sigs.k8s.io/cluster-api-provider-azure@v1.14.3/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.13.0 7 name: azureclustertemplates.infrastructure.cluster.x-k8s.io 8 spec: 9 group: infrastructure.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: AzureClusterTemplate 14 listKind: AzureClusterTemplateList 15 plural: azureclustertemplates 16 singular: azureclustertemplate 17 scope: Namespaced 18 versions: 19 - name: v1beta1 20 schema: 21 openAPIV3Schema: 22 description: AzureClusterTemplate is the Schema for the azureclustertemplates 23 API. 24 properties: 25 apiVersion: 26 description: 'APIVersion defines the versioned schema of this representation 27 of an object. Servers should convert recognized schemas to the latest 28 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 29 type: string 30 kind: 31 description: 'Kind is a string value representing the REST resource this 32 object represents. Servers may infer this from the endpoint the client 33 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 34 type: string 35 metadata: 36 type: object 37 spec: 38 description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. 39 properties: 40 template: 41 description: AzureClusterTemplateResource describes the data needed 42 to create an AzureCluster from a template. 43 properties: 44 spec: 45 description: AzureClusterTemplateResourceSpec specifies an Azure 46 cluster template resource. 47 properties: 48 additionalTags: 49 additionalProperties: 50 type: string 51 description: AdditionalTags is an optional set of tags to 52 add to Azure resources managed by the Azure provider, in 53 addition to the ones added by default. 54 type: object 55 azureEnvironment: 56 description: "AzureEnvironment is the name of the AzureCloud 57 to be used. The default value that would be used by most 58 users is \"AzurePublicCloud\", other values are: - ChinaCloud: 59 \"AzureChinaCloud\" - GermanCloud: \"AzureGermanCloud\" 60 - PublicCloud: \"AzurePublicCloud\" - USGovernmentCloud: 61 \"AzureUSGovernmentCloud\" \n Note that values other than 62 the default must also be accompanied by corresponding changes 63 to the aso-controller-settings Secret to configure ASO to 64 refer to the non-Public cloud. ASO currently does not support 65 referring to multiple different clouds in a single installation. 66 The following fields must be defined in the Secret: - AZURE_AUTHORITY_HOST 67 - AZURE_RESOURCE_MANAGER_ENDPOINT - AZURE_RESOURCE_MANAGER_AUDIENCE 68 \n See the [ASO docs] for more details. \n [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/" 69 type: string 70 bastionSpec: 71 description: BastionSpec encapsulates all things related to 72 the Bastions in the cluster. 73 properties: 74 azureBastion: 75 description: AzureBastionTemplateSpec specifies a template 76 for an Azure Bastion host. 77 properties: 78 subnet: 79 description: SubnetTemplateSpec specifies a template 80 for a subnet. 81 properties: 82 cidrBlocks: 83 description: CIDRBlocks defines the subnet's address 84 space, specified as one or more address prefixes 85 in CIDR notation. 86 items: 87 type: string 88 type: array 89 name: 90 description: Name defines a name for the subnet 91 resource. 92 type: string 93 natGateway: 94 description: NatGateway associated with this subnet. 95 properties: 96 name: 97 type: string 98 required: 99 - name 100 type: object 101 privateEndpoints: 102 description: PrivateEndpoints defines a list of 103 private endpoints that should be attached to 104 this subnet. 105 items: 106 description: PrivateEndpointSpec configures 107 an Azure Private Endpoint. 108 properties: 109 applicationSecurityGroups: 110 description: ApplicationSecurityGroups specifies 111 the Application security group in which 112 the private endpoint IP configuration 113 is included. 114 items: 115 type: string 116 type: array 117 customNetworkInterfaceName: 118 description: CustomNetworkInterfaceName 119 specifies the network interface name associated 120 with the private endpoint. 121 type: string 122 location: 123 description: Location specifies the region 124 to create the private endpoint. 125 type: string 126 manualApproval: 127 description: ManualApproval specifies if 128 the connection approval needs to be done 129 manually or not. Set it true when the 130 network admin does not have access to 131 approve connections to the remote resource. 132 Defaults to false. 133 type: boolean 134 name: 135 description: Name specifies the name of 136 the private endpoint. 137 type: string 138 privateIPAddresses: 139 description: PrivateIPAddresses specifies 140 the IP addresses for the network interface 141 associated with the private endpoint. 142 They have to be part of the subnet where 143 the private endpoint is linked. 144 items: 145 type: string 146 type: array 147 privateLinkServiceConnections: 148 description: PrivateLinkServiceConnections 149 specifies Private Link Service Connections 150 of the private endpoint. 151 items: 152 description: PrivateLinkServiceConnection 153 defines the specification for a private 154 link service connection associated with 155 a private endpoint. 156 properties: 157 groupIDs: 158 description: GroupIDs specifies the 159 ID(s) of the group(s) obtained from 160 the remote resource that this private 161 endpoint should connect to. 162 items: 163 type: string 164 type: array 165 name: 166 description: Name specifies the name 167 of the private link service. 168 type: string 169 privateLinkServiceID: 170 description: PrivateLinkServiceID 171 specifies the resource ID of the 172 private link service. 173 type: string 174 requestMessage: 175 description: RequestMessage specifies 176 a message passed to the owner of 177 the remote resource with the private 178 endpoint connection request. 179 maxLength: 140 180 type: string 181 type: object 182 type: array 183 required: 184 - name 185 type: object 186 type: array 187 x-kubernetes-list-map-keys: 188 - name 189 x-kubernetes-list-type: map 190 role: 191 description: Role defines the subnet role (eg. 192 Node, ControlPlane) 193 enum: 194 - node 195 - control-plane 196 - bastion 197 - all 198 type: string 199 securityGroup: 200 description: SecurityGroup defines the NSG (network 201 security group) that should be attached to this 202 subnet. 203 properties: 204 securityRules: 205 description: SecurityRules is a slice of Azure 206 security rules for security groups. 207 items: 208 description: SecurityRule defines an Azure 209 security rule for security groups. 210 properties: 211 action: 212 default: Allow 213 description: Action specifies whether 214 network traffic is allowed or denied. 215 Can either be "Allow" or "Deny". Defaults 216 to "Allow". 217 enum: 218 - Allow 219 - Deny 220 type: string 221 description: 222 description: A description for this 223 rule. Restricted to 140 chars. 224 type: string 225 destination: 226 description: Destination is the destination 227 address prefix. CIDR or destination 228 IP range. Asterix '*' can also be 229 used to match all source IPs. Default 230 tags such as 'VirtualNetwork', 'AzureLoadBalancer' 231 and 'Internet' can also be used. 232 type: string 233 destinationPorts: 234 description: DestinationPorts specifies 235 the destination port or range. Integer 236 or range between 0 and 65535. Asterix 237 '*' can also be used to match all 238 ports. 239 type: string 240 direction: 241 description: Direction indicates whether 242 the rule applies to inbound, or outbound 243 traffic. "Inbound" or "Outbound". 244 enum: 245 - Inbound 246 - Outbound 247 type: string 248 name: 249 description: Name is a unique name within 250 the network security group. 251 type: string 252 priority: 253 description: Priority is a number between 254 100 and 4096. Each rule should have 255 a unique value for priority. Rules 256 are processed in priority order, with 257 lower numbers processed before higher 258 numbers. Once traffic matches a rule, 259 processing stops. 260 format: int32 261 type: integer 262 protocol: 263 description: Protocol specifies the 264 protocol type. "Tcp", "Udp", "Icmp", 265 or "*". 266 enum: 267 - Tcp 268 - Udp 269 - Icmp 270 - '*' 271 type: string 272 source: 273 description: Source specifies the CIDR 274 or source IP range. Asterix '*' can 275 also be used to match all source IPs. 276 Default tags such as 'VirtualNetwork', 277 'AzureLoadBalancer' and 'Internet' 278 can also be used. If this is an ingress 279 rule, specifies where network traffic 280 originates from. 281 type: string 282 sourcePorts: 283 description: SourcePorts specifies source 284 port or range. Integer or range between 285 0 and 65535. Asterix '*' can also 286 be used to match all ports. 287 type: string 288 sources: 289 description: Sources specifies The CIDR 290 or source IP ranges. 291 items: 292 type: string 293 type: array 294 required: 295 - description 296 - direction 297 - name 298 - protocol 299 type: object 300 type: array 301 x-kubernetes-list-map-keys: 302 - name 303 x-kubernetes-list-type: map 304 tags: 305 additionalProperties: 306 type: string 307 description: Tags defines a map of tags. 308 type: object 309 type: object 310 serviceEndpoints: 311 description: ServiceEndpoints is a slice of Virtual 312 Network service endpoints to enable for the 313 subnets. 314 items: 315 description: ServiceEndpointSpec configures 316 an Azure Service Endpoint. 317 properties: 318 locations: 319 items: 320 type: string 321 type: array 322 service: 323 type: string 324 required: 325 - locations 326 - service 327 type: object 328 type: array 329 x-kubernetes-list-map-keys: 330 - service 331 x-kubernetes-list-type: map 332 required: 333 - name 334 - role 335 type: object 336 type: object 337 type: object 338 cloudProviderConfigOverrides: 339 description: 'CloudProviderConfigOverrides is an optional 340 set of configuration values that can be overridden in azure 341 cloud provider config. This is only a subset of options 342 that are available in azure cloud provider config. Some 343 values for the cloud provider config are inferred from other 344 parts of cluster api provider azure spec, and may not be 345 available for overrides. See: https://cloud-provider-azure.sigs.k8s.io/install/configs 346 Note: All cloud provider config values can be customized 347 by creating the secret beforehand. CloudProviderConfigOverrides 348 is only used when the secret is managed by the Azure Provider.' 349 properties: 350 backOffs: 351 description: BackOffConfig indicates the back-off config 352 options. 353 properties: 354 cloudProviderBackoff: 355 type: boolean 356 cloudProviderBackoffDuration: 357 type: integer 358 cloudProviderBackoffExponent: 359 anyOf: 360 - type: integer 361 - type: string 362 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 363 x-kubernetes-int-or-string: true 364 cloudProviderBackoffJitter: 365 anyOf: 366 - type: integer 367 - type: string 368 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 369 x-kubernetes-int-or-string: true 370 cloudProviderBackoffRetries: 371 type: integer 372 type: object 373 rateLimits: 374 items: 375 description: 'RateLimitSpec represents the rate limit 376 configuration for a particular kind of resource. Eg. 377 loadBalancerRateLimit is used to configure rate limits 378 for load balancers. This eventually gets converted 379 to CloudProviderRateLimitConfig that cloud-provider-azure 380 expects. See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 381 We cannot use CloudProviderRateLimitConfig directly 382 because floating point values are not supported in 383 controller-tools. See: https://github.com/kubernetes-sigs/controller-tools/issues/245' 384 properties: 385 config: 386 description: RateLimitConfig indicates the rate 387 limit config options. 388 properties: 389 cloudProviderRateLimit: 390 type: boolean 391 cloudProviderRateLimitBucket: 392 type: integer 393 cloudProviderRateLimitBucketWrite: 394 type: integer 395 cloudProviderRateLimitQPS: 396 anyOf: 397 - type: integer 398 - type: string 399 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 400 x-kubernetes-int-or-string: true 401 cloudProviderRateLimitQPSWrite: 402 anyOf: 403 - type: integer 404 - type: string 405 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 406 x-kubernetes-int-or-string: true 407 type: object 408 name: 409 description: Name is the name of the rate limit 410 spec. 411 enum: 412 - defaultRateLimit 413 - routeRateLimit 414 - subnetsRateLimit 415 - interfaceRateLimit 416 - routeTableRateLimit 417 - loadBalancerRateLimit 418 - publicIPAddressRateLimit 419 - securityGroupRateLimit 420 - virtualMachineRateLimit 421 - storageAccountRateLimit 422 - diskRateLimit 423 - snapshotRateLimit 424 - virtualMachineScaleSetRateLimit 425 - virtualMachineSizesRateLimit 426 - availabilitySetRateLimit 427 type: string 428 required: 429 - name 430 type: object 431 type: array 432 type: object 433 extendedLocation: 434 description: ExtendedLocation is an optional set of ExtendedLocation 435 properties for clusters on Azure public MEC. 436 properties: 437 name: 438 description: Name defines the name for the extended location. 439 type: string 440 type: 441 description: Type defines the type for the extended location. 442 enum: 443 - EdgeZone 444 type: string 445 required: 446 - name 447 - type 448 type: object 449 failureDomains: 450 additionalProperties: 451 description: FailureDomainSpec is the Schema for Cluster 452 API failure domains. It allows controllers to understand 453 how many failure domains a cluster can optionally span 454 across. 455 properties: 456 attributes: 457 additionalProperties: 458 type: string 459 description: Attributes is a free form map of attributes 460 an infrastructure provider might use or require. 461 type: object 462 controlPlane: 463 description: ControlPlane determines if this failure 464 domain is suitable for use by control plane machines. 465 type: boolean 466 type: object 467 description: 'FailureDomains is a list of failure domains 468 in the cluster''s region, used to restrict eligibility to 469 host the control plane. A FailureDomain maps to an availability 470 zone, which is a separated group of datacenters within a 471 region. See: https://learn.microsoft.com/azure/reliability/availability-zones-overview' 472 type: object 473 identityRef: 474 description: IdentityRef is a reference to an AzureIdentity 475 to be used when reconciling this cluster 476 properties: 477 apiVersion: 478 description: API version of the referent. 479 type: string 480 fieldPath: 481 description: 'If referring to a piece of an object instead 482 of an entire object, this string should contain a valid 483 JSON/Go field access statement, such as desiredState.manifest.containers[2]. 484 For example, if the object reference is to a container 485 within a pod, this would take on a value like: "spec.containers{name}" 486 (where "name" refers to the name of the container that 487 triggered the event) or if no container name is specified 488 "spec.containers[2]" (container with index 2 in this 489 pod). This syntax is chosen only to have some well-defined 490 way of referencing a part of an object. TODO: this design 491 is not final and this field is subject to change in 492 the future.' 493 type: string 494 kind: 495 description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 496 type: string 497 name: 498 description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' 499 type: string 500 namespace: 501 description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' 502 type: string 503 resourceVersion: 504 description: 'Specific resourceVersion to which this reference 505 is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' 506 type: string 507 uid: 508 description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' 509 type: string 510 type: object 511 x-kubernetes-map-type: atomic 512 location: 513 type: string 514 networkSpec: 515 description: NetworkSpec encapsulates all things related to 516 Azure network. 517 properties: 518 apiServerLB: 519 description: APIServerLB is the configuration for the 520 control-plane load balancer. 521 properties: 522 idleTimeoutInMinutes: 523 description: IdleTimeoutInMinutes specifies the timeout 524 for the TCP idle connection. 525 format: int32 526 type: integer 527 sku: 528 description: SKU defines an Azure load balancer SKU. 529 type: string 530 type: 531 description: LBType defines an Azure load balancer 532 Type. 533 type: string 534 type: object 535 controlPlaneOutboundLB: 536 description: ControlPlaneOutboundLB is the configuration 537 for the control-plane outbound load balancer. This is 538 different from APIServerLB, and is used only in private 539 clusters (optionally) for enabling outbound traffic. 540 properties: 541 idleTimeoutInMinutes: 542 description: IdleTimeoutInMinutes specifies the timeout 543 for the TCP idle connection. 544 format: int32 545 type: integer 546 sku: 547 description: SKU defines an Azure load balancer SKU. 548 type: string 549 type: 550 description: LBType defines an Azure load balancer 551 Type. 552 type: string 553 type: object 554 nodeOutboundLB: 555 description: NodeOutboundLB is the configuration for the 556 node outbound load balancer. 557 properties: 558 idleTimeoutInMinutes: 559 description: IdleTimeoutInMinutes specifies the timeout 560 for the TCP idle connection. 561 format: int32 562 type: integer 563 sku: 564 description: SKU defines an Azure load balancer SKU. 565 type: string 566 type: 567 description: LBType defines an Azure load balancer 568 Type. 569 type: string 570 type: object 571 privateDNSZoneName: 572 description: PrivateDNSZoneName defines the zone name 573 for the Azure Private DNS. 574 type: string 575 subnets: 576 description: Subnets is the configuration for the control-plane 577 subnet and the node subnet. 578 items: 579 description: SubnetTemplateSpec specifies a template 580 for a subnet. 581 properties: 582 cidrBlocks: 583 description: CIDRBlocks defines the subnet's address 584 space, specified as one or more address prefixes 585 in CIDR notation. 586 items: 587 type: string 588 type: array 589 name: 590 description: Name defines a name for the subnet 591 resource. 592 type: string 593 natGateway: 594 description: NatGateway associated with this subnet. 595 properties: 596 name: 597 type: string 598 required: 599 - name 600 type: object 601 privateEndpoints: 602 description: PrivateEndpoints defines a list of 603 private endpoints that should be attached to this 604 subnet. 605 items: 606 description: PrivateEndpointSpec configures an 607 Azure Private Endpoint. 608 properties: 609 applicationSecurityGroups: 610 description: ApplicationSecurityGroups specifies 611 the Application security group in which 612 the private endpoint IP configuration is 613 included. 614 items: 615 type: string 616 type: array 617 customNetworkInterfaceName: 618 description: CustomNetworkInterfaceName specifies 619 the network interface name associated with 620 the private endpoint. 621 type: string 622 location: 623 description: Location specifies the region 624 to create the private endpoint. 625 type: string 626 manualApproval: 627 description: ManualApproval specifies if the 628 connection approval needs to be done manually 629 or not. Set it true when the network admin 630 does not have access to approve connections 631 to the remote resource. Defaults to false. 632 type: boolean 633 name: 634 description: Name specifies the name of the 635 private endpoint. 636 type: string 637 privateIPAddresses: 638 description: PrivateIPAddresses specifies 639 the IP addresses for the network interface 640 associated with the private endpoint. They 641 have to be part of the subnet where the 642 private endpoint is linked. 643 items: 644 type: string 645 type: array 646 privateLinkServiceConnections: 647 description: PrivateLinkServiceConnections 648 specifies Private Link Service Connections 649 of the private endpoint. 650 items: 651 description: PrivateLinkServiceConnection 652 defines the specification for a private 653 link service connection associated with 654 a private endpoint. 655 properties: 656 groupIDs: 657 description: GroupIDs specifies the 658 ID(s) of the group(s) obtained from 659 the remote resource that this private 660 endpoint should connect to. 661 items: 662 type: string 663 type: array 664 name: 665 description: Name specifies the name 666 of the private link service. 667 type: string 668 privateLinkServiceID: 669 description: PrivateLinkServiceID specifies 670 the resource ID of the private link 671 service. 672 type: string 673 requestMessage: 674 description: RequestMessage specifies 675 a message passed to the owner of the 676 remote resource with the private endpoint 677 connection request. 678 maxLength: 140 679 type: string 680 type: object 681 type: array 682 required: 683 - name 684 type: object 685 type: array 686 x-kubernetes-list-map-keys: 687 - name 688 x-kubernetes-list-type: map 689 role: 690 description: Role defines the subnet role (eg. Node, 691 ControlPlane) 692 enum: 693 - node 694 - control-plane 695 - bastion 696 - all 697 type: string 698 securityGroup: 699 description: SecurityGroup defines the NSG (network 700 security group) that should be attached to this 701 subnet. 702 properties: 703 securityRules: 704 description: SecurityRules is a slice of Azure 705 security rules for security groups. 706 items: 707 description: SecurityRule defines an Azure 708 security rule for security groups. 709 properties: 710 action: 711 default: Allow 712 description: Action specifies whether 713 network traffic is allowed or denied. 714 Can either be "Allow" or "Deny". Defaults 715 to "Allow". 716 enum: 717 - Allow 718 - Deny 719 type: string 720 description: 721 description: A description for this rule. 722 Restricted to 140 chars. 723 type: string 724 destination: 725 description: Destination is the destination 726 address prefix. CIDR or destination 727 IP range. Asterix '*' can also be used 728 to match all source IPs. Default tags 729 such as 'VirtualNetwork', 'AzureLoadBalancer' 730 and 'Internet' can also be used. 731 type: string 732 destinationPorts: 733 description: DestinationPorts specifies 734 the destination port or range. Integer 735 or range between 0 and 65535. Asterix 736 '*' can also be used to match all ports. 737 type: string 738 direction: 739 description: Direction indicates whether 740 the rule applies to inbound, or outbound 741 traffic. "Inbound" or "Outbound". 742 enum: 743 - Inbound 744 - Outbound 745 type: string 746 name: 747 description: Name is a unique name within 748 the network security group. 749 type: string 750 priority: 751 description: Priority is a number between 752 100 and 4096. Each rule should have 753 a unique value for priority. Rules are 754 processed in priority order, with lower 755 numbers processed before higher numbers. 756 Once traffic matches a rule, processing 757 stops. 758 format: int32 759 type: integer 760 protocol: 761 description: Protocol specifies the protocol 762 type. "Tcp", "Udp", "Icmp", or "*". 763 enum: 764 - Tcp 765 - Udp 766 - Icmp 767 - '*' 768 type: string 769 source: 770 description: Source specifies the CIDR 771 or source IP range. Asterix '*' can 772 also be used to match all source IPs. 773 Default tags such as 'VirtualNetwork', 774 'AzureLoadBalancer' and 'Internet' can 775 also be used. If this is an ingress 776 rule, specifies where network traffic 777 originates from. 778 type: string 779 sourcePorts: 780 description: SourcePorts specifies source 781 port or range. Integer or range between 782 0 and 65535. Asterix '*' can also be 783 used to match all ports. 784 type: string 785 sources: 786 description: Sources specifies The CIDR 787 or source IP ranges. 788 items: 789 type: string 790 type: array 791 required: 792 - description 793 - direction 794 - name 795 - protocol 796 type: object 797 type: array 798 x-kubernetes-list-map-keys: 799 - name 800 x-kubernetes-list-type: map 801 tags: 802 additionalProperties: 803 type: string 804 description: Tags defines a map of tags. 805 type: object 806 type: object 807 serviceEndpoints: 808 description: ServiceEndpoints is a slice of Virtual 809 Network service endpoints to enable for the subnets. 810 items: 811 description: ServiceEndpointSpec configures an 812 Azure Service Endpoint. 813 properties: 814 locations: 815 items: 816 type: string 817 type: array 818 service: 819 type: string 820 required: 821 - locations 822 - service 823 type: object 824 type: array 825 x-kubernetes-list-map-keys: 826 - service 827 x-kubernetes-list-type: map 828 required: 829 - name 830 - role 831 type: object 832 type: array 833 x-kubernetes-list-map-keys: 834 - name 835 x-kubernetes-list-type: map 836 vnet: 837 description: Vnet is the configuration for the Azure virtual 838 network. 839 properties: 840 cidrBlocks: 841 description: CIDRBlocks defines the virtual network's 842 address space, specified as one or more address 843 prefixes in CIDR notation. 844 items: 845 type: string 846 type: array 847 peerings: 848 description: Peerings defines a list of peerings of 849 the newly created virtual network with existing 850 virtual networks. 851 items: 852 description: VnetPeeringClassSpec specifies a virtual 853 network peering class. 854 properties: 855 forwardPeeringProperties: 856 description: ForwardPeeringProperties specifies 857 VnetPeeringProperties for peering from the 858 cluster's virtual network to the remote virtual 859 network. 860 properties: 861 allowForwardedTraffic: 862 description: AllowForwardedTraffic specifies 863 whether the forwarded traffic from the 864 VMs in the local virtual network will 865 be allowed/disallowed in remote virtual 866 network. 867 type: boolean 868 allowGatewayTransit: 869 description: AllowGatewayTransit specifies 870 if gateway links can be used in remote 871 virtual networking to link to this virtual 872 network. 873 type: boolean 874 allowVirtualNetworkAccess: 875 description: AllowVirtualNetworkAccess specifies 876 whether the VMs in the local virtual network 877 space would be able to access the VMs 878 in remote virtual network space. 879 type: boolean 880 useRemoteGateways: 881 description: UseRemoteGateways specifies 882 if remote gateways can be used on this 883 virtual network. If the flag is set to 884 true, and allowGatewayTransit on remote 885 peering is also set to true, the virtual 886 network will use the gateways of the remote 887 virtual network for transit. Only one 888 peering can have this flag set to true. 889 This flag cannot be set if virtual network 890 already has a gateway. 891 type: boolean 892 type: object 893 remoteVnetName: 894 description: RemoteVnetName defines name of 895 the remote virtual network. 896 type: string 897 resourceGroup: 898 description: ResourceGroup is the resource group 899 name of the remote virtual network. 900 type: string 901 reversePeeringProperties: 902 description: ReversePeeringProperties specifies 903 VnetPeeringProperties for peering from the 904 remote virtual network to the cluster's virtual 905 network. 906 properties: 907 allowForwardedTraffic: 908 description: AllowForwardedTraffic specifies 909 whether the forwarded traffic from the 910 VMs in the local virtual network will 911 be allowed/disallowed in remote virtual 912 network. 913 type: boolean 914 allowGatewayTransit: 915 description: AllowGatewayTransit specifies 916 if gateway links can be used in remote 917 virtual networking to link to this virtual 918 network. 919 type: boolean 920 allowVirtualNetworkAccess: 921 description: AllowVirtualNetworkAccess specifies 922 whether the VMs in the local virtual network 923 space would be able to access the VMs 924 in remote virtual network space. 925 type: boolean 926 useRemoteGateways: 927 description: UseRemoteGateways specifies 928 if remote gateways can be used on this 929 virtual network. If the flag is set to 930 true, and allowGatewayTransit on remote 931 peering is also set to true, the virtual 932 network will use the gateways of the remote 933 virtual network for transit. Only one 934 peering can have this flag set to true. 935 This flag cannot be set if virtual network 936 already has a gateway. 937 type: boolean 938 type: object 939 required: 940 - remoteVnetName 941 type: object 942 type: array 943 tags: 944 additionalProperties: 945 type: string 946 description: Tags is a collection of tags describing 947 the resource. 948 type: object 949 type: object 950 type: object 951 subscriptionID: 952 type: string 953 required: 954 - location 955 type: object 956 required: 957 - spec 958 type: object 959 required: 960 - template 961 type: object 962 type: object 963 served: true 964 storage: true