sigs.k8s.io/cluster-api-provider-azure@v1.17.0/config/crd/bases/infrastructure.cluster.x-k8s.io_azureclustertemplates.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.15.0 7 name: azureclustertemplates.infrastructure.cluster.x-k8s.io 8 spec: 9 group: infrastructure.cluster.x-k8s.io 10 names: 11 categories: 12 - cluster-api 13 kind: AzureClusterTemplate 14 listKind: AzureClusterTemplateList 15 plural: azureclustertemplates 16 singular: azureclustertemplate 17 scope: Namespaced 18 versions: 19 - name: v1beta1 20 schema: 21 openAPIV3Schema: 22 description: AzureClusterTemplate is the Schema for the azureclustertemplates 23 API. 24 properties: 25 apiVersion: 26 description: |- 27 APIVersion defines the versioned schema of this representation of an object. 28 Servers should convert recognized schemas to the latest internal value, and 29 may reject unrecognized values. 30 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 31 type: string 32 kind: 33 description: |- 34 Kind is a string value representing the REST resource this object represents. 35 Servers may infer this from the endpoint the client submits requests to. 36 Cannot be updated. 37 In CamelCase. 38 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 39 type: string 40 metadata: 41 type: object 42 spec: 43 description: AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate. 44 properties: 45 template: 46 description: AzureClusterTemplateResource describes the data needed 47 to create an AzureCluster from a template. 48 properties: 49 spec: 50 description: AzureClusterTemplateResourceSpec specifies an Azure 51 cluster template resource. 52 properties: 53 additionalTags: 54 additionalProperties: 55 type: string 56 description: |- 57 AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the 58 ones added by default. 59 type: object 60 azureEnvironment: 61 description: |- 62 AzureEnvironment is the name of the AzureCloud to be used. 63 The default value that would be used by most users is "AzurePublicCloud", other values are: 64 - ChinaCloud: "AzureChinaCloud" 65 - GermanCloud: "AzureGermanCloud" 66 - PublicCloud: "AzurePublicCloud" 67 - USGovernmentCloud: "AzureUSGovernmentCloud" 68 69 70 Note that values other than the default must also be accompanied by corresponding changes to the 71 aso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does 72 not support referring to multiple different clouds in a single installation. The following fields must 73 be defined in the Secret: 74 - AZURE_AUTHORITY_HOST 75 - AZURE_RESOURCE_MANAGER_ENDPOINT 76 - AZURE_RESOURCE_MANAGER_AUDIENCE 77 78 79 See the [ASO docs] for more details. 80 81 82 [ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/ 83 type: string 84 bastionSpec: 85 description: BastionSpec encapsulates all things related to 86 the Bastions in the cluster. 87 properties: 88 azureBastion: 89 description: AzureBastionTemplateSpec specifies a template 90 for an Azure Bastion host. 91 properties: 92 subnet: 93 description: SubnetTemplateSpec specifies a template 94 for a subnet. 95 properties: 96 cidrBlocks: 97 description: CIDRBlocks defines the subnet's address 98 space, specified as one or more address prefixes 99 in CIDR notation. 100 items: 101 type: string 102 type: array 103 name: 104 description: Name defines a name for the subnet 105 resource. 106 type: string 107 natGateway: 108 description: NatGateway associated with this subnet. 109 properties: 110 name: 111 type: string 112 required: 113 - name 114 type: object 115 privateEndpoints: 116 description: PrivateEndpoints defines a list of 117 private endpoints that should be attached to 118 this subnet. 119 items: 120 description: PrivateEndpointSpec configures 121 an Azure Private Endpoint. 122 properties: 123 applicationSecurityGroups: 124 description: ApplicationSecurityGroups specifies 125 the Application security group in which 126 the private endpoint IP configuration 127 is included. 128 items: 129 type: string 130 type: array 131 customNetworkInterfaceName: 132 description: CustomNetworkInterfaceName 133 specifies the network interface name associated 134 with the private endpoint. 135 type: string 136 location: 137 description: Location specifies the region 138 to create the private endpoint. 139 type: string 140 manualApproval: 141 description: |- 142 ManualApproval specifies if the connection approval needs to be done manually or not. 143 Set it true when the network admin does not have access to approve connections to the remote resource. 144 Defaults to false. 145 type: boolean 146 name: 147 description: Name specifies the name of 148 the private endpoint. 149 type: string 150 privateIPAddresses: 151 description: |- 152 PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. 153 They have to be part of the subnet where the private endpoint is linked. 154 items: 155 type: string 156 type: array 157 privateLinkServiceConnections: 158 description: PrivateLinkServiceConnections 159 specifies Private Link Service Connections 160 of the private endpoint. 161 items: 162 description: PrivateLinkServiceConnection 163 defines the specification for a private 164 link service connection associated with 165 a private endpoint. 166 properties: 167 groupIDs: 168 description: GroupIDs specifies the 169 ID(s) of the group(s) obtained from 170 the remote resource that this private 171 endpoint should connect to. 172 items: 173 type: string 174 type: array 175 name: 176 description: Name specifies the name 177 of the private link service. 178 type: string 179 privateLinkServiceID: 180 description: PrivateLinkServiceID 181 specifies the resource ID of the 182 private link service. 183 type: string 184 requestMessage: 185 description: RequestMessage specifies 186 a message passed to the owner of 187 the remote resource with the private 188 endpoint connection request. 189 maxLength: 140 190 type: string 191 type: object 192 type: array 193 required: 194 - name 195 type: object 196 type: array 197 x-kubernetes-list-map-keys: 198 - name 199 x-kubernetes-list-type: map 200 role: 201 description: Role defines the subnet role (eg. 202 Node, ControlPlane) 203 enum: 204 - node 205 - control-plane 206 - bastion 207 - cluster 208 type: string 209 securityGroup: 210 description: SecurityGroup defines the NSG (network 211 security group) that should be attached to this 212 subnet. 213 properties: 214 securityRules: 215 description: SecurityRules is a slice of Azure 216 security rules for security groups. 217 items: 218 description: SecurityRule defines an Azure 219 security rule for security groups. 220 properties: 221 action: 222 default: Allow 223 description: Action specifies whether 224 network traffic is allowed or denied. 225 Can either be "Allow" or "Deny". Defaults 226 to "Allow". 227 enum: 228 - Allow 229 - Deny 230 type: string 231 description: 232 description: A description for this 233 rule. Restricted to 140 chars. 234 type: string 235 destination: 236 description: Destination is the destination 237 address prefix. CIDR or destination 238 IP range. Asterix '*' can also be 239 used to match all source IPs. Default 240 tags such as 'VirtualNetwork', 'AzureLoadBalancer' 241 and 'Internet' can also be used. 242 type: string 243 destinationPorts: 244 description: DestinationPorts specifies 245 the destination port or range. Integer 246 or range between 0 and 65535. Asterix 247 '*' can also be used to match all 248 ports. 249 type: string 250 direction: 251 description: Direction indicates whether 252 the rule applies to inbound, or outbound 253 traffic. "Inbound" or "Outbound". 254 enum: 255 - Inbound 256 - Outbound 257 type: string 258 name: 259 description: Name is a unique name within 260 the network security group. 261 type: string 262 priority: 263 description: Priority is a number between 264 100 and 4096. Each rule should have 265 a unique value for priority. Rules 266 are processed in priority order, with 267 lower numbers processed before higher 268 numbers. Once traffic matches a rule, 269 processing stops. 270 format: int32 271 type: integer 272 protocol: 273 description: Protocol specifies the 274 protocol type. "Tcp", "Udp", "Icmp", 275 or "*". 276 enum: 277 - Tcp 278 - Udp 279 - Icmp 280 - '*' 281 type: string 282 source: 283 description: Source specifies the CIDR 284 or source IP range. Asterix '*' can 285 also be used to match all source IPs. 286 Default tags such as 'VirtualNetwork', 287 'AzureLoadBalancer' and 'Internet' 288 can also be used. If this is an ingress 289 rule, specifies where network traffic 290 originates from. 291 type: string 292 sourcePorts: 293 description: SourcePorts specifies source 294 port or range. Integer or range between 295 0 and 65535. Asterix '*' can also 296 be used to match all ports. 297 type: string 298 sources: 299 description: Sources specifies The CIDR 300 or source IP ranges. 301 items: 302 type: string 303 type: array 304 required: 305 - description 306 - direction 307 - name 308 - protocol 309 type: object 310 type: array 311 x-kubernetes-list-map-keys: 312 - name 313 x-kubernetes-list-type: map 314 tags: 315 additionalProperties: 316 type: string 317 description: Tags defines a map of tags. 318 type: object 319 type: object 320 serviceEndpoints: 321 description: ServiceEndpoints is a slice of Virtual 322 Network service endpoints to enable for the 323 subnets. 324 items: 325 description: ServiceEndpointSpec configures 326 an Azure Service Endpoint. 327 properties: 328 locations: 329 items: 330 type: string 331 type: array 332 service: 333 type: string 334 required: 335 - locations 336 - service 337 type: object 338 type: array 339 x-kubernetes-list-map-keys: 340 - service 341 x-kubernetes-list-type: map 342 required: 343 - name 344 - role 345 type: object 346 type: object 347 type: object 348 cloudProviderConfigOverrides: 349 description: |- 350 CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config. 351 This is only a subset of options that are available in azure cloud provider config. 352 Some values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides. 353 See: https://cloud-provider-azure.sigs.k8s.io/install/configs 354 Note: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider. 355 properties: 356 backOffs: 357 description: BackOffConfig indicates the back-off config 358 options. 359 properties: 360 cloudProviderBackoff: 361 type: boolean 362 cloudProviderBackoffDuration: 363 type: integer 364 cloudProviderBackoffExponent: 365 anyOf: 366 - type: integer 367 - type: string 368 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 369 x-kubernetes-int-or-string: true 370 cloudProviderBackoffJitter: 371 anyOf: 372 - type: integer 373 - type: string 374 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 375 x-kubernetes-int-or-string: true 376 cloudProviderBackoffRetries: 377 type: integer 378 type: object 379 rateLimits: 380 items: 381 description: |- 382 RateLimitSpec represents the rate limit configuration for a particular kind of resource. 383 Eg. loadBalancerRateLimit is used to configure rate limits for load balancers. 384 This eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects. 385 See: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25 386 We cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools. 387 See: https://github.com/kubernetes-sigs/controller-tools/issues/245 388 properties: 389 config: 390 description: RateLimitConfig indicates the rate 391 limit config options. 392 properties: 393 cloudProviderRateLimit: 394 type: boolean 395 cloudProviderRateLimitBucket: 396 type: integer 397 cloudProviderRateLimitBucketWrite: 398 type: integer 399 cloudProviderRateLimitQPS: 400 anyOf: 401 - type: integer 402 - type: string 403 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 404 x-kubernetes-int-or-string: true 405 cloudProviderRateLimitQPSWrite: 406 anyOf: 407 - type: integer 408 - type: string 409 pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 410 x-kubernetes-int-or-string: true 411 type: object 412 name: 413 description: Name is the name of the rate limit 414 spec. 415 enum: 416 - defaultRateLimit 417 - routeRateLimit 418 - subnetsRateLimit 419 - interfaceRateLimit 420 - routeTableRateLimit 421 - loadBalancerRateLimit 422 - publicIPAddressRateLimit 423 - securityGroupRateLimit 424 - virtualMachineRateLimit 425 - storageAccountRateLimit 426 - diskRateLimit 427 - snapshotRateLimit 428 - virtualMachineScaleSetRateLimit 429 - virtualMachineSizesRateLimit 430 - availabilitySetRateLimit 431 type: string 432 required: 433 - name 434 type: object 435 type: array 436 type: object 437 extendedLocation: 438 description: ExtendedLocation is an optional set of ExtendedLocation 439 properties for clusters on Azure public MEC. 440 properties: 441 name: 442 description: Name defines the name for the extended location. 443 type: string 444 type: 445 description: Type defines the type for the extended location. 446 enum: 447 - EdgeZone 448 type: string 449 required: 450 - name 451 - type 452 type: object 453 failureDomains: 454 additionalProperties: 455 description: |- 456 FailureDomainSpec is the Schema for Cluster API failure domains. 457 It allows controllers to understand how many failure domains a cluster can optionally span across. 458 properties: 459 attributes: 460 additionalProperties: 461 type: string 462 description: Attributes is a free form map of attributes 463 an infrastructure provider might use or require. 464 type: object 465 controlPlane: 466 description: ControlPlane determines if this failure 467 domain is suitable for use by control plane machines. 468 type: boolean 469 type: object 470 description: |- 471 FailureDomains is a list of failure domains in the cluster's region, used to restrict 472 eligibility to host the control plane. A FailureDomain maps to an availability zone, 473 which is a separated group of datacenters within a region. 474 See: https://learn.microsoft.com/azure/reliability/availability-zones-overview 475 type: object 476 identityRef: 477 description: IdentityRef is a reference to an AzureIdentity 478 to be used when reconciling this cluster 479 properties: 480 apiVersion: 481 description: API version of the referent. 482 type: string 483 fieldPath: 484 description: |- 485 If referring to a piece of an object instead of an entire object, this string 486 should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. 487 For example, if the object reference is to a container within a pod, this would take on a value like: 488 "spec.containers{name}" (where "name" refers to the name of the container that triggered 489 the event) or if no container name is specified "spec.containers[2]" (container with 490 index 2 in this pod). This syntax is chosen only to have some well-defined way of 491 referencing a part of an object. 492 TODO: this design is not final and this field is subject to change in the future. 493 type: string 494 kind: 495 description: |- 496 Kind of the referent. 497 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 498 type: string 499 name: 500 description: |- 501 Name of the referent. 502 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 503 type: string 504 namespace: 505 description: |- 506 Namespace of the referent. 507 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ 508 type: string 509 resourceVersion: 510 description: |- 511 Specific resourceVersion to which this reference is made, if any. 512 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency 513 type: string 514 uid: 515 description: |- 516 UID of the referent. 517 More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids 518 type: string 519 type: object 520 x-kubernetes-map-type: atomic 521 location: 522 type: string 523 networkSpec: 524 description: NetworkSpec encapsulates all things related to 525 Azure network. 526 properties: 527 apiServerLB: 528 description: APIServerLB is the configuration for the 529 control-plane load balancer. 530 properties: 531 idleTimeoutInMinutes: 532 description: IdleTimeoutInMinutes specifies the timeout 533 for the TCP idle connection. 534 format: int32 535 type: integer 536 sku: 537 description: SKU defines an Azure load balancer SKU. 538 type: string 539 type: 540 description: LBType defines an Azure load balancer 541 Type. 542 type: string 543 type: object 544 controlPlaneOutboundLB: 545 description: |- 546 ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer. 547 This is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic. 548 properties: 549 idleTimeoutInMinutes: 550 description: IdleTimeoutInMinutes specifies the timeout 551 for the TCP idle connection. 552 format: int32 553 type: integer 554 sku: 555 description: SKU defines an Azure load balancer SKU. 556 type: string 557 type: 558 description: LBType defines an Azure load balancer 559 Type. 560 type: string 561 type: object 562 nodeOutboundLB: 563 description: NodeOutboundLB is the configuration for the 564 node outbound load balancer. 565 properties: 566 idleTimeoutInMinutes: 567 description: IdleTimeoutInMinutes specifies the timeout 568 for the TCP idle connection. 569 format: int32 570 type: integer 571 sku: 572 description: SKU defines an Azure load balancer SKU. 573 type: string 574 type: 575 description: LBType defines an Azure load balancer 576 Type. 577 type: string 578 type: object 579 privateDNSZoneName: 580 description: PrivateDNSZoneName defines the zone name 581 for the Azure Private DNS. 582 type: string 583 subnets: 584 description: Subnets is the configuration for the control-plane 585 subnet and the node subnet. 586 items: 587 description: SubnetTemplateSpec specifies a template 588 for a subnet. 589 properties: 590 cidrBlocks: 591 description: CIDRBlocks defines the subnet's address 592 space, specified as one or more address prefixes 593 in CIDR notation. 594 items: 595 type: string 596 type: array 597 name: 598 description: Name defines a name for the subnet 599 resource. 600 type: string 601 natGateway: 602 description: NatGateway associated with this subnet. 603 properties: 604 name: 605 type: string 606 required: 607 - name 608 type: object 609 privateEndpoints: 610 description: PrivateEndpoints defines a list of 611 private endpoints that should be attached to this 612 subnet. 613 items: 614 description: PrivateEndpointSpec configures an 615 Azure Private Endpoint. 616 properties: 617 applicationSecurityGroups: 618 description: ApplicationSecurityGroups specifies 619 the Application security group in which 620 the private endpoint IP configuration is 621 included. 622 items: 623 type: string 624 type: array 625 customNetworkInterfaceName: 626 description: CustomNetworkInterfaceName specifies 627 the network interface name associated with 628 the private endpoint. 629 type: string 630 location: 631 description: Location specifies the region 632 to create the private endpoint. 633 type: string 634 manualApproval: 635 description: |- 636 ManualApproval specifies if the connection approval needs to be done manually or not. 637 Set it true when the network admin does not have access to approve connections to the remote resource. 638 Defaults to false. 639 type: boolean 640 name: 641 description: Name specifies the name of the 642 private endpoint. 643 type: string 644 privateIPAddresses: 645 description: |- 646 PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint. 647 They have to be part of the subnet where the private endpoint is linked. 648 items: 649 type: string 650 type: array 651 privateLinkServiceConnections: 652 description: PrivateLinkServiceConnections 653 specifies Private Link Service Connections 654 of the private endpoint. 655 items: 656 description: PrivateLinkServiceConnection 657 defines the specification for a private 658 link service connection associated with 659 a private endpoint. 660 properties: 661 groupIDs: 662 description: GroupIDs specifies the 663 ID(s) of the group(s) obtained from 664 the remote resource that this private 665 endpoint should connect to. 666 items: 667 type: string 668 type: array 669 name: 670 description: Name specifies the name 671 of the private link service. 672 type: string 673 privateLinkServiceID: 674 description: PrivateLinkServiceID specifies 675 the resource ID of the private link 676 service. 677 type: string 678 requestMessage: 679 description: RequestMessage specifies 680 a message passed to the owner of the 681 remote resource with the private endpoint 682 connection request. 683 maxLength: 140 684 type: string 685 type: object 686 type: array 687 required: 688 - name 689 type: object 690 type: array 691 x-kubernetes-list-map-keys: 692 - name 693 x-kubernetes-list-type: map 694 role: 695 description: Role defines the subnet role (eg. Node, 696 ControlPlane) 697 enum: 698 - node 699 - control-plane 700 - bastion 701 - cluster 702 type: string 703 securityGroup: 704 description: SecurityGroup defines the NSG (network 705 security group) that should be attached to this 706 subnet. 707 properties: 708 securityRules: 709 description: SecurityRules is a slice of Azure 710 security rules for security groups. 711 items: 712 description: SecurityRule defines an Azure 713 security rule for security groups. 714 properties: 715 action: 716 default: Allow 717 description: Action specifies whether 718 network traffic is allowed or denied. 719 Can either be "Allow" or "Deny". Defaults 720 to "Allow". 721 enum: 722 - Allow 723 - Deny 724 type: string 725 description: 726 description: A description for this rule. 727 Restricted to 140 chars. 728 type: string 729 destination: 730 description: Destination is the destination 731 address prefix. CIDR or destination 732 IP range. Asterix '*' can also be used 733 to match all source IPs. Default tags 734 such as 'VirtualNetwork', 'AzureLoadBalancer' 735 and 'Internet' can also be used. 736 type: string 737 destinationPorts: 738 description: DestinationPorts specifies 739 the destination port or range. Integer 740 or range between 0 and 65535. Asterix 741 '*' can also be used to match all ports. 742 type: string 743 direction: 744 description: Direction indicates whether 745 the rule applies to inbound, or outbound 746 traffic. "Inbound" or "Outbound". 747 enum: 748 - Inbound 749 - Outbound 750 type: string 751 name: 752 description: Name is a unique name within 753 the network security group. 754 type: string 755 priority: 756 description: Priority is a number between 757 100 and 4096. Each rule should have 758 a unique value for priority. Rules are 759 processed in priority order, with lower 760 numbers processed before higher numbers. 761 Once traffic matches a rule, processing 762 stops. 763 format: int32 764 type: integer 765 protocol: 766 description: Protocol specifies the protocol 767 type. "Tcp", "Udp", "Icmp", or "*". 768 enum: 769 - Tcp 770 - Udp 771 - Icmp 772 - '*' 773 type: string 774 source: 775 description: Source specifies the CIDR 776 or source IP range. Asterix '*' can 777 also be used to match all source IPs. 778 Default tags such as 'VirtualNetwork', 779 'AzureLoadBalancer' and 'Internet' can 780 also be used. If this is an ingress 781 rule, specifies where network traffic 782 originates from. 783 type: string 784 sourcePorts: 785 description: SourcePorts specifies source 786 port or range. Integer or range between 787 0 and 65535. Asterix '*' can also be 788 used to match all ports. 789 type: string 790 sources: 791 description: Sources specifies The CIDR 792 or source IP ranges. 793 items: 794 type: string 795 type: array 796 required: 797 - description 798 - direction 799 - name 800 - protocol 801 type: object 802 type: array 803 x-kubernetes-list-map-keys: 804 - name 805 x-kubernetes-list-type: map 806 tags: 807 additionalProperties: 808 type: string 809 description: Tags defines a map of tags. 810 type: object 811 type: object 812 serviceEndpoints: 813 description: ServiceEndpoints is a slice of Virtual 814 Network service endpoints to enable for the subnets. 815 items: 816 description: ServiceEndpointSpec configures an 817 Azure Service Endpoint. 818 properties: 819 locations: 820 items: 821 type: string 822 type: array 823 service: 824 type: string 825 required: 826 - locations 827 - service 828 type: object 829 type: array 830 x-kubernetes-list-map-keys: 831 - service 832 x-kubernetes-list-type: map 833 required: 834 - name 835 - role 836 type: object 837 type: array 838 x-kubernetes-list-map-keys: 839 - name 840 x-kubernetes-list-type: map 841 vnet: 842 description: Vnet is the configuration for the Azure virtual 843 network. 844 properties: 845 cidrBlocks: 846 description: CIDRBlocks defines the virtual network's 847 address space, specified as one or more address 848 prefixes in CIDR notation. 849 items: 850 type: string 851 type: array 852 peerings: 853 description: Peerings defines a list of peerings of 854 the newly created virtual network with existing 855 virtual networks. 856 items: 857 description: VnetPeeringClassSpec specifies a virtual 858 network peering class. 859 properties: 860 forwardPeeringProperties: 861 description: |- 862 ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the 863 remote virtual network. 864 properties: 865 allowForwardedTraffic: 866 description: |- 867 AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be 868 allowed/disallowed in remote virtual network. 869 type: boolean 870 allowGatewayTransit: 871 description: |- 872 AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual 873 network. 874 type: boolean 875 allowVirtualNetworkAccess: 876 description: |- 877 AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access 878 the VMs in remote virtual network space. 879 type: boolean 880 useRemoteGateways: 881 description: |- 882 UseRemoteGateways specifies if remote gateways can be used on this virtual network. 883 If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network 884 will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. 885 This flag cannot be set if virtual network already has a gateway. 886 type: boolean 887 type: object 888 remoteVnetName: 889 description: RemoteVnetName defines name of 890 the remote virtual network. 891 type: string 892 resourceGroup: 893 description: ResourceGroup is the resource group 894 name of the remote virtual network. 895 type: string 896 reversePeeringProperties: 897 description: |- 898 ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the 899 cluster's virtual network. 900 properties: 901 allowForwardedTraffic: 902 description: |- 903 AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be 904 allowed/disallowed in remote virtual network. 905 type: boolean 906 allowGatewayTransit: 907 description: |- 908 AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual 909 network. 910 type: boolean 911 allowVirtualNetworkAccess: 912 description: |- 913 AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access 914 the VMs in remote virtual network space. 915 type: boolean 916 useRemoteGateways: 917 description: |- 918 UseRemoteGateways specifies if remote gateways can be used on this virtual network. 919 If the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network 920 will use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true. 921 This flag cannot be set if virtual network already has a gateway. 922 type: boolean 923 type: object 924 required: 925 - remoteVnetName 926 type: object 927 type: array 928 tags: 929 additionalProperties: 930 type: string 931 description: Tags is a collection of tags describing 932 the resource. 933 type: object 934 type: object 935 type: object 936 subscriptionID: 937 type: string 938 required: 939 - location 940 type: object 941 required: 942 - spec 943 type: object 944 required: 945 - template 946 type: object 947 type: object 948 served: true 949 storage: true