KubernetesCluster

Manages a Managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service)

Create a KubernetesCluster Resource

new KubernetesCluster(name: string, args: KubernetesClusterArgs, opts?: CustomResourceOptions);

def KubernetesCluster(resource_name, opts=None, addon_profile=None, api_server_authorized_ip_ranges=None, auto_scaler_profile=None, default_node_pool=None, disk_encryption_set_id=None, dns_prefix=None, enable_pod_security_policy=None, identity=None, kubernetes_version=None, linux_profile=None, location=None, name=None, network_profile=None, node_resource_group=None, private_cluster_enabled=None, private_link_enabled=None, resource_group_name=None, role_based_access_control=None, service_principal=None, sku_tier=None, tags=None, windows_profile=None, __props__=None);

func NewKubernetesCluster(ctx *Context, name string, args KubernetesClusterArgs, opts ...ResourceOption) (*KubernetesCluster, error)

public KubernetesCluster(string name, KubernetesClusterArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KubernetesClusterArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

KubernetesCluster Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The KubernetesCluster resource accepts the following input properties:

DefaultNodePool KubernetesClusterDefaultNodePoolArgs: A default_node_pool block as defined below.
DnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
ResourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
AddonProfile KubernetesClusterAddonProfileArgs: A addon_profile block as defined below.
ApiServerAuthorizedIpRanges List<string>: The IP ranges to whitelist for incoming traffic to the masters.
AutoScalerProfile KubernetesClusterAutoScalerProfileArgs: A auto_scaler_profile block as defined below.
DiskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
EnablePodSecurityPolicy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
Identity KubernetesClusterIdentityArgs: A identity block as defined below. Changing this forces a new resource to be created.
KubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
LinuxProfile KubernetesClusterLinuxProfileArgs: A linux_profile block as defined below.
Location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
Name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
NetworkProfile KubernetesClusterNetworkProfileArgs: A network_profile block as defined below.
NodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
PrivateClusterEnabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
PrivateLinkEnabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
RoleBasedAccessControl KubernetesClusterRoleBasedAccessControlArgs: A role_based_access_control block. Changing this forces a new resource to be created.
ServicePrincipal KubernetesClusterServicePrincipalArgs: A service_principal block as documented below.
SkuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
WindowsProfile KubernetesClusterWindowsProfileArgs: A windows_profile block as defined below.

DefaultNodePool KubernetesClusterDefaultNodePool: A default_node_pool block as defined below.
DnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
ResourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
AddonProfile KubernetesClusterAddonProfile: A addon_profile block as defined below.
ApiServerAuthorizedIpRanges []string: The IP ranges to whitelist for incoming traffic to the masters.
AutoScalerProfile KubernetesClusterAutoScalerProfile: A auto_scaler_profile block as defined below.
DiskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
EnablePodSecurityPolicy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
Identity KubernetesClusterIdentity: A identity block as defined below. Changing this forces a new resource to be created.
KubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
LinuxProfile KubernetesClusterLinuxProfile: A linux_profile block as defined below.
Location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
Name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
NetworkProfile KubernetesClusterNetworkProfile: A network_profile block as defined below.
NodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
PrivateClusterEnabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
PrivateLinkEnabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
RoleBasedAccessControl KubernetesClusterRoleBasedAccessControl: A role_based_access_control block. Changing this forces a new resource to be created.
ServicePrincipal KubernetesClusterServicePrincipal: A service_principal block as documented below.
SkuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
Tags map[string]string: A mapping of tags to assign to the resource.
WindowsProfile KubernetesClusterWindowsProfile: A windows_profile block as defined below.

defaultNodePool KubernetesClusterDefaultNodePool: A default_node_pool block as defined below.
dnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
resourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
addonProfile KubernetesClusterAddonProfile: A addon_profile block as defined below.
apiServerAuthorizedIpRanges string[]: The IP ranges to whitelist for incoming traffic to the masters.
autoScalerProfile KubernetesClusterAutoScalerProfile: A auto_scaler_profile block as defined below.
diskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
enablePodSecurityPolicy boolean: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
identity KubernetesClusterIdentity: A identity block as defined below. Changing this forces a new resource to be created.
kubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
linuxProfile KubernetesClusterLinuxProfile: A linux_profile block as defined below.
location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
networkProfile KubernetesClusterNetworkProfile: A network_profile block as defined below.
nodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
privateClusterEnabled boolean: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
privateLinkEnabled boolean: Deprecated: Deprecated in favor of private_cluster_enabled
roleBasedAccessControl KubernetesClusterRoleBasedAccessControl: A role_based_access_control block. Changing this forces a new resource to be created.
servicePrincipal KubernetesClusterServicePrincipal: A service_principal block as documented below.
skuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
windowsProfile KubernetesClusterWindowsProfile: A windows_profile block as defined below.

default_node_pool Dict[KubernetesClusterDefaultNodePool]: A default_node_pool block as defined below.
dns_prefix str: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
resource_group_name str: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
addon_profile Dict[KubernetesClusterAddonProfile]: A addon_profile block as defined below.
api_server_authorized_ip_ranges List[str]: The IP ranges to whitelist for incoming traffic to the masters.
auto_scaler_profile Dict[KubernetesClusterAutoScalerProfile]: A auto_scaler_profile block as defined below.
disk_encryption_set_id str: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
enable_pod_security_policy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
identity Dict[KubernetesClusterIdentity]: A identity block as defined below. Changing this forces a new resource to be created.
kubernetes_version str: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
linux_profile Dict[KubernetesClusterLinuxProfile]: A linux_profile block as defined below.
location str: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
name str: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
network_profile Dict[KubernetesClusterNetworkProfile]: A network_profile block as defined below.
node_resource_group str: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
private_cluster_enabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
private_link_enabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
role_based_access_control Dict[KubernetesClusterRoleBasedAccessControl]: A role_based_access_control block. Changing this forces a new resource to be created.
service_principal Dict[KubernetesClusterServicePrincipal]: A service_principal block as documented below.
sku_tier str: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
tags Dict[str, str]: A mapping of tags to assign to the resource.
windows_profile Dict[KubernetesClusterWindowsProfile]: A windows_profile block as defined below.

Outputs

All input properties are implicitly available as output properties. Additionally, the KubernetesCluster resource produces the following output properties:

Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
Id string: The provider-assigned unique ID for this managed resource.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeAdminConfigs List<KubernetesClusterKubeAdminConfig>: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
KubeConfigs List<KubernetesClusterKubeConfig>: A kube_config block as defined below.
KubeletIdentities List<KubernetesClusterKubeletIdentity>: A kubelet_identity block as defined below.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
Id string: The provider-assigned unique ID for this managed resource.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeAdminConfigs []KubernetesClusterKubeAdminConfig: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
KubeConfigs []KubernetesClusterKubeConfig: A kube_config block as defined below.
KubeletIdentities []KubernetesClusterKubeletIdentity: A kubelet_identity block as defined below.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
id string: The provider-assigned unique ID for this managed resource.
kubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kubeAdminConfigs KubernetesClusterKubeAdminConfig[]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
kubeConfigs KubernetesClusterKubeConfig[]: A kube_config block as defined below.
kubeletIdentities KubernetesClusterKubeletIdentity[]: A kubelet_identity block as defined below.
privateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

fqdn str: The FQDN of the Azure Kubernetes Managed Cluster.
id str: The provider-assigned unique ID for this managed resource.
kube_admin_config_raw str: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kube_admin_configs List[KubernetesClusterKubeAdminConfig]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kube_config_raw str: Raw Kubernetes config to be used by kubectl and other compatible tools
kube_configs List[KubernetesClusterKubeConfig]: A kube_config block as defined below.
kubelet_identities List[KubernetesClusterKubeletIdentity]: A kubelet_identity block as defined below.
private_fqdn str: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.

Look up an Existing KubernetesCluster Resource

Get an existing KubernetesCluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KubernetesClusterState, opts?: CustomResourceOptions): KubernetesCluster

static get(resource_name, id, opts=None, addon_profile=None, api_server_authorized_ip_ranges=None, auto_scaler_profile=None, default_node_pool=None, disk_encryption_set_id=None, dns_prefix=None, enable_pod_security_policy=None, fqdn=None, identity=None, kube_admin_config_raw=None, kube_admin_configs=None, kube_config_raw=None, kube_configs=None, kubelet_identities=None, kubernetes_version=None, linux_profile=None, location=None, name=None, network_profile=None, node_resource_group=None, private_cluster_enabled=None, private_fqdn=None, private_link_enabled=None, resource_group_name=None, role_based_access_control=None, service_principal=None, sku_tier=None, tags=None, windows_profile=None, __props__=None);

func GetKubernetesCluster(ctx *Context, name string, id IDInput, state *KubernetesClusterState, opts ...ResourceOption) (*KubernetesCluster, error)

public static KubernetesCluster Get(string name, Input<string> id, KubernetesClusterState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AddonProfile KubernetesClusterAddonProfileArgs: A addon_profile block as defined below.
ApiServerAuthorizedIpRanges List<string>: The IP ranges to whitelist for incoming traffic to the masters.
AutoScalerProfile KubernetesClusterAutoScalerProfileArgs: A auto_scaler_profile block as defined below.
DefaultNodePool KubernetesClusterDefaultNodePoolArgs: A default_node_pool block as defined below.
DiskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
DnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
EnablePodSecurityPolicy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
Identity KubernetesClusterIdentityArgs: A identity block as defined below. Changing this forces a new resource to be created.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeAdminConfigs List<KubernetesClusterKubeAdminConfigArgs>: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
KubeConfigs List<KubernetesClusterKubeConfigArgs>: A kube_config block as defined below.
KubeletIdentities List<KubernetesClusterKubeletIdentityArgs>: A kubelet_identity block as defined below.
KubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
LinuxProfile KubernetesClusterLinuxProfileArgs: A linux_profile block as defined below.
Location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
Name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
NetworkProfile KubernetesClusterNetworkProfileArgs: A network_profile block as defined below.
NodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
PrivateClusterEnabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
PrivateLinkEnabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
ResourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
RoleBasedAccessControl KubernetesClusterRoleBasedAccessControlArgs: A role_based_access_control block. Changing this forces a new resource to be created.
ServicePrincipal KubernetesClusterServicePrincipalArgs: A service_principal block as documented below.
SkuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.
WindowsProfile KubernetesClusterWindowsProfileArgs: A windows_profile block as defined below.

AddonProfile KubernetesClusterAddonProfile: A addon_profile block as defined below.
ApiServerAuthorizedIpRanges []string: The IP ranges to whitelist for incoming traffic to the masters.
AutoScalerProfile KubernetesClusterAutoScalerProfile: A auto_scaler_profile block as defined below.
DefaultNodePool KubernetesClusterDefaultNodePool: A default_node_pool block as defined below.
DiskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
DnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
EnablePodSecurityPolicy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
Fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
Identity KubernetesClusterIdentity: A identity block as defined below. Changing this forces a new resource to be created.
KubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeAdminConfigs []KubernetesClusterKubeAdminConfig: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
KubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
KubeConfigs []KubernetesClusterKubeConfig: A kube_config block as defined below.
KubeletIdentities []KubernetesClusterKubeletIdentity: A kubelet_identity block as defined below.
KubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
LinuxProfile KubernetesClusterLinuxProfile: A linux_profile block as defined below.
Location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
Name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
NetworkProfile KubernetesClusterNetworkProfile: A network_profile block as defined below.
NodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
PrivateClusterEnabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
PrivateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
PrivateLinkEnabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
ResourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
RoleBasedAccessControl KubernetesClusterRoleBasedAccessControl: A role_based_access_control block. Changing this forces a new resource to be created.
ServicePrincipal KubernetesClusterServicePrincipal: A service_principal block as documented below.
SkuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
Tags map[string]string: A mapping of tags to assign to the resource.
WindowsProfile KubernetesClusterWindowsProfile: A windows_profile block as defined below.

addonProfile KubernetesClusterAddonProfile: A addon_profile block as defined below.
apiServerAuthorizedIpRanges string[]: The IP ranges to whitelist for incoming traffic to the masters.
autoScalerProfile KubernetesClusterAutoScalerProfile: A auto_scaler_profile block as defined below.
defaultNodePool KubernetesClusterDefaultNodePool: A default_node_pool block as defined below.
diskEncryptionSetId string: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
dnsPrefix string: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
enablePodSecurityPolicy boolean: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
fqdn string: The FQDN of the Azure Kubernetes Managed Cluster.
identity KubernetesClusterIdentity: A identity block as defined below. Changing this forces a new resource to be created.
kubeAdminConfigRaw string: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kubeAdminConfigs KubernetesClusterKubeAdminConfig[]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kubeConfigRaw string: Raw Kubernetes config to be used by kubectl and other compatible tools
kubeConfigs KubernetesClusterKubeConfig[]: A kube_config block as defined below.
kubeletIdentities KubernetesClusterKubeletIdentity[]: A kubelet_identity block as defined below.
kubernetesVersion string: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
linuxProfile KubernetesClusterLinuxProfile: A linux_profile block as defined below.
location string: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
name string: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
networkProfile KubernetesClusterNetworkProfile: A network_profile block as defined below.
nodeResourceGroup string: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
privateClusterEnabled boolean: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
privateFqdn string: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
privateLinkEnabled boolean: Deprecated: Deprecated in favor of private_cluster_enabled
resourceGroupName string: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
roleBasedAccessControl KubernetesClusterRoleBasedAccessControl: A role_based_access_control block. Changing this forces a new resource to be created.
servicePrincipal KubernetesClusterServicePrincipal: A service_principal block as documented below.
skuTier string: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
tags {[key: string]: string}: A mapping of tags to assign to the resource.
windowsProfile KubernetesClusterWindowsProfile: A windows_profile block as defined below.

addon_profile Dict[KubernetesClusterAddonProfile]: A addon_profile block as defined below.
api_server_authorized_ip_ranges List[str]: The IP ranges to whitelist for incoming traffic to the masters.
auto_scaler_profile Dict[KubernetesClusterAutoScalerProfile]: A auto_scaler_profile block as defined below.
default_node_pool Dict[KubernetesClusterDefaultNodePool]: A default_node_pool block as defined below.
disk_encryption_set_id str: The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information can be found in the documentation.
dns_prefix str: DNS prefix specified when creating the managed cluster. Changing this forces a new resource to be created.
enable_pod_security_policy bool: Whether Pod Security Policies are enabled. Note that this also requires role based access control to be enabled.
fqdn str: The FQDN of the Azure Kubernetes Managed Cluster.
identity Dict[KubernetesClusterIdentity]: A identity block as defined below. Changing this forces a new resource to be created.
kube_admin_config_raw str: Raw Kubernetes config for the admin account to be used by kubectl and other compatible tools. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kube_admin_configs List[KubernetesClusterKubeAdminConfig]: A kube_admin_config block as defined below. This is only available when Role Based Access Control with Azure Active Directory is enabled.
kube_config_raw str: Raw Kubernetes config to be used by kubectl and other compatible tools
kube_configs List[KubernetesClusterKubeConfig]: A kube_config block as defined below.
kubelet_identities List[KubernetesClusterKubeletIdentity]: A kubelet_identity block as defined below.
kubernetes_version str: Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade).
linux_profile Dict[KubernetesClusterLinuxProfile]: A linux_profile block as defined below.
location str: The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
name str: The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
network_profile Dict[KubernetesClusterNetworkProfile]: A network_profile block as defined below.
node_resource_group str: The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
private_cluster_enabled bool: Should this Kubernetes Cluster have it’s API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to false. Changing this forces a new resource to be created.
private_fqdn str: The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster.
private_link_enabled bool: Deprecated: Deprecated in favor of private_cluster_enabled
resource_group_name str: Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
role_based_access_control Dict[KubernetesClusterRoleBasedAccessControl]: A role_based_access_control block. Changing this forces a new resource to be created.
service_principal Dict[KubernetesClusterServicePrincipal]: A service_principal block as documented below.
sku_tier str: The SKU Tier that should be used for this Kubernetes Cluster. Changing this forces a new resource to be created. Possible values are Free and Paid (which includes the Uptime SLA). Defaults to Free.
tags Dict[str, str]: A mapping of tags to assign to the resource.
windows_profile Dict[KubernetesClusterWindowsProfile]: A windows_profile block as defined below.

Supporting Types

KubernetesClusterAddonProfile

AciConnectorLinux KubernetesClusterAddonProfileAciConnectorLinuxArgs: A aci_connector_linux block. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
AzurePolicy KubernetesClusterAddonProfileAzurePolicyArgs: A azure_policy block as defined below. For more details please visit Understand Azure Policy for Azure Kubernetes Service
HttpApplicationRouting KubernetesClusterAddonProfileHttpApplicationRoutingArgs: A http_application_routing block as defined below.
KubeDashboard KubernetesClusterAddonProfileKubeDashboardArgs: A kube_dashboard block as defined below.
OmsAgent KubernetesClusterAddonProfileOmsAgentArgs: A oms_agent block as defined below. For more details, please visit How to onboard Azure Monitor for containers.

AciConnectorLinux KubernetesClusterAddonProfileAciConnectorLinux: A aci_connector_linux block. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
AzurePolicy KubernetesClusterAddonProfileAzurePolicy: A azure_policy block as defined below. For more details please visit Understand Azure Policy for Azure Kubernetes Service
HttpApplicationRouting KubernetesClusterAddonProfileHttpApplicationRouting: A http_application_routing block as defined below.
KubeDashboard KubernetesClusterAddonProfileKubeDashboard: A kube_dashboard block as defined below.
OmsAgent KubernetesClusterAddonProfileOmsAgent: A oms_agent block as defined below. For more details, please visit How to onboard Azure Monitor for containers.

aciConnectorLinux KubernetesClusterAddonProfileAciConnectorLinux: A aci_connector_linux block. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
azurePolicy KubernetesClusterAddonProfileAzurePolicy: A azure_policy block as defined below. For more details please visit Understand Azure Policy for Azure Kubernetes Service
httpApplicationRouting KubernetesClusterAddonProfileHttpApplicationRouting: A http_application_routing block as defined below.
kubeDashboard KubernetesClusterAddonProfileKubeDashboard: A kube_dashboard block as defined below.
omsAgent KubernetesClusterAddonProfileOmsAgent: A oms_agent block as defined below. For more details, please visit How to onboard Azure Monitor for containers.

aciConnectorLinux Dict[KubernetesClusterAddonProfileAciConnectorLinux]: A aci_connector_linux block. For more details, please visit Create and configure an AKS cluster to use virtual nodes.
azurePolicy Dict[KubernetesClusterAddonProfileAzurePolicy]: A azure_policy block as defined below. For more details please visit Understand Azure Policy for Azure Kubernetes Service
httpApplicationRouting Dict[KubernetesClusterAddonProfileHttpApplicationRouting]: A http_application_routing block as defined below.
kubeDashboard Dict[KubernetesClusterAddonProfileKubeDashboard]: A kube_dashboard block as defined below.
omsAgent Dict[KubernetesClusterAddonProfileOmsAgent]: A oms_agent block as defined below. For more details, please visit How to onboard Azure Monitor for containers.

KubernetesClusterAddonProfileAciConnectorLinux

Enabled bool: Is the virtual node addon enabled?
SubnetName string: The subnet name for the virtual nodes to run. This is required when aci_connector_linux enabled argument is set to true.

Enabled bool: Is the virtual node addon enabled?
SubnetName string: The subnet name for the virtual nodes to run. This is required when aci_connector_linux enabled argument is set to true.

enabled boolean: Is the virtual node addon enabled?
subnetName string: The subnet name for the virtual nodes to run. This is required when aci_connector_linux enabled argument is set to true.

enabled bool: Is the virtual node addon enabled?
subnetName str: The subnet name for the virtual nodes to run. This is required when aci_connector_linux enabled argument is set to true.

KubernetesClusterAddonProfileAzurePolicy

Enabled bool: Is the Azure Policy for Kubernetes Add On enabled?

Enabled bool: Is the Azure Policy for Kubernetes Add On enabled?

enabled boolean: Is the Azure Policy for Kubernetes Add On enabled?

enabled bool: Is the Azure Policy for Kubernetes Add On enabled?

KubernetesClusterAddonProfileHttpApplicationRouting

Enabled bool: Is HTTP Application Routing Enabled? Changing this forces a new resource to be created.
HttpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.

Enabled bool: Is HTTP Application Routing Enabled? Changing this forces a new resource to be created.
HttpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.

enabled boolean: Is HTTP Application Routing Enabled? Changing this forces a new resource to be created.
httpApplicationRoutingZoneName string: The Zone Name of the HTTP Application Routing.

enabled bool: Is HTTP Application Routing Enabled? Changing this forces a new resource to be created.
httpApplicationRoutingZoneName str: The Zone Name of the HTTP Application Routing.

KubernetesClusterAddonProfileKubeDashboard

Enabled bool: Is the Kubernetes Dashboard enabled?

Enabled bool: Is the Kubernetes Dashboard enabled?

enabled boolean: Is the Kubernetes Dashboard enabled?

enabled bool: Is the Kubernetes Dashboard enabled?

KubernetesClusterAddonProfileOmsAgent

Enabled bool: Is the OMS Agent Enabled?
LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace which the OMS Agent should send data to. Must be present if enabled is true.
OmsAgentIdentities List<KubernetesClusterAddonProfileOmsAgentOmsAgentIdentityArgs>: An oms_agent_identity block as defined below.

Enabled bool: Is the OMS Agent Enabled?
LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace which the OMS Agent should send data to. Must be present if enabled is true.
OmsAgentIdentities []KubernetesClusterAddonProfileOmsAgentOmsAgentIdentity: An oms_agent_identity block as defined below.

enabled boolean: Is the OMS Agent Enabled?
logAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace which the OMS Agent should send data to. Must be present if enabled is true.
omsAgentIdentities KubernetesClusterAddonProfileOmsAgentOmsAgentIdentity[]: An oms_agent_identity block as defined below.

enabled bool: Is the OMS Agent Enabled?
log_analytics_workspace_id str: The ID of the Log Analytics Workspace which the OMS Agent should send data to. Must be present if enabled is true.
omsAgentIdentities List[KubernetesClusterAddonProfileOmsAgentOmsAgentIdentity]: An oms_agent_identity block as defined below.

KubernetesClusterAddonProfileOmsAgentOmsAgentIdentity

ClientId string: The Client ID for the Service Principal.
ObjectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
UserAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

ClientId string: The Client ID for the Service Principal.
ObjectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
UserAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

clientId string: The Client ID for the Service Principal.
objectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
userAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

client_id str: The Client ID for the Service Principal.
object_id str: The Object ID of the user-defined Managed Identity used by the OMS Agents.
userAssignedIdentityId str: The ID of the User Assigned Identity used by the OMS Agents.

KubernetesClusterAutoScalerProfile

BalanceSimilarNodeGroups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
MaxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
ScaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
ScaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
ScaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
ScaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
ScaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
ScaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
ScanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.

BalanceSimilarNodeGroups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
MaxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
ScaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
ScaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
ScaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
ScaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
ScaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
ScaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
ScanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.

balanceSimilarNodeGroups boolean: Detect similar node groups and balance the number of nodes between them. Defaults to false.
maxGracefulTerminationSec string: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
scaleDownDelayAfterAdd string: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scaleDownDelayAfterDelete string: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scaleDownDelayAfterFailure string: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scaleDownUnneeded string: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scaleDownUnready string: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scaleDownUtilizationThreshold string: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scanInterval string: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.

balanceSimilarNodeGroups bool: Detect similar node groups and balance the number of nodes between them. Defaults to false.
maxGracefulTerminationSec str: Maximum number of seconds the cluster autoscaler waits for pod termination when trying to scale down a node. Defaults to 600.
scaleDownDelayAfterAdd str: How long after the scale up of AKS nodes the scale down evaluation resumes. Defaults to 10m.
scaleDownDelayAfterDelete str: How long after node deletion that scale down evaluation resumes. Defaults to the value used for scan_interval.
scaleDownDelayAfterFailure str: How long after scale down failure that scale down evaluation resumes. Defaults to 3m.
scaleDownUnneeded str: How long a node should be unneeded before it is eligible for scale down. Defaults to 10m.
scaleDownUnready str: How long an unready node should be unneeded before it is eligible for scale down. Defaults to 20m.
scaleDownUtilizationThreshold str: Node utilization level, defined as sum of requested resources divided by capacity, below which a node can be considered for scale down. Defaults to 0.5.
scanInterval str: How often the AKS Cluster should be re-evaluated for scale up/down. Defaults to 10s.

KubernetesClusterDefaultNodePool

Name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
VmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
AvailabilityZones List<string>: A list of Availability Zones across which the Node Pool should be spread.
EnableAutoScaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false.
EnableNodePublicIp bool: Should nodes in this Node Pool have a Public IP Address? Defaults to false.
MaxCount int: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
MaxPods int: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
MinCount int: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
NodeCount int: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100 and between min_count and max_count.
NodeLabels Dictionary<string, string>: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created.
NodeTaints List<string>: A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g key=value:NoSchedule). Changing this forces a new resource to be created.
OrchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade)
OsDiskSizeGb int: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the Node Pool.
Type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets.
VnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.

Name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
VmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
AvailabilityZones []string: A list of Availability Zones across which the Node Pool should be spread.
EnableAutoScaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false.
EnableNodePublicIp bool: Should nodes in this Node Pool have a Public IP Address? Defaults to false.
MaxCount int: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
MaxPods int: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
MinCount int: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
NodeCount int: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100 and between min_count and max_count.
NodeLabels map[string]string: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created.
NodeTaints []string: A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g key=value:NoSchedule). Changing this forces a new resource to be created.
OrchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade)
OsDiskSizeGb int: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the Node Pool.
Type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets.
VnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.

name string: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vmSize string: The size of the Virtual Machine, such as Standard_DS2_v2.
availabilityZones string[]: A list of Availability Zones across which the Node Pool should be spread.
enableAutoScaling boolean: Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false.
enableNodePublicIp boolean: Should nodes in this Node Pool have a Public IP Address? Defaults to false.
maxCount number: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
maxPods number: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
minCount number: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
nodeCount number: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100 and between min_count and max_count.
nodeLabels {[key: string]: string}: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created.
nodeTaints string[]: A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g key=value:NoSchedule). Changing this forces a new resource to be created.
orchestratorVersion string: Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade)
osDiskSizeGb number: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the Node Pool.
type string: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets.
vnetSubnetId string: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.

name str: The name which should be used for the default Kubernetes Node Pool. Changing this forces a new resource to be created.
vm_size str: The size of the Virtual Machine, such as Standard_DS2_v2.
availability_zones List[str]: A list of Availability Zones across which the Node Pool should be spread.
enable_auto_scaling bool: Should the Kubernetes Auto Scaler be enabled for this Node Pool? Defaults to false.
enable_node_public_ip bool: Should nodes in this Node Pool have a Public IP Address? Defaults to false.
max_count float: The maximum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
max_pods float: The maximum number of pods that can run on each agent. Changing this forces a new resource to be created.
min_count float: The minimum number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100.
node_count float: The initial number of nodes which should exist in this Node Pool. If specified this must be between 1 and 100 and between min_count and max_count.
node_labels Dict[str, str]: A map of Kubernetes labels which should be applied to nodes in the Default Node Pool. Changing this forces a new resource to be created.
node_taints List[str]: A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g key=value:NoSchedule). Changing this forces a new resource to be created.
orchestrator_version str: Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won’t auto-upgrade)
os_disk_size_gb float: The size of the OS Disk which should be used for each agent in the Node Pool. Changing this forces a new resource to be created.
tags Dict[str, str]: A mapping of tags to assign to the Node Pool.
type str: The type of Node Pool which should be created. Possible values are AvailabilitySet and VirtualMachineScaleSets. Defaults to VirtualMachineScaleSets.
vnet_subnet_id str: The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created.

KubernetesClusterIdentity

Type string: The type of identity used for the managed cluster. At this time the only supported value is SystemAssigned.
PrincipalId string: The principal id of the system assigned identity which is used by master components.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

Type string: The type of identity used for the managed cluster. At this time the only supported value is SystemAssigned.
PrincipalId string: The principal id of the system assigned identity which is used by master components.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

type string: The type of identity used for the managed cluster. At this time the only supported value is SystemAssigned.
principalId string: The principal id of the system assigned identity which is used by master components.
tenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

type str: The type of identity used for the managed cluster. At this time the only supported value is SystemAssigned.
principal_id str: The principal id of the system assigned identity which is used by master components.
tenant_id str: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

KubernetesClusterKubeAdminConfig

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host string: The Kubernetes cluster server host.
password string: A password or token used to authenticate to the Kubernetes cluster.
username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate str: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey str: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate str: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host str: The Kubernetes cluster server host.
password str: A password or token used to authenticate to the Kubernetes cluster.
username str: A username used to authenticate to the Kubernetes cluster.

KubernetesClusterKubeConfig

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

ClientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
ClientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
ClusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
Host string: The Kubernetes cluster server host.
Password string: A password or token used to authenticate to the Kubernetes cluster.
Username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate string: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey string: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate string: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host string: The Kubernetes cluster server host.
password string: A password or token used to authenticate to the Kubernetes cluster.
username string: A username used to authenticate to the Kubernetes cluster.

clientCertificate str: Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster.
clientKey str: Base64 encoded private key used by clients to authenticate to the Kubernetes cluster.
clusterCaCertificate str: Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster.
host str: The Kubernetes cluster server host.
password str: A password or token used to authenticate to the Kubernetes cluster.
username str: A username used to authenticate to the Kubernetes cluster.

KubernetesClusterKubeletIdentity

ClientId string: The Client ID for the Service Principal.
ObjectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
UserAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

ClientId string: The Client ID for the Service Principal.
ObjectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
UserAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

clientId string: The Client ID for the Service Principal.
objectId string: The Object ID of the user-defined Managed Identity used by the OMS Agents.
userAssignedIdentityId string: The ID of the User Assigned Identity used by the OMS Agents.

client_id str: The Client ID for the Service Principal.
object_id str: The Object ID of the user-defined Managed Identity used by the OMS Agents.
userAssignedIdentityId str: The ID of the User Assigned Identity used by the OMS Agents.

KubernetesClusterLinuxProfile

AdminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
SshKey KubernetesClusterLinuxProfileSshKeyArgs: An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created.

AdminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
SshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created.

adminUsername string: The Admin Username for the Cluster. Changing this forces a new resource to be created.
sshKey KubernetesClusterLinuxProfileSshKey: An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created.

admin_username str: The Admin Username for the Cluster. Changing this forces a new resource to be created.
ssh_key Dict[KubernetesClusterLinuxProfileSshKey]: An ssh_key block. Only one is currently allowed. Changing this forces a new resource to be created.

KubernetesClusterLinuxProfileSshKey

KeyData string: The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.

KeyData string: The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.

keyData string: The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.

keyData str: The Public SSH Key used to access the cluster. Changing this forces a new resource to be created.

KubernetesClusterNetworkProfile

NetworkPlugin string: Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created.
DnsServiceIp string: IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
DockerBridgeCidr string: IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.
LoadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfileArgs: A load_balancer_profile block. This can only be specified when load_balancer_sku is set to Standard.
LoadBalancerSku string: Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are Basic and Standard. Defaults to Standard.
NetworkPolicy string: Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.
OutboundType string: The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer.
PodCidr string: The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.
ServiceCidr string: The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

NetworkPlugin string: Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created.
DnsServiceIp string: IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
DockerBridgeCidr string: IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.
LoadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfile: A load_balancer_profile block. This can only be specified when load_balancer_sku is set to Standard.
LoadBalancerSku string: Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are Basic and Standard. Defaults to Standard.
NetworkPolicy string: Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.
OutboundType string: The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer.
PodCidr string: The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.
ServiceCidr string: The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

networkPlugin string: Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created.
dnsServiceIp string: IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
dockerBridgeCidr string: IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.
loadBalancerProfile KubernetesClusterNetworkProfileLoadBalancerProfile: A load_balancer_profile block. This can only be specified when load_balancer_sku is set to Standard.
loadBalancerSku string: Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are Basic and Standard. Defaults to Standard.
networkPolicy string: Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.
outboundType string: The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer.
podCidr string: The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.
serviceCidr string: The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

networkPlugin str: Network plugin to use for networking. Currently supported values are azure and kubenet. Changing this forces a new resource to be created.
dnsServiceIp str: IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created.
dockerBridgeCidr str: IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created.
loadBalancerProfile Dict[KubernetesClusterNetworkProfileLoadBalancerProfile]: A load_balancer_profile block. This can only be specified when load_balancer_sku is set to Standard.
loadBalancerSku str: Specifies the SKU of the Load Balancer used for this Kubernetes Cluster. Possible values are Basic and Standard. Defaults to Standard.
networkPolicy str: Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created.
outboundType str: The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer.
podCidr str: The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created.
serviceCidr str: The Network Range used by the Kubernetes service. Changing this forces a new resource to be created.

KubernetesClusterNetworkProfileLoadBalancerProfile

EffectiveOutboundIps List<string>: The outcome (resource IDs) of the specified arguments.
IdleTimeoutInMinutes int: Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30.
ManagedOutboundIpCount int: Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.
OutboundIpAddressIds List<string>: The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
OutboundIpPrefixIds List<string>: The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
OutboundPortsAllocated int: Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0.

EffectiveOutboundIps []string: The outcome (resource IDs) of the specified arguments.
IdleTimeoutInMinutes int: Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30.
ManagedOutboundIpCount int: Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.
OutboundIpAddressIds []string: The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
OutboundIpPrefixIds []string: The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
OutboundPortsAllocated int: Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0.

effectiveOutboundIps string[]: The outcome (resource IDs) of the specified arguments.
idleTimeoutInMinutes number: Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30.
managedOutboundIpCount number: Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.
outboundIpAddressIds string[]: The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
outboundIpPrefixIds string[]: The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
outboundPortsAllocated number: Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0.

effectiveOutboundIps List[str]: The outcome (resource IDs) of the specified arguments.
idle_timeout_in_minutes float: Desired outbound flow idle timeout in minutes for the cluster load balancer. Must be between 4 and 120 inclusive. Defaults to 30.
managedOutboundIpCount float: Count of desired managed outbound IPs for the cluster load balancer. Must be between 1 and 100 inclusive.
outboundIpAddressIds List[str]: The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer.
outboundIpPrefixIds List[str]: The ID of the outbound Public IP Address Prefixes which should be used for the cluster load balancer.
outboundPortsAllocated float: Number of desired SNAT port for each VM in the clusters load balancer. Must be between 0 and 64000 inclusive. Defaults to 0.

KubernetesClusterRoleBasedAccessControl

Enabled bool: Is Role Based Access Control Enabled? Changing this forces a new resource to be created.
AzureActiveDirectory KubernetesClusterRoleBasedAccessControlAzureActiveDirectoryArgs: An azure_active_directory block.

Enabled bool: Is Role Based Access Control Enabled? Changing this forces a new resource to be created.
AzureActiveDirectory KubernetesClusterRoleBasedAccessControlAzureActiveDirectory: An azure_active_directory block.

enabled boolean: Is Role Based Access Control Enabled? Changing this forces a new resource to be created.
azureActiveDirectory KubernetesClusterRoleBasedAccessControlAzureActiveDirectory: An azure_active_directory block.

enabled bool: Is Role Based Access Control Enabled? Changing this forces a new resource to be created.
azure_active_directory Dict[KubernetesClusterRoleBasedAccessControlAzureActiveDirectory]: An azure_active_directory block.

KubernetesClusterRoleBasedAccessControlAzureActiveDirectory

AdminGroupObjectIds List<string>: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
ClientAppId string: The Client ID of an Azure Active Directory Application.
Managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
ServerAppId string: The Server ID of an Azure Active Directory Application.
ServerAppSecret string: The Server Secret of an Azure Active Directory Application.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

AdminGroupObjectIds []string: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
ClientAppId string: The Client ID of an Azure Active Directory Application.
Managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
ServerAppId string: The Server ID of an Azure Active Directory Application.
ServerAppSecret string: The Server Secret of an Azure Active Directory Application.
TenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

adminGroupObjectIds string[]: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
clientAppId string: The Client ID of an Azure Active Directory Application.
managed boolean: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
serverAppId string: The Server ID of an Azure Active Directory Application.
serverAppSecret string: The Server Secret of an Azure Active Directory Application.
tenantId string: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

adminGroupObjectIds List[str]: A list of Object IDs of Azure Active Directory Groups which should have Admin Role on the Cluster.
clientAppId str: The Client ID of an Azure Active Directory Application.
managed bool: Is the Azure Active Directory integration Managed, meaning that Azure will create/manage the Service Principal used for integration.
serverAppId str: The Server ID of an Azure Active Directory Application.
serverAppSecret str: The Server Secret of an Azure Active Directory Application.
tenant_id str: The Tenant ID used for Azure Active Directory Application. If this isn’t specified the Tenant ID of the current Subscription is used.

KubernetesClusterServicePrincipal

ClientId string: The Client ID for the Service Principal.
ClientSecret string: The Client Secret for the Service Principal.

ClientId string: The Client ID for the Service Principal.
ClientSecret string: The Client Secret for the Service Principal.

clientId string: The Client ID for the Service Principal.
clientSecret string: The Client Secret for the Service Principal.

client_id str: The Client ID for the Service Principal.
client_secret str: The Client Secret for the Service Principal.

KubernetesClusterWindowsProfile

AdminUsername string: The Admin Username for Windows VMs.
AdminPassword string: The Admin Password for Windows VMs.

AdminUsername string: The Admin Username for Windows VMs.
AdminPassword string: The Admin Password for Windows VMs.

adminUsername string: The Admin Username for Windows VMs.
adminPassword string: The Admin Password for Windows VMs.

admin_username str: The Admin Username for Windows VMs.
admin_password str: The Admin Password for Windows VMs.

Package Details

Repository: https://github.com/pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud