Enum representing different network policy rules.

Network dataplane used in the Kubernetes cluster.

Ingress type for the default NginxIngressController custom resource.

The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, the default is Auto. For more information see aka.ms/aks/nap#node-pools.

The node provisioning mode. If not specified, the default is Manual.

Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'.

Mode of traffic redirection.

Describes how VMs are added to or removed from Agent Pools. See billing states.

The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs.

The Virtual Machine Scale Set priority.

Mode of the service mesh.

The type of a snapshot. The default is NodePool.

Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None.

Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes.

The upgrade channel for auto upgrade. The default is 'none'. For more information see setting the AKS cluster auto-upgrade channel.

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

Determines the type of workload a node can run.