com.pulumi.azure.containerservice.kotlin.KubernetesClusterArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.containerservice.kotlin
import com.pulumi.azure.containerservice.KubernetesClusterArgs.builder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAciConnectorLinuxArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAciConnectorLinuxArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterApiServerAccessProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterApiServerAccessProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAutoScalerProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAutoScalerProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterConfidentialComputingArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterConfidentialComputingArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterDefaultNodePoolArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterDefaultNodePoolArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterHttpProxyConfigArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterHttpProxyConfigArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterIdentityArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterIdentityArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterIngressApplicationGatewayArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterIngressApplicationGatewayArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKeyManagementServiceArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKeyManagementServiceArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKeyVaultSecretsProviderArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKeyVaultSecretsProviderArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKubeletIdentityArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterKubeletIdentityArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterLinuxProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterLinuxProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowAutoUpgradeArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowAutoUpgradeArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowNodeOsArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMaintenanceWindowNodeOsArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMicrosoftDefenderArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMicrosoftDefenderArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMonitorMetricsArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterMonitorMetricsArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterNetworkProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterNetworkProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterOmsAgentArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterOmsAgentArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterServiceMeshProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterServiceMeshProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterServicePrincipalArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterServicePrincipalArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterStorageProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterStorageProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWebAppRoutingArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWebAppRoutingArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWindowsProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWindowsProfileArgsBuilder
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWorkloadAutoscalerProfileArgs
import com.pulumi.azure.containerservice.kotlin.inputs.KubernetesClusterWorkloadAutoscalerProfileArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Deprecated
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Manages a Managed Kubernetes Cluster (also known as AKS / Azure Kubernetes Service)
* ## Example Usage
* This example provisions a basic Managed Kubernetes Cluster.
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example-resources",
* location: "West Europe",
* });
* const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
* name: "example-aks1",
* location: example.location,
* resourceGroupName: example.name,
* dnsPrefix: "exampleaks1",
* defaultNodePool: {
* name: "default",
* nodeCount: 1,
* vmSize: "Standard_D2_v2",
* },
* identity: {
* type: "SystemAssigned",
* },
* tags: {
* Environment: "Production",
* },
* });
* export const clientCertificate = exampleKubernetesCluster.kubeConfigs.apply(kubeConfigs => kubeConfigs[0].clientCertificate);
* export const kubeConfig = exampleKubernetesCluster.kubeConfigRaw;
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example-resources",
* location="West Europe")
* example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
* name="example-aks1",
* location=example.location,
* resource_group_name=example.name,
* dns_prefix="exampleaks1",
* default_node_pool=azure.containerservice.KubernetesClusterDefaultNodePoolArgs(
* name="default",
* node_count=1,
* vm_size="Standard_D2_v2",
* ),
* identity=azure.containerservice.KubernetesClusterIdentityArgs(
* type="SystemAssigned",
* ),
* tags={
* "Environment": "Production",
* })
* pulumi.export("clientCertificate", example_kubernetes_cluster.kube_configs[0].client_certificate)
* pulumi.export("kubeConfig", example_kubernetes_cluster.kube_config_raw)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-resources",
* Location = "West Europe",
* });
* var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
* {
* Name = "example-aks1",
* Location = example.Location,
* ResourceGroupName = example.Name,
* DnsPrefix = "exampleaks1",
* DefaultNodePool = new Azure.ContainerService.Inputs.KubernetesClusterDefaultNodePoolArgs
* {
* Name = "default",
* NodeCount = 1,
* VmSize = "Standard_D2_v2",
* },
* Identity = new Azure.ContainerService.Inputs.KubernetesClusterIdentityArgs
* {
* Type = "SystemAssigned",
* },
* Tags =
* {
* { "Environment", "Production" },
* },
* });
* return new Dictionary
* {
* ["clientCertificate"] = exampleKubernetesCluster.KubeConfigs.Apply(kubeConfigs => kubeConfigs[0].ClientCertificate),
* ["kubeConfig"] = exampleKubernetesCluster.KubeConfigRaw,
* };
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/containerservice"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-resources"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleKubernetesCluster, err := containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
* Name: pulumi.String("example-aks1"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* DnsPrefix: pulumi.String("exampleaks1"),
* DefaultNodePool: &containerservice.KubernetesClusterDefaultNodePoolArgs{
* Name: pulumi.String("default"),
* NodeCount: pulumi.Int(1),
* VmSize: pulumi.String("Standard_D2_v2"),
* },
* Identity: &containerservice.KubernetesClusterIdentityArgs{
* Type: pulumi.String("SystemAssigned"),
* },
* Tags: pulumi.StringMap{
* "Environment": pulumi.String("Production"),
* },
* })
* if err != nil {
* return err
* }
* ctx.Export("clientCertificate", exampleKubernetesCluster.KubeConfigs.ApplyT(func(kubeConfigs []containerservice.KubernetesClusterKubeConfig) (*string, error) {
* return &kubeConfigs[0].ClientCertificate, nil
* }).(pulumi.StringPtrOutput))
* ctx.Export("kubeConfig", exampleKubernetesCluster.KubeConfigRaw)
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.containerservice.KubernetesCluster;
* import com.pulumi.azure.containerservice.KubernetesClusterArgs;
* import com.pulumi.azure.containerservice.inputs.KubernetesClusterDefaultNodePoolArgs;
* import com.pulumi.azure.containerservice.inputs.KubernetesClusterIdentityArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
* var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
* .name("example-aks1")
* .location(example.location())
* .resourceGroupName(example.name())
* .dnsPrefix("exampleaks1")
* .defaultNodePool(KubernetesClusterDefaultNodePoolArgs.builder()
* .name("default")
* .nodeCount(1)
* .vmSize("Standard_D2_v2")
* .build())
* .identity(KubernetesClusterIdentityArgs.builder()
* .type("SystemAssigned")
* .build())
* .tags(Map.of("Environment", "Production"))
* .build());
* ctx.export("clientCertificate", exampleKubernetesCluster.kubeConfigs().applyValue(kubeConfigs -> kubeConfigs[0].clientCertificate()));
* ctx.export("kubeConfig", exampleKubernetesCluster.kubeConfigRaw());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example-resources
* location: West Europe
* exampleKubernetesCluster:
* type: azure:containerservice:KubernetesCluster
* name: example
* properties:
* name: example-aks1
* location: ${example.location}
* resourceGroupName: ${example.name}
* dnsPrefix: exampleaks1
* defaultNodePool:
* name: default
* nodeCount: 1
* vmSize: Standard_D2_v2
* identity:
* type: SystemAssigned
* tags:
* Environment: Production
* outputs:
* clientCertificate: ${exampleKubernetesCluster.kubeConfigs[0].clientCertificate}
* kubeConfig: ${exampleKubernetesCluster.kubeConfigRaw}
* ```
*
* ## Import
* Managed Kubernetes Clusters can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:containerservice/kubernetesCluster:KubernetesCluster cluster1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ContainerService/managedClusters/cluster1
* ```
* @property aciConnectorLinux A `aci_connector_linux` block as defined below. For more details, please visit [Create and configure an AKS cluster to use virtual nodes](https://docs.microsoft.com/azure/aks/virtual-nodes-portal).
* @property apiServerAccessProfile An `api_server_access_profile` block as defined below.
* @property apiServerAuthorizedIpRanges
* @property autoScalerProfile A `auto_scaler_profile` block as defined below.
* @property automaticChannelUpgrade The upgrade channel for this Kubernetes Cluster. Possible values are `patch`, `rapid`, `node-image` and `stable`. Omitting this field sets this value to `none`.
* !> **Note:** Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please [see the Azure documentation for more information](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).
* > **Note:** Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
* @property azureActiveDirectoryRoleBasedAccessControl A `azure_active_directory_role_based_access_control` block as defined below.
* @property azurePolicyEnabled Should the Azure Policy Add-On be enabled? For more details please visit [Understand Azure Policy for Azure Kubernetes Service](https://docs.microsoft.com/en-ie/azure/governance/policy/concepts/rego-for-aks)
* @property confidentialComputing A `confidential_computing` block as defined below. For more details please [the documentation](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview)
* @property customCaTrustCertificatesBase64s A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled.
* > **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created.
* @property defaultNodePool A `default_node_pool` block as defined below.
* @property diskEncryptionSetId The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information [can be found in the documentation](https://docs.microsoft.com/azure/aks/azure-disk-customer-managed-keys). Changing this forces a new resource to be created.
* @property dnsPrefix DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
* @property dnsPrefixPrivateCluster Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
* > **Note:** You must define either a `dns_prefix` or a `dns_prefix_private_cluster` field.
* In addition, one of either `identity` or `service_principal` blocks must be specified.
* @property edgeZone Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
* @property enablePodSecurityPolicy
* @property httpApplicationRoutingEnabled Should HTTP Application Routing be enabled?
* > **Note:** At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
* @property httpProxyConfig A `http_proxy_config` block as defined below.
* @property identity An `identity` block as defined below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
* @property imageCleanerEnabled Specifies whether Image Cleaner is enabled.
* @property imageCleanerIntervalHours Specifies the interval in hours when images should be cleaned up. Defaults to `48`.
* @property ingressApplicationGateway A `ingress_application_gateway` block as defined below.
* > **Note:** Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the `Microsoft.Network/virtualNetworks/subnets/join/action` permission on the Virtual Network or Subnet. For more details, please visit [Virtual Network Permission](https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#virtual-network-permission).
* @property keyManagementService A `key_management_service` block as defined below. For more details, please visit [Key Management Service (KMS) etcd encryption to an AKS cluster](https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption).
* @property keyVaultSecretsProvider A `key_vault_secrets_provider` block as defined below. For more details, please visit [Azure Keyvault Secrets Provider for AKS](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver).
* @property kubeletIdentity A `kubelet_identity` block as defined below.
* @property kubernetesVersion Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as `1.22` are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in [the documentation](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#alias-minor-version).
* > **Note:** Upgrading your cluster may take up to 10 minutes per node.
* @property linuxProfile A `linux_profile` block as defined below.
* @property localAccountDisabled If `true` local accounts will be disabled. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts) for more information.
* > **Note:** If `local_account_disabled` is set to `true`, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#azure-ad-authentication-overview) for more information.
* @property location The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
* @property maintenanceWindow A `maintenance_window` block as defined below.
* @property maintenanceWindowAutoUpgrade A `maintenance_window_auto_upgrade` block as defined below.
* @property maintenanceWindowNodeOs A `maintenance_window_node_os` block as defined below.
* @property microsoftDefender A `microsoft_defender` block as defined below.
* @property monitorMetrics Specifies a Prometheus add-on profile for the Kubernetes Cluster. A `monitor_metrics` block as defined below.
* > **Note:** If deploying Managed Prometheus, the `monitor_metrics` properties are required to configure the cluster for metrics collection. If no value is needed, set properties to `null`.
* @property name The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
* @property networkProfile A `network_profile` block as defined below. Changing this forces a new resource to be created.
* > **Note:** If `network_profile` is not defined, `kubenet` profile will be used by default.
* @property nodeOsChannelUpgrade The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`.
* > **Note:** `node_os_channel_upgrade` must be set to `NodeImage` if `automatic_channel_upgrade` has been set to `node-image`
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/NodeOsUpgradeChannelPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image#register-the-nodeosupgradechannelpreview-feature-flag) for more information.
* @property nodeResourceGroup The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
* > **Note:** Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
* @property oidcIssuerEnabled Enable or Disable the [OIDC issuer URL](https://learn.microsoft.com/en-gb/azure/aks/use-oidc-issuer)
* @property omsAgent A `oms_agent` block as defined below.
* @property openServiceMeshEnabled Is Open Service Mesh enabled? For more details, please visit [Open Service Mesh for AKS](https://docs.microsoft.com/azure/aks/open-service-mesh-about).
* @property privateClusterEnabled Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to `false`. Changing this forces a new resource to be created.
* @property privateClusterPublicFqdnEnabled Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to `false`.
* > **Note:** If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the `Private DNS Zone Contributor` role and access to this Private DNS Zone. If `UserAssigned` identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example",
* location: "West Europe",
* });
* const exampleZone = new azure.privatedns.Zone("example", {
* name: "privatelink.eastus2.azmk8s.io",
* resourceGroupName: example.name,
* });
* const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
* name: "aks-example-identity",
* resourceGroupName: example.name,
* location: example.location,
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* scope: exampleZone.id,
* roleDefinitionName: "Private DNS Zone Contributor",
* principalId: exampleUserAssignedIdentity.principalId,
* });
* const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
* name: "aksexamplewithprivatednszone1",
* location: example.location,
* resourceGroupName: example.name,
* dnsPrefix: "aksexamplednsprefix1",
* privateClusterEnabled: true,
* privateDnsZoneId: exampleZone.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example",
* location="West Europe")
* example_zone = azure.privatedns.Zone("example",
* name="privatelink.eastus2.azmk8s.io",
* resource_group_name=example.name)
* example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
* name="aks-example-identity",
* resource_group_name=example.name,
* location=example.location)
* example_assignment = azure.authorization.Assignment("example",
* scope=example_zone.id,
* role_definition_name="Private DNS Zone Contributor",
* principal_id=example_user_assigned_identity.principal_id)
* example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
* name="aksexamplewithprivatednszone1",
* location=example.location,
* resource_group_name=example.name,
* dns_prefix="aksexamplednsprefix1",
* private_cluster_enabled=True,
* private_dns_zone_id=example_zone.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example",
* Location = "West Europe",
* });
* var exampleZone = new Azure.PrivateDns.Zone("example", new()
* {
* Name = "privatelink.eastus2.azmk8s.io",
* ResourceGroupName = example.Name,
* });
* var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
* {
* Name = "aks-example-identity",
* ResourceGroupName = example.Name,
* Location = example.Location,
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Scope = exampleZone.Id,
* RoleDefinitionName = "Private DNS Zone Contributor",
* PrincipalId = exampleUserAssignedIdentity.PrincipalId,
* });
* var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
* {
* Name = "aksexamplewithprivatednszone1",
* Location = example.Location,
* ResourceGroupName = example.Name,
* DnsPrefix = "aksexamplednsprefix1",
* PrivateClusterEnabled = true,
* PrivateDnsZoneId = exampleZone.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/containerservice"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/privatedns"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{
* Name: pulumi.String("privatelink.eastus2.azmk8s.io"),
* ResourceGroupName: example.Name,
* })
* if err != nil {
* return err
* }
* exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
* Name: pulumi.String("aks-example-identity"),
* ResourceGroupName: example.Name,
* Location: example.Location,
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Scope: exampleZone.ID(),
* RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"),
* PrincipalId: exampleUserAssignedIdentity.PrincipalId,
* })
* if err != nil {
* return err
* }
* _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
* Name: pulumi.String("aksexamplewithprivatednszone1"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* DnsPrefix: pulumi.String("aksexamplednsprefix1"),
* PrivateClusterEnabled: pulumi.Bool(true),
* PrivateDnsZoneId: exampleZone.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.privatedns.Zone;
* import com.pulumi.azure.privatedns.ZoneArgs;
* import com.pulumi.azure.authorization.UserAssignedIdentity;
* import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import com.pulumi.azure.containerservice.KubernetesCluster;
* import com.pulumi.azure.containerservice.KubernetesClusterArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example")
* .location("West Europe")
* .build());
* var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
* .name("privatelink.eastus2.azmk8s.io")
* .resourceGroupName(example.name())
* .build());
* var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
* .name("aks-example-identity")
* .resourceGroupName(example.name())
* .location(example.location())
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .scope(exampleZone.id())
* .roleDefinitionName("Private DNS Zone Contributor")
* .principalId(exampleUserAssignedIdentity.principalId())
* .build());
* var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
* .name("aksexamplewithprivatednszone1")
* .location(example.location())
* .resourceGroupName(example.name())
* .dnsPrefix("aksexamplednsprefix1")
* .privateClusterEnabled(true)
* .privateDnsZoneId(exampleZone.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example
* location: West Europe
* exampleZone:
* type: azure:privatedns:Zone
* name: example
* properties:
* name: privatelink.eastus2.azmk8s.io
* resourceGroupName: ${example.name}
* exampleUserAssignedIdentity:
* type: azure:authorization:UserAssignedIdentity
* name: example
* properties:
* name: aks-example-identity
* resourceGroupName: ${example.name}
* location: ${example.location}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* scope: ${exampleZone.id}
* roleDefinitionName: Private DNS Zone Contributor
* principalId: ${exampleUserAssignedIdentity.principalId}
* exampleKubernetesCluster:
* type: azure:containerservice:KubernetesCluster
* name: example
* properties:
* name: aksexamplewithprivatednszone1
* location: ${example.location}
* resourceGroupName: ${example.name}
* dnsPrefix: aksexamplednsprefix1
* privateClusterEnabled: true
* privateDnsZoneId: ${exampleZone.id}
* ```
*
* @property privateDnsZoneId Either the ID of Private DNS Zone which should be delegated to this Cluster, `System` to have AKS manage this or `None`. In case of `None` you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created.
* @property publicNetworkAccessEnabled Whether public network access is allowed for this Kubernetes Cluster. Defaults to `true`.
* !> **Note:** `public_network_access_enabled` is currently not functional and is not passed to the Azure API. For further information please see this [issue](https://github.com/Azure/AKS/issues/3690). For controlling the public and private exposure of a cluster please see the properties `private_cluster_enabled` and `api_server_access_profile`.
* @property resourceGroupName Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
* @property roleBasedAccessControlEnabled Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to `true`. Changing this forces a new resource to be created.
* @property runCommandEnabled Whether to enable run command for the cluster or not. Defaults to `true`.
* @property serviceMeshProfile A `service_mesh_profile` block as defined below.
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/AzureServiceMeshPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/istio-deploy-addon#register-the-azureservicemeshpreview-feature-flag) for more information.
* @property servicePrincipal A `service_principal` block as documented below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
* @property skuTier The SKU Tier that should be used for this Kubernetes Cluster. Possible values are `Free`, `Standard` (which includes the Uptime SLA) and `Premium`. Defaults to `Free`.
* > **Note:** Whilst the AKS API previously supported the `Paid` SKU - the AKS API introduced a breaking change in API Version `2023-02-01` (used in v3.51.0 and later) where the value `Paid` must now be set to `Standard`.
* @property storageProfile A `storage_profile` block as defined below.
* @property supportPlan Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are `KubernetesOfficial` and `AKSLongTermSupport`. Defaults to `KubernetesOfficial`.
* @property tags A mapping of tags to assign to the resource.
* @property webAppRouting A `web_app_routing` block as defined below.
* @property windowsProfile A `windows_profile` block as defined below.
* @property workloadAutoscalerProfile A `workload_autoscaler_profile` block defined below.
* @property workloadIdentityEnabled Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to `false`.
* > **Note:** To enable Azure AD Workload Identity `oidc_issuer_enabled` must be set to `true`.
* > **Note:** Enabling this option will allocate Workload Identity resources to the `kube-system` namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to [the documentation on Azure AD Workload Identity.](https://azure.github.io/azure-workload-identity/docs/installation/mutating-admission-webhook.html) The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
*/
public data class KubernetesClusterArgs(
public val aciConnectorLinux: Output? = null,
public val apiServerAccessProfile: Output? = null,
@Deprecated(
message = """
This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile`
block and will be removed in v4.0 of the provider
""",
)
public val apiServerAuthorizedIpRanges: Output>? = null,
public val autoScalerProfile: Output? = null,
public val automaticChannelUpgrade: Output? = null,
public val azureActiveDirectoryRoleBasedAccessControl:
Output? = null,
public val azurePolicyEnabled: Output? = null,
public val confidentialComputing: Output? = null,
public val customCaTrustCertificatesBase64s: Output>? = null,
public val defaultNodePool: Output? = null,
public val diskEncryptionSetId: Output? = null,
public val dnsPrefix: Output? = null,
public val dnsPrefixPrivateCluster: Output? = null,
public val edgeZone: Output? = null,
@Deprecated(
message = """
The AKS API has removed support for this field on 2020-10-15 and is no longer possible to
configure this the Pod Security Policy.
""",
)
public val enablePodSecurityPolicy: Output? = null,
public val httpApplicationRoutingEnabled: Output? = null,
public val httpProxyConfig: Output? = null,
public val identity: Output? = null,
public val imageCleanerEnabled: Output? = null,
public val imageCleanerIntervalHours: Output? = null,
public val ingressApplicationGateway: Output? =
null,
public val keyManagementService: Output? = null,
public val keyVaultSecretsProvider: Output? = null,
public val kubeletIdentity: Output? = null,
public val kubernetesVersion: Output? = null,
public val linuxProfile: Output? = null,
public val localAccountDisabled: Output? = null,
public val location: Output? = null,
public val maintenanceWindow: Output? = null,
public val maintenanceWindowAutoUpgrade:
Output? = null,
public val maintenanceWindowNodeOs: Output? = null,
public val microsoftDefender: Output? = null,
public val monitorMetrics: Output? = null,
public val name: Output? = null,
public val networkProfile: Output? = null,
public val nodeOsChannelUpgrade: Output? = null,
public val nodeResourceGroup: Output? = null,
public val oidcIssuerEnabled: Output? = null,
public val omsAgent: Output? = null,
public val openServiceMeshEnabled: Output? = null,
public val privateClusterEnabled: Output? = null,
public val privateClusterPublicFqdnEnabled: Output? = null,
public val privateDnsZoneId: Output? = null,
@Deprecated(
message = """
`public_network_access_enabled` is currently not functional and is not be passed to the API
""",
)
public val publicNetworkAccessEnabled: Output? = null,
public val resourceGroupName: Output? = null,
public val roleBasedAccessControlEnabled: Output? = null,
public val runCommandEnabled: Output? = null,
public val serviceMeshProfile: Output? = null,
public val servicePrincipal: Output? = null,
public val skuTier: Output? = null,
public val storageProfile: Output? = null,
public val supportPlan: Output? = null,
public val tags: Output>? = null,
public val webAppRouting: Output? = null,
public val windowsProfile: Output? = null,
public val workloadAutoscalerProfile: Output? =
null,
public val workloadIdentityEnabled: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.azure.containerservice.KubernetesClusterArgs =
com.pulumi.azure.containerservice.KubernetesClusterArgs.builder()
.aciConnectorLinux(aciConnectorLinux?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.apiServerAccessProfile(
apiServerAccessProfile?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.apiServerAuthorizedIpRanges(
apiServerAuthorizedIpRanges?.applyValue({ args0 ->
args0.map({ args0 ->
args0
})
}),
)
.autoScalerProfile(autoScalerProfile?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.automaticChannelUpgrade(automaticChannelUpgrade?.applyValue({ args0 -> args0 }))
.azureActiveDirectoryRoleBasedAccessControl(
azureActiveDirectoryRoleBasedAccessControl?.applyValue({ args0 ->
args0.let({ args0 -> args0.toJava() })
}),
)
.azurePolicyEnabled(azurePolicyEnabled?.applyValue({ args0 -> args0 }))
.confidentialComputing(
confidentialComputing?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.customCaTrustCertificatesBase64s(
customCaTrustCertificatesBase64s?.applyValue({ args0 ->
args0.map({ args0 -> args0 })
}),
)
.defaultNodePool(defaultNodePool?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.diskEncryptionSetId(diskEncryptionSetId?.applyValue({ args0 -> args0 }))
.dnsPrefix(dnsPrefix?.applyValue({ args0 -> args0 }))
.dnsPrefixPrivateCluster(dnsPrefixPrivateCluster?.applyValue({ args0 -> args0 }))
.edgeZone(edgeZone?.applyValue({ args0 -> args0 }))
.enablePodSecurityPolicy(enablePodSecurityPolicy?.applyValue({ args0 -> args0 }))
.httpApplicationRoutingEnabled(httpApplicationRoutingEnabled?.applyValue({ args0 -> args0 }))
.httpProxyConfig(httpProxyConfig?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.identity(identity?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.imageCleanerEnabled(imageCleanerEnabled?.applyValue({ args0 -> args0 }))
.imageCleanerIntervalHours(imageCleanerIntervalHours?.applyValue({ args0 -> args0 }))
.ingressApplicationGateway(
ingressApplicationGateway?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.keyManagementService(
keyManagementService?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.keyVaultSecretsProvider(
keyVaultSecretsProvider?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.kubeletIdentity(kubeletIdentity?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.kubernetesVersion(kubernetesVersion?.applyValue({ args0 -> args0 }))
.linuxProfile(linuxProfile?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.localAccountDisabled(localAccountDisabled?.applyValue({ args0 -> args0 }))
.location(location?.applyValue({ args0 -> args0 }))
.maintenanceWindow(maintenanceWindow?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.maintenanceWindowAutoUpgrade(
maintenanceWindowAutoUpgrade?.applyValue({ args0 ->
args0.let({ args0 -> args0.toJava() })
}),
)
.maintenanceWindowNodeOs(
maintenanceWindowNodeOs?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.microsoftDefender(microsoftDefender?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.monitorMetrics(monitorMetrics?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.name(name?.applyValue({ args0 -> args0 }))
.networkProfile(networkProfile?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.nodeOsChannelUpgrade(nodeOsChannelUpgrade?.applyValue({ args0 -> args0 }))
.nodeResourceGroup(nodeResourceGroup?.applyValue({ args0 -> args0 }))
.oidcIssuerEnabled(oidcIssuerEnabled?.applyValue({ args0 -> args0 }))
.omsAgent(omsAgent?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.openServiceMeshEnabled(openServiceMeshEnabled?.applyValue({ args0 -> args0 }))
.privateClusterEnabled(privateClusterEnabled?.applyValue({ args0 -> args0 }))
.privateClusterPublicFqdnEnabled(privateClusterPublicFqdnEnabled?.applyValue({ args0 -> args0 }))
.privateDnsZoneId(privateDnsZoneId?.applyValue({ args0 -> args0 }))
.publicNetworkAccessEnabled(publicNetworkAccessEnabled?.applyValue({ args0 -> args0 }))
.resourceGroupName(resourceGroupName?.applyValue({ args0 -> args0 }))
.roleBasedAccessControlEnabled(roleBasedAccessControlEnabled?.applyValue({ args0 -> args0 }))
.runCommandEnabled(runCommandEnabled?.applyValue({ args0 -> args0 }))
.serviceMeshProfile(
serviceMeshProfile?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.servicePrincipal(servicePrincipal?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.skuTier(skuTier?.applyValue({ args0 -> args0 }))
.storageProfile(storageProfile?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.supportPlan(supportPlan?.applyValue({ args0 -> args0 }))
.tags(tags?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.webAppRouting(webAppRouting?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.windowsProfile(windowsProfile?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.workloadAutoscalerProfile(
workloadAutoscalerProfile?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.workloadIdentityEnabled(workloadIdentityEnabled?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [KubernetesClusterArgs].
*/
@PulumiTagMarker
public class KubernetesClusterArgsBuilder internal constructor() {
private var aciConnectorLinux: Output? = null
private var apiServerAccessProfile: Output? = null
private var apiServerAuthorizedIpRanges: Output>? = null
private var autoScalerProfile: Output? = null
private var automaticChannelUpgrade: Output? = null
private var azureActiveDirectoryRoleBasedAccessControl:
Output? = null
private var azurePolicyEnabled: Output? = null
private var confidentialComputing: Output? = null
private var customCaTrustCertificatesBase64s: Output>? = null
private var defaultNodePool: Output? = null
private var diskEncryptionSetId: Output? = null
private var dnsPrefix: Output? = null
private var dnsPrefixPrivateCluster: Output? = null
private var edgeZone: Output? = null
private var enablePodSecurityPolicy: Output? = null
private var httpApplicationRoutingEnabled: Output? = null
private var httpProxyConfig: Output? = null
private var identity: Output? = null
private var imageCleanerEnabled: Output? = null
private var imageCleanerIntervalHours: Output? = null
private var ingressApplicationGateway: Output? =
null
private var keyManagementService: Output? = null
private var keyVaultSecretsProvider: Output? = null
private var kubeletIdentity: Output? = null
private var kubernetesVersion: Output? = null
private var linuxProfile: Output? = null
private var localAccountDisabled: Output? = null
private var location: Output? = null
private var maintenanceWindow: Output? = null
private var maintenanceWindowAutoUpgrade:
Output? = null
private var maintenanceWindowNodeOs: Output? = null
private var microsoftDefender: Output? = null
private var monitorMetrics: Output? = null
private var name: Output? = null
private var networkProfile: Output? = null
private var nodeOsChannelUpgrade: Output? = null
private var nodeResourceGroup: Output? = null
private var oidcIssuerEnabled: Output? = null
private var omsAgent: Output? = null
private var openServiceMeshEnabled: Output? = null
private var privateClusterEnabled: Output? = null
private var privateClusterPublicFqdnEnabled: Output? = null
private var privateDnsZoneId: Output? = null
private var publicNetworkAccessEnabled: Output? = null
private var resourceGroupName: Output? = null
private var roleBasedAccessControlEnabled: Output? = null
private var runCommandEnabled: Output? = null
private var serviceMeshProfile: Output? = null
private var servicePrincipal: Output? = null
private var skuTier: Output? = null
private var storageProfile: Output? = null
private var supportPlan: Output? = null
private var tags: Output>? = null
private var webAppRouting: Output? = null
private var windowsProfile: Output? = null
private var workloadAutoscalerProfile: Output? =
null
private var workloadIdentityEnabled: Output? = null
/**
* @param value A `aci_connector_linux` block as defined below. For more details, please visit [Create and configure an AKS cluster to use virtual nodes](https://docs.microsoft.com/azure/aks/virtual-nodes-portal).
*/
@JvmName("pnxoyskephoggjai")
public suspend fun aciConnectorLinux(`value`: Output) {
this.aciConnectorLinux = value
}
/**
* @param value An `api_server_access_profile` block as defined below.
*/
@JvmName("segehydwabnfvypc")
public suspend
fun apiServerAccessProfile(`value`: Output) {
this.apiServerAccessProfile = value
}
/**
* @param value
*/
@Deprecated(
message = """
This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile`
block and will be removed in v4.0 of the provider
""",
)
@JvmName("smiyquycmsohfmkp")
public suspend fun apiServerAuthorizedIpRanges(`value`: Output>) {
this.apiServerAuthorizedIpRanges = value
}
@JvmName("qhjiapeskfoguxus")
public suspend fun apiServerAuthorizedIpRanges(vararg values: Output) {
this.apiServerAuthorizedIpRanges = Output.all(values.asList())
}
/**
* @param values
*/
@Deprecated(
message = """
This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile`
block and will be removed in v4.0 of the provider
""",
)
@JvmName("oqtrqxnsgceguiqd")
public suspend fun apiServerAuthorizedIpRanges(values: List>) {
this.apiServerAuthorizedIpRanges = Output.all(values)
}
/**
* @param value A `auto_scaler_profile` block as defined below.
*/
@JvmName("tfuouqcwefwjgfbc")
public suspend fun autoScalerProfile(`value`: Output) {
this.autoScalerProfile = value
}
/**
* @param value The upgrade channel for this Kubernetes Cluster. Possible values are `patch`, `rapid`, `node-image` and `stable`. Omitting this field sets this value to `none`.
* !> **Note:** Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please [see the Azure documentation for more information](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).
* > **Note:** Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
*/
@JvmName("drrvklkboylfpcep")
public suspend fun automaticChannelUpgrade(`value`: Output) {
this.automaticChannelUpgrade = value
}
/**
* @param value A `azure_active_directory_role_based_access_control` block as defined below.
*/
@JvmName("ocwevqylbnjvudih")
public suspend
fun azureActiveDirectoryRoleBasedAccessControl(`value`: Output) {
this.azureActiveDirectoryRoleBasedAccessControl = value
}
/**
* @param value Should the Azure Policy Add-On be enabled? For more details please visit [Understand Azure Policy for Azure Kubernetes Service](https://docs.microsoft.com/en-ie/azure/governance/policy/concepts/rego-for-aks)
*/
@JvmName("ihmoqxsonwhqwywp")
public suspend fun azurePolicyEnabled(`value`: Output) {
this.azurePolicyEnabled = value
}
/**
* @param value A `confidential_computing` block as defined below. For more details please [the documentation](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview)
*/
@JvmName("pbldinnmplinxsql")
public suspend
fun confidentialComputing(`value`: Output) {
this.confidentialComputing = value
}
/**
* @param value A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled.
* > **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created.
*/
@JvmName("qbkxhehpbuurxnbe")
public suspend fun customCaTrustCertificatesBase64s(`value`: Output>) {
this.customCaTrustCertificatesBase64s = value
}
@JvmName("gytlnrrhxohjjrhj")
public suspend fun customCaTrustCertificatesBase64s(vararg values: Output) {
this.customCaTrustCertificatesBase64s = Output.all(values.asList())
}
/**
* @param values A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled.
* > **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created.
*/
@JvmName("pbbjmtwhwypxffpv")
public suspend fun customCaTrustCertificatesBase64s(values: List>) {
this.customCaTrustCertificatesBase64s = Output.all(values)
}
/**
* @param value A `default_node_pool` block as defined below.
*/
@JvmName("gtbqyjjvmsntucwt")
public suspend fun defaultNodePool(`value`: Output) {
this.defaultNodePool = value
}
/**
* @param value The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information [can be found in the documentation](https://docs.microsoft.com/azure/aks/azure-disk-customer-managed-keys). Changing this forces a new resource to be created.
*/
@JvmName("ihnjjqplevoaanfa")
public suspend fun diskEncryptionSetId(`value`: Output) {
this.diskEncryptionSetId = value
}
/**
* @param value DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
*/
@JvmName("gewsusatiebcliot")
public suspend fun dnsPrefix(`value`: Output) {
this.dnsPrefix = value
}
/**
* @param value Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
* > **Note:** You must define either a `dns_prefix` or a `dns_prefix_private_cluster` field.
* In addition, one of either `identity` or `service_principal` blocks must be specified.
*/
@JvmName("kehnbqxdwvennbfg")
public suspend fun dnsPrefixPrivateCluster(`value`: Output) {
this.dnsPrefixPrivateCluster = value
}
/**
* @param value Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
*/
@JvmName("pyssdxnmkqufmhsh")
public suspend fun edgeZone(`value`: Output) {
this.edgeZone = value
}
/**
* @param value
*/
@Deprecated(
message = """
The AKS API has removed support for this field on 2020-10-15 and is no longer possible to
configure this the Pod Security Policy.
""",
)
@JvmName("vetvivflqgucavhd")
public suspend fun enablePodSecurityPolicy(`value`: Output) {
this.enablePodSecurityPolicy = value
}
/**
* @param value Should HTTP Application Routing be enabled?
* > **Note:** At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
*/
@JvmName("dydgqitgmrphqlpw")
public suspend fun httpApplicationRoutingEnabled(`value`: Output) {
this.httpApplicationRoutingEnabled = value
}
/**
* @param value A `http_proxy_config` block as defined below.
*/
@JvmName("lfmoorxjnimpohlq")
public suspend fun httpProxyConfig(`value`: Output) {
this.httpProxyConfig = value
}
/**
* @param value An `identity` block as defined below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("ftenxdjfqcfxmmcl")
public suspend fun identity(`value`: Output) {
this.identity = value
}
/**
* @param value Specifies whether Image Cleaner is enabled.
*/
@JvmName("evyhbwcrhoylfvrb")
public suspend fun imageCleanerEnabled(`value`: Output) {
this.imageCleanerEnabled = value
}
/**
* @param value Specifies the interval in hours when images should be cleaned up. Defaults to `48`.
*/
@JvmName("uoilgkkpehhfrqxd")
public suspend fun imageCleanerIntervalHours(`value`: Output) {
this.imageCleanerIntervalHours = value
}
/**
* @param value A `ingress_application_gateway` block as defined below.
* > **Note:** Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the `Microsoft.Network/virtualNetworks/subnets/join/action` permission on the Virtual Network or Subnet. For more details, please visit [Virtual Network Permission](https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#virtual-network-permission).
*/
@JvmName("qlinkdttlsxkwlbs")
public suspend
fun ingressApplicationGateway(`value`: Output) {
this.ingressApplicationGateway = value
}
/**
* @param value A `key_management_service` block as defined below. For more details, please visit [Key Management Service (KMS) etcd encryption to an AKS cluster](https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption).
*/
@JvmName("rqqbtefufnffglkm")
public suspend
fun keyManagementService(`value`: Output) {
this.keyManagementService = value
}
/**
* @param value A `key_vault_secrets_provider` block as defined below. For more details, please visit [Azure Keyvault Secrets Provider for AKS](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver).
*/
@JvmName("mkhxauddjuysfcfu")
public suspend
fun keyVaultSecretsProvider(`value`: Output) {
this.keyVaultSecretsProvider = value
}
/**
* @param value A `kubelet_identity` block as defined below.
*/
@JvmName("rvkkjsvjttavorwm")
public suspend fun kubeletIdentity(`value`: Output) {
this.kubeletIdentity = value
}
/**
* @param value Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as `1.22` are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in [the documentation](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#alias-minor-version).
* > **Note:** Upgrading your cluster may take up to 10 minutes per node.
*/
@JvmName("wjdjknvvyvwfyujf")
public suspend fun kubernetesVersion(`value`: Output) {
this.kubernetesVersion = value
}
/**
* @param value A `linux_profile` block as defined below.
*/
@JvmName("nrcxonxpqxyioayg")
public suspend fun linuxProfile(`value`: Output) {
this.linuxProfile = value
}
/**
* @param value If `true` local accounts will be disabled. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts) for more information.
* > **Note:** If `local_account_disabled` is set to `true`, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#azure-ad-authentication-overview) for more information.
*/
@JvmName("lpubisvckhjykiiy")
public suspend fun localAccountDisabled(`value`: Output) {
this.localAccountDisabled = value
}
/**
* @param value The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
*/
@JvmName("abkwjavhjuectlea")
public suspend fun location(`value`: Output) {
this.location = value
}
/**
* @param value A `maintenance_window` block as defined below.
*/
@JvmName("xwiojtbjtejgiooy")
public suspend fun maintenanceWindow(`value`: Output) {
this.maintenanceWindow = value
}
/**
* @param value A `maintenance_window_auto_upgrade` block as defined below.
*/
@JvmName("gsjeqxbcweurrpfq")
public suspend
fun maintenanceWindowAutoUpgrade(`value`: Output) {
this.maintenanceWindowAutoUpgrade = value
}
/**
* @param value A `maintenance_window_node_os` block as defined below.
*/
@JvmName("aftqofpnerurlqua")
public suspend
fun maintenanceWindowNodeOs(`value`: Output) {
this.maintenanceWindowNodeOs = value
}
/**
* @param value A `microsoft_defender` block as defined below.
*/
@JvmName("yvoweugxfkkphplm")
public suspend fun microsoftDefender(`value`: Output) {
this.microsoftDefender = value
}
/**
* @param value Specifies a Prometheus add-on profile for the Kubernetes Cluster. A `monitor_metrics` block as defined below.
* > **Note:** If deploying Managed Prometheus, the `monitor_metrics` properties are required to configure the cluster for metrics collection. If no value is needed, set properties to `null`.
*/
@JvmName("roweurtujwfqkwvc")
public suspend fun monitorMetrics(`value`: Output) {
this.monitorMetrics = value
}
/**
* @param value The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
*/
@JvmName("lsnuulgogoboesua")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value A `network_profile` block as defined below. Changing this forces a new resource to be created.
* > **Note:** If `network_profile` is not defined, `kubenet` profile will be used by default.
*/
@JvmName("lslwtpaiysxfpjbd")
public suspend fun networkProfile(`value`: Output) {
this.networkProfile = value
}
/**
* @param value The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`.
* > **Note:** `node_os_channel_upgrade` must be set to `NodeImage` if `automatic_channel_upgrade` has been set to `node-image`
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/NodeOsUpgradeChannelPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image#register-the-nodeosupgradechannelpreview-feature-flag) for more information.
*/
@JvmName("wncrnpxevrrtaqwi")
public suspend fun nodeOsChannelUpgrade(`value`: Output) {
this.nodeOsChannelUpgrade = value
}
/**
* @param value The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
* > **Note:** Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
*/
@JvmName("dlqboedpvqjywtvs")
public suspend fun nodeResourceGroup(`value`: Output) {
this.nodeResourceGroup = value
}
/**
* @param value Enable or Disable the [OIDC issuer URL](https://learn.microsoft.com/en-gb/azure/aks/use-oidc-issuer)
*/
@JvmName("cyfbuyjtdvkxrsia")
public suspend fun oidcIssuerEnabled(`value`: Output) {
this.oidcIssuerEnabled = value
}
/**
* @param value A `oms_agent` block as defined below.
*/
@JvmName("wutyxikwkvsadbhl")
public suspend fun omsAgent(`value`: Output) {
this.omsAgent = value
}
/**
* @param value Is Open Service Mesh enabled? For more details, please visit [Open Service Mesh for AKS](https://docs.microsoft.com/azure/aks/open-service-mesh-about).
*/
@JvmName("cggunerkqkvchukf")
public suspend fun openServiceMeshEnabled(`value`: Output) {
this.openServiceMeshEnabled = value
}
/**
* @param value Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to `false`. Changing this forces a new resource to be created.
*/
@JvmName("ngrrlprpsjtghxtj")
public suspend fun privateClusterEnabled(`value`: Output) {
this.privateClusterEnabled = value
}
/**
* @param value Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to `false`.
* > **Note:** If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the `Private DNS Zone Contributor` role and access to this Private DNS Zone. If `UserAssigned` identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example",
* location: "West Europe",
* });
* const exampleZone = new azure.privatedns.Zone("example", {
* name: "privatelink.eastus2.azmk8s.io",
* resourceGroupName: example.name,
* });
* const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
* name: "aks-example-identity",
* resourceGroupName: example.name,
* location: example.location,
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* scope: exampleZone.id,
* roleDefinitionName: "Private DNS Zone Contributor",
* principalId: exampleUserAssignedIdentity.principalId,
* });
* const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
* name: "aksexamplewithprivatednszone1",
* location: example.location,
* resourceGroupName: example.name,
* dnsPrefix: "aksexamplednsprefix1",
* privateClusterEnabled: true,
* privateDnsZoneId: exampleZone.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example",
* location="West Europe")
* example_zone = azure.privatedns.Zone("example",
* name="privatelink.eastus2.azmk8s.io",
* resource_group_name=example.name)
* example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
* name="aks-example-identity",
* resource_group_name=example.name,
* location=example.location)
* example_assignment = azure.authorization.Assignment("example",
* scope=example_zone.id,
* role_definition_name="Private DNS Zone Contributor",
* principal_id=example_user_assigned_identity.principal_id)
* example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
* name="aksexamplewithprivatednszone1",
* location=example.location,
* resource_group_name=example.name,
* dns_prefix="aksexamplednsprefix1",
* private_cluster_enabled=True,
* private_dns_zone_id=example_zone.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example",
* Location = "West Europe",
* });
* var exampleZone = new Azure.PrivateDns.Zone("example", new()
* {
* Name = "privatelink.eastus2.azmk8s.io",
* ResourceGroupName = example.Name,
* });
* var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
* {
* Name = "aks-example-identity",
* ResourceGroupName = example.Name,
* Location = example.Location,
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Scope = exampleZone.Id,
* RoleDefinitionName = "Private DNS Zone Contributor",
* PrincipalId = exampleUserAssignedIdentity.PrincipalId,
* });
* var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
* {
* Name = "aksexamplewithprivatednszone1",
* Location = example.Location,
* ResourceGroupName = example.Name,
* DnsPrefix = "aksexamplednsprefix1",
* PrivateClusterEnabled = true,
* PrivateDnsZoneId = exampleZone.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/containerservice"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/privatedns"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{
* Name: pulumi.String("privatelink.eastus2.azmk8s.io"),
* ResourceGroupName: example.Name,
* })
* if err != nil {
* return err
* }
* exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
* Name: pulumi.String("aks-example-identity"),
* ResourceGroupName: example.Name,
* Location: example.Location,
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Scope: exampleZone.ID(),
* RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"),
* PrincipalId: exampleUserAssignedIdentity.PrincipalId,
* })
* if err != nil {
* return err
* }
* _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
* Name: pulumi.String("aksexamplewithprivatednszone1"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* DnsPrefix: pulumi.String("aksexamplednsprefix1"),
* PrivateClusterEnabled: pulumi.Bool(true),
* PrivateDnsZoneId: exampleZone.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.privatedns.Zone;
* import com.pulumi.azure.privatedns.ZoneArgs;
* import com.pulumi.azure.authorization.UserAssignedIdentity;
* import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import com.pulumi.azure.containerservice.KubernetesCluster;
* import com.pulumi.azure.containerservice.KubernetesClusterArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example")
* .location("West Europe")
* .build());
* var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
* .name("privatelink.eastus2.azmk8s.io")
* .resourceGroupName(example.name())
* .build());
* var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
* .name("aks-example-identity")
* .resourceGroupName(example.name())
* .location(example.location())
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .scope(exampleZone.id())
* .roleDefinitionName("Private DNS Zone Contributor")
* .principalId(exampleUserAssignedIdentity.principalId())
* .build());
* var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
* .name("aksexamplewithprivatednszone1")
* .location(example.location())
* .resourceGroupName(example.name())
* .dnsPrefix("aksexamplednsprefix1")
* .privateClusterEnabled(true)
* .privateDnsZoneId(exampleZone.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example
* location: West Europe
* exampleZone:
* type: azure:privatedns:Zone
* name: example
* properties:
* name: privatelink.eastus2.azmk8s.io
* resourceGroupName: ${example.name}
* exampleUserAssignedIdentity:
* type: azure:authorization:UserAssignedIdentity
* name: example
* properties:
* name: aks-example-identity
* resourceGroupName: ${example.name}
* location: ${example.location}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* scope: ${exampleZone.id}
* roleDefinitionName: Private DNS Zone Contributor
* principalId: ${exampleUserAssignedIdentity.principalId}
* exampleKubernetesCluster:
* type: azure:containerservice:KubernetesCluster
* name: example
* properties:
* name: aksexamplewithprivatednszone1
* location: ${example.location}
* resourceGroupName: ${example.name}
* dnsPrefix: aksexamplednsprefix1
* privateClusterEnabled: true
* privateDnsZoneId: ${exampleZone.id}
* ```
*
*/
@JvmName("nqhrmdkvmfcewcap")
public suspend fun privateClusterPublicFqdnEnabled(`value`: Output) {
this.privateClusterPublicFqdnEnabled = value
}
/**
* @param value Either the ID of Private DNS Zone which should be delegated to this Cluster, `System` to have AKS manage this or `None`. In case of `None` you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created.
*/
@JvmName("uytmfsgaekydgnnk")
public suspend fun privateDnsZoneId(`value`: Output) {
this.privateDnsZoneId = value
}
/**
* @param value Whether public network access is allowed for this Kubernetes Cluster. Defaults to `true`.
* !> **Note:** `public_network_access_enabled` is currently not functional and is not passed to the Azure API. For further information please see this [issue](https://github.com/Azure/AKS/issues/3690). For controlling the public and private exposure of a cluster please see the properties `private_cluster_enabled` and `api_server_access_profile`.
*/
@Deprecated(
message = """
`public_network_access_enabled` is currently not functional and is not be passed to the API
""",
)
@JvmName("yrfukjjluawcqodn")
public suspend fun publicNetworkAccessEnabled(`value`: Output) {
this.publicNetworkAccessEnabled = value
}
/**
* @param value Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
*/
@JvmName("mpnjvxghmegjrycd")
public suspend fun resourceGroupName(`value`: Output) {
this.resourceGroupName = value
}
/**
* @param value Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to `true`. Changing this forces a new resource to be created.
*/
@JvmName("gdudclotsumtgyfh")
public suspend fun roleBasedAccessControlEnabled(`value`: Output) {
this.roleBasedAccessControlEnabled = value
}
/**
* @param value Whether to enable run command for the cluster or not. Defaults to `true`.
*/
@JvmName("bchtvnllhpqtibvf")
public suspend fun runCommandEnabled(`value`: Output) {
this.runCommandEnabled = value
}
/**
* @param value A `service_mesh_profile` block as defined below.
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/AzureServiceMeshPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/istio-deploy-addon#register-the-azureservicemeshpreview-feature-flag) for more information.
*/
@JvmName("nqdcpnkeyurbgiph")
public suspend fun serviceMeshProfile(`value`: Output) {
this.serviceMeshProfile = value
}
/**
* @param value A `service_principal` block as documented below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("yteowumyhfbnewbw")
public suspend fun servicePrincipal(`value`: Output) {
this.servicePrincipal = value
}
/**
* @param value The SKU Tier that should be used for this Kubernetes Cluster. Possible values are `Free`, `Standard` (which includes the Uptime SLA) and `Premium`. Defaults to `Free`.
* > **Note:** Whilst the AKS API previously supported the `Paid` SKU - the AKS API introduced a breaking change in API Version `2023-02-01` (used in v3.51.0 and later) where the value `Paid` must now be set to `Standard`.
*/
@JvmName("ufsajdwdvfdtmowu")
public suspend fun skuTier(`value`: Output) {
this.skuTier = value
}
/**
* @param value A `storage_profile` block as defined below.
*/
@JvmName("nvihhgkrvbvjmufu")
public suspend fun storageProfile(`value`: Output) {
this.storageProfile = value
}
/**
* @param value Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are `KubernetesOfficial` and `AKSLongTermSupport`. Defaults to `KubernetesOfficial`.
*/
@JvmName("yglrwbamnwuttgqk")
public suspend fun supportPlan(`value`: Output) {
this.supportPlan = value
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("taveslyqwwfbjmrk")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value A `web_app_routing` block as defined below.
*/
@JvmName("smuwvtktxgqmitip")
public suspend fun webAppRouting(`value`: Output) {
this.webAppRouting = value
}
/**
* @param value A `windows_profile` block as defined below.
*/
@JvmName("ontuxabclgwalesi")
public suspend fun windowsProfile(`value`: Output) {
this.windowsProfile = value
}
/**
* @param value A `workload_autoscaler_profile` block defined below.
*/
@JvmName("rogssoumoinxoqem")
public suspend
fun workloadAutoscalerProfile(`value`: Output) {
this.workloadAutoscalerProfile = value
}
/**
* @param value Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to `false`.
* > **Note:** To enable Azure AD Workload Identity `oidc_issuer_enabled` must be set to `true`.
* > **Note:** Enabling this option will allocate Workload Identity resources to the `kube-system` namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to [the documentation on Azure AD Workload Identity.](https://azure.github.io/azure-workload-identity/docs/installation/mutating-admission-webhook.html) The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
*/
@JvmName("saasqvelocufrwvk")
public suspend fun workloadIdentityEnabled(`value`: Output) {
this.workloadIdentityEnabled = value
}
/**
* @param value A `aci_connector_linux` block as defined below. For more details, please visit [Create and configure an AKS cluster to use virtual nodes](https://docs.microsoft.com/azure/aks/virtual-nodes-portal).
*/
@JvmName("wxcnrwyijkrmoxrl")
public suspend fun aciConnectorLinux(`value`: KubernetesClusterAciConnectorLinuxArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.aciConnectorLinux = mapped
}
/**
* @param argument A `aci_connector_linux` block as defined below. For more details, please visit [Create and configure an AKS cluster to use virtual nodes](https://docs.microsoft.com/azure/aks/virtual-nodes-portal).
*/
@JvmName("bgvlqoddhlrbsmov")
public suspend
fun aciConnectorLinux(argument: suspend KubernetesClusterAciConnectorLinuxArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterAciConnectorLinuxArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.aciConnectorLinux = mapped
}
/**
* @param value An `api_server_access_profile` block as defined below.
*/
@JvmName("bfdyrfdwsdnwiwni")
public suspend fun apiServerAccessProfile(`value`: KubernetesClusterApiServerAccessProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.apiServerAccessProfile = mapped
}
/**
* @param argument An `api_server_access_profile` block as defined below.
*/
@JvmName("nswfnbivyopaqvga")
public suspend
fun apiServerAccessProfile(argument: suspend KubernetesClusterApiServerAccessProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterApiServerAccessProfileArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.apiServerAccessProfile = mapped
}
/**
* @param value
*/
@Deprecated(
message = """
This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile`
block and will be removed in v4.0 of the provider
""",
)
@JvmName("luwuaogkrenjsckc")
public suspend fun apiServerAuthorizedIpRanges(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.apiServerAuthorizedIpRanges = mapped
}
/**
* @param values
*/
@Deprecated(
message = """
This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile`
block and will be removed in v4.0 of the provider
""",
)
@JvmName("ffttralwnwhaqpht")
public suspend fun apiServerAuthorizedIpRanges(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.apiServerAuthorizedIpRanges = mapped
}
/**
* @param value A `auto_scaler_profile` block as defined below.
*/
@JvmName("tbfsjmslbrhwndqo")
public suspend fun autoScalerProfile(`value`: KubernetesClusterAutoScalerProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.autoScalerProfile = mapped
}
/**
* @param argument A `auto_scaler_profile` block as defined below.
*/
@JvmName("uqnyaroknttiixvu")
public suspend
fun autoScalerProfile(argument: suspend KubernetesClusterAutoScalerProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterAutoScalerProfileArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.autoScalerProfile = mapped
}
/**
* @param value The upgrade channel for this Kubernetes Cluster. Possible values are `patch`, `rapid`, `node-image` and `stable`. Omitting this field sets this value to `none`.
* !> **Note:** Cluster Auto-Upgrade will update the Kubernetes Cluster (and its Node Pools) to the latest GA version of Kubernetes automatically - please [see the Azure documentation for more information](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).
* > **Note:** Cluster Auto-Upgrade only updates to GA versions of Kubernetes and will not update to Preview versions.
*/
@JvmName("pdcqcymtgyeyjlps")
public suspend fun automaticChannelUpgrade(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.automaticChannelUpgrade = mapped
}
/**
* @param value A `azure_active_directory_role_based_access_control` block as defined below.
*/
@JvmName("uidfvwvbpghvrjkn")
public suspend
fun azureActiveDirectoryRoleBasedAccessControl(`value`: KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.azureActiveDirectoryRoleBasedAccessControl = mapped
}
/**
* @param argument A `azure_active_directory_role_based_access_control` block as defined below.
*/
@JvmName("gqdohjmlykehqxxc")
public suspend
fun azureActiveDirectoryRoleBasedAccessControl(argument: suspend KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgsBuilder.() -> Unit) {
val toBeMapped =
KubernetesClusterAzureActiveDirectoryRoleBasedAccessControlArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.azureActiveDirectoryRoleBasedAccessControl = mapped
}
/**
* @param value Should the Azure Policy Add-On be enabled? For more details please visit [Understand Azure Policy for Azure Kubernetes Service](https://docs.microsoft.com/en-ie/azure/governance/policy/concepts/rego-for-aks)
*/
@JvmName("nafegevhwiqmavyu")
public suspend fun azurePolicyEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.azurePolicyEnabled = mapped
}
/**
* @param value A `confidential_computing` block as defined below. For more details please [the documentation](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview)
*/
@JvmName("lcvudethsfsnylsa")
public suspend fun confidentialComputing(`value`: KubernetesClusterConfidentialComputingArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.confidentialComputing = mapped
}
/**
* @param argument A `confidential_computing` block as defined below. For more details please [the documentation](https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-nodes-aks-overview)
*/
@JvmName("qycixiuydfxbrauh")
public suspend
fun confidentialComputing(argument: suspend KubernetesClusterConfidentialComputingArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterConfidentialComputingArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.confidentialComputing = mapped
}
/**
* @param value A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled.
* > **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created.
*/
@JvmName("ifakfopatmietxbl")
public suspend fun customCaTrustCertificatesBase64s(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.customCaTrustCertificatesBase64s = mapped
}
/**
* @param values A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled.
* > **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created.
*/
@JvmName("gumfcvkydbmfouwc")
public suspend fun customCaTrustCertificatesBase64s(vararg values: String) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.customCaTrustCertificatesBase64s = mapped
}
/**
* @param value A `default_node_pool` block as defined below.
*/
@JvmName("fulbtwbnpdmwtpvw")
public suspend fun defaultNodePool(`value`: KubernetesClusterDefaultNodePoolArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultNodePool = mapped
}
/**
* @param argument A `default_node_pool` block as defined below.
*/
@JvmName("tkpthgslgqqcklak")
public suspend
fun defaultNodePool(argument: suspend KubernetesClusterDefaultNodePoolArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterDefaultNodePoolArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.defaultNodePool = mapped
}
/**
* @param value The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information [can be found in the documentation](https://docs.microsoft.com/azure/aks/azure-disk-customer-managed-keys). Changing this forces a new resource to be created.
*/
@JvmName("fjfiiwxsjjchydyx")
public suspend fun diskEncryptionSetId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.diskEncryptionSetId = mapped
}
/**
* @param value DNS prefix specified when creating the managed cluster. Possible values must begin and end with a letter or number, contain only letters, numbers, and hyphens and be between 1 and 54 characters in length. Changing this forces a new resource to be created.
*/
@JvmName("sjdmnqknwhueyywu")
public suspend fun dnsPrefix(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.dnsPrefix = mapped
}
/**
* @param value Specifies the DNS prefix to use with private clusters. Changing this forces a new resource to be created.
* > **Note:** You must define either a `dns_prefix` or a `dns_prefix_private_cluster` field.
* In addition, one of either `identity` or `service_principal` blocks must be specified.
*/
@JvmName("pevaailwxcveujct")
public suspend fun dnsPrefixPrivateCluster(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.dnsPrefixPrivateCluster = mapped
}
/**
* @param value Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
*/
@JvmName("tnspscdtxxclctob")
public suspend fun edgeZone(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.edgeZone = mapped
}
/**
* @param value
*/
@Deprecated(
message = """
The AKS API has removed support for this field on 2020-10-15 and is no longer possible to
configure this the Pod Security Policy.
""",
)
@JvmName("anjcgkretchlanop")
public suspend fun enablePodSecurityPolicy(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enablePodSecurityPolicy = mapped
}
/**
* @param value Should HTTP Application Routing be enabled?
* > **Note:** At this time HTTP Application Routing is not supported in Azure China or Azure US Government.
*/
@JvmName("kadyobwcsmywdsbf")
public suspend fun httpApplicationRoutingEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.httpApplicationRoutingEnabled = mapped
}
/**
* @param value A `http_proxy_config` block as defined below.
*/
@JvmName("hnvoptdhusropnvl")
public suspend fun httpProxyConfig(`value`: KubernetesClusterHttpProxyConfigArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.httpProxyConfig = mapped
}
/**
* @param argument A `http_proxy_config` block as defined below.
*/
@JvmName("bdkliwqbjpvbafsu")
public suspend
fun httpProxyConfig(argument: suspend KubernetesClusterHttpProxyConfigArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterHttpProxyConfigArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.httpProxyConfig = mapped
}
/**
* @param value An `identity` block as defined below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("untuvlmpeqkdtout")
public suspend fun identity(`value`: KubernetesClusterIdentityArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.identity = mapped
}
/**
* @param argument An `identity` block as defined below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("akhbrechwxhsubqk")
public suspend fun identity(argument: suspend KubernetesClusterIdentityArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterIdentityArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.identity = mapped
}
/**
* @param value Specifies whether Image Cleaner is enabled.
*/
@JvmName("ulvvvllkukiwaifl")
public suspend fun imageCleanerEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.imageCleanerEnabled = mapped
}
/**
* @param value Specifies the interval in hours when images should be cleaned up. Defaults to `48`.
*/
@JvmName("tisyygjjfcwdwuyg")
public suspend fun imageCleanerIntervalHours(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.imageCleanerIntervalHours = mapped
}
/**
* @param value A `ingress_application_gateway` block as defined below.
* > **Note:** Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the `Microsoft.Network/virtualNetworks/subnets/join/action` permission on the Virtual Network or Subnet. For more details, please visit [Virtual Network Permission](https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#virtual-network-permission).
*/
@JvmName("iavcudnrudsfohie")
public suspend
fun ingressApplicationGateway(`value`: KubernetesClusterIngressApplicationGatewayArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.ingressApplicationGateway = mapped
}
/**
* @param argument A `ingress_application_gateway` block as defined below.
* > **Note:** Since the Application Gateway is deployed inside a Virtual Network, users (and Service Principals) that are operating the Application Gateway must have the `Microsoft.Network/virtualNetworks/subnets/join/action` permission on the Virtual Network or Subnet. For more details, please visit [Virtual Network Permission](https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#virtual-network-permission).
*/
@JvmName("wfukhnhdjildhvgk")
public suspend
fun ingressApplicationGateway(argument: suspend KubernetesClusterIngressApplicationGatewayArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterIngressApplicationGatewayArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.ingressApplicationGateway = mapped
}
/**
* @param value A `key_management_service` block as defined below. For more details, please visit [Key Management Service (KMS) etcd encryption to an AKS cluster](https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption).
*/
@JvmName("yfyhwgeqabualuyi")
public suspend fun keyManagementService(`value`: KubernetesClusterKeyManagementServiceArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyManagementService = mapped
}
/**
* @param argument A `key_management_service` block as defined below. For more details, please visit [Key Management Service (KMS) etcd encryption to an AKS cluster](https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption).
*/
@JvmName("lsdwavpbtwmiages")
public suspend
fun keyManagementService(argument: suspend KubernetesClusterKeyManagementServiceArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterKeyManagementServiceArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.keyManagementService = mapped
}
/**
* @param value A `key_vault_secrets_provider` block as defined below. For more details, please visit [Azure Keyvault Secrets Provider for AKS](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver).
*/
@JvmName("rhjpfemjifnrmtuc")
public suspend
fun keyVaultSecretsProvider(`value`: KubernetesClusterKeyVaultSecretsProviderArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyVaultSecretsProvider = mapped
}
/**
* @param argument A `key_vault_secrets_provider` block as defined below. For more details, please visit [Azure Keyvault Secrets Provider for AKS](https://docs.microsoft.com/azure/aks/csi-secrets-store-driver).
*/
@JvmName("ujhfplgcnodokddm")
public suspend
fun keyVaultSecretsProvider(argument: suspend KubernetesClusterKeyVaultSecretsProviderArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterKeyVaultSecretsProviderArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.keyVaultSecretsProvider = mapped
}
/**
* @param value A `kubelet_identity` block as defined below.
*/
@JvmName("niuuquoaachfoakb")
public suspend fun kubeletIdentity(`value`: KubernetesClusterKubeletIdentityArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubeletIdentity = mapped
}
/**
* @param argument A `kubelet_identity` block as defined below.
*/
@JvmName("swagfxkqeeyqpvna")
public suspend
fun kubeletIdentity(argument: suspend KubernetesClusterKubeletIdentityArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterKubeletIdentityArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.kubeletIdentity = mapped
}
/**
* @param value Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as `1.22` are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in [the documentation](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#alias-minor-version).
* > **Note:** Upgrading your cluster may take up to 10 minutes per node.
*/
@JvmName("mucywnlccllcarsp")
public suspend fun kubernetesVersion(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.kubernetesVersion = mapped
}
/**
* @param value A `linux_profile` block as defined below.
*/
@JvmName("bowdfkgqvoqjcbqd")
public suspend fun linuxProfile(`value`: KubernetesClusterLinuxProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.linuxProfile = mapped
}
/**
* @param argument A `linux_profile` block as defined below.
*/
@JvmName("nkmcxrwtwxnqerjr")
public suspend
fun linuxProfile(argument: suspend KubernetesClusterLinuxProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterLinuxProfileArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.linuxProfile = mapped
}
/**
* @param value If `true` local accounts will be disabled. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts) for more information.
* > **Note:** If `local_account_disabled` is set to `true`, it is required to enable Kubernetes RBAC and AKS-managed Azure AD integration. See [the documentation](https://docs.microsoft.com/azure/aks/managed-aad#azure-ad-authentication-overview) for more information.
*/
@JvmName("xxbibsfeeaisbumd")
public suspend fun localAccountDisabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.localAccountDisabled = mapped
}
/**
* @param value The location where the Managed Kubernetes Cluster should be created. Changing this forces a new resource to be created.
*/
@JvmName("bfuuqtjxrmxujadb")
public suspend fun location(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.location = mapped
}
/**
* @param value A `maintenance_window` block as defined below.
*/
@JvmName("nxwwwoqcdlovwnfx")
public suspend fun maintenanceWindow(`value`: KubernetesClusterMaintenanceWindowArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maintenanceWindow = mapped
}
/**
* @param argument A `maintenance_window` block as defined below.
*/
@JvmName("niykyxyjlxkkashu")
public suspend
fun maintenanceWindow(argument: suspend KubernetesClusterMaintenanceWindowArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterMaintenanceWindowArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.maintenanceWindow = mapped
}
/**
* @param value A `maintenance_window_auto_upgrade` block as defined below.
*/
@JvmName("dfgxeovxtwjfdrbg")
public suspend
fun maintenanceWindowAutoUpgrade(`value`: KubernetesClusterMaintenanceWindowAutoUpgradeArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maintenanceWindowAutoUpgrade = mapped
}
/**
* @param argument A `maintenance_window_auto_upgrade` block as defined below.
*/
@JvmName("mpbrxbufypyvymyg")
public suspend
fun maintenanceWindowAutoUpgrade(argument: suspend KubernetesClusterMaintenanceWindowAutoUpgradeArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterMaintenanceWindowAutoUpgradeArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.maintenanceWindowAutoUpgrade = mapped
}
/**
* @param value A `maintenance_window_node_os` block as defined below.
*/
@JvmName("slenavfhmwnhwppq")
public suspend
fun maintenanceWindowNodeOs(`value`: KubernetesClusterMaintenanceWindowNodeOsArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.maintenanceWindowNodeOs = mapped
}
/**
* @param argument A `maintenance_window_node_os` block as defined below.
*/
@JvmName("husoqsiymcovgqmp")
public suspend
fun maintenanceWindowNodeOs(argument: suspend KubernetesClusterMaintenanceWindowNodeOsArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterMaintenanceWindowNodeOsArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.maintenanceWindowNodeOs = mapped
}
/**
* @param value A `microsoft_defender` block as defined below.
*/
@JvmName("hthxvioypidepmwt")
public suspend fun microsoftDefender(`value`: KubernetesClusterMicrosoftDefenderArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.microsoftDefender = mapped
}
/**
* @param argument A `microsoft_defender` block as defined below.
*/
@JvmName("gnvtlhxowrlbkjcg")
public suspend
fun microsoftDefender(argument: suspend KubernetesClusterMicrosoftDefenderArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterMicrosoftDefenderArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.microsoftDefender = mapped
}
/**
* @param value Specifies a Prometheus add-on profile for the Kubernetes Cluster. A `monitor_metrics` block as defined below.
* > **Note:** If deploying Managed Prometheus, the `monitor_metrics` properties are required to configure the cluster for metrics collection. If no value is needed, set properties to `null`.
*/
@JvmName("pulfhgriwuwojwlw")
public suspend fun monitorMetrics(`value`: KubernetesClusterMonitorMetricsArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.monitorMetrics = mapped
}
/**
* @param argument Specifies a Prometheus add-on profile for the Kubernetes Cluster. A `monitor_metrics` block as defined below.
* > **Note:** If deploying Managed Prometheus, the `monitor_metrics` properties are required to configure the cluster for metrics collection. If no value is needed, set properties to `null`.
*/
@JvmName("qbyjdnxxryetwfip")
public suspend
fun monitorMetrics(argument: suspend KubernetesClusterMonitorMetricsArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterMonitorMetricsArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.monitorMetrics = mapped
}
/**
* @param value The name of the Managed Kubernetes Cluster to create. Changing this forces a new resource to be created.
*/
@JvmName("uoipokfipuetkfmi")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value A `network_profile` block as defined below. Changing this forces a new resource to be created.
* > **Note:** If `network_profile` is not defined, `kubenet` profile will be used by default.
*/
@JvmName("qqhhdfjkfqgtesar")
public suspend fun networkProfile(`value`: KubernetesClusterNetworkProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.networkProfile = mapped
}
/**
* @param argument A `network_profile` block as defined below. Changing this forces a new resource to be created.
* > **Note:** If `network_profile` is not defined, `kubenet` profile will be used by default.
*/
@JvmName("ephjsurmejxxnilp")
public suspend
fun networkProfile(argument: suspend KubernetesClusterNetworkProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterNetworkProfileArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.networkProfile = mapped
}
/**
* @param value The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`.
* > **Note:** `node_os_channel_upgrade` must be set to `NodeImage` if `automatic_channel_upgrade` has been set to `node-image`
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/NodeOsUpgradeChannelPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-node-image#register-the-nodeosupgradechannelpreview-feature-flag) for more information.
*/
@JvmName("wbpaywqrlririavd")
public suspend fun nodeOsChannelUpgrade(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.nodeOsChannelUpgrade = mapped
}
/**
* @param value The name of the Resource Group where the Kubernetes Nodes should exist. Changing this forces a new resource to be created.
* > **Note:** Azure requires that a new, non-existent Resource Group is used, as otherwise, the provisioning of the Kubernetes Service will fail.
*/
@JvmName("xnkjsvsoxvgongja")
public suspend fun nodeResourceGroup(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.nodeResourceGroup = mapped
}
/**
* @param value Enable or Disable the [OIDC issuer URL](https://learn.microsoft.com/en-gb/azure/aks/use-oidc-issuer)
*/
@JvmName("soublnyprjiubktm")
public suspend fun oidcIssuerEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.oidcIssuerEnabled = mapped
}
/**
* @param value A `oms_agent` block as defined below.
*/
@JvmName("cdwusgneclmidjuv")
public suspend fun omsAgent(`value`: KubernetesClusterOmsAgentArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.omsAgent = mapped
}
/**
* @param argument A `oms_agent` block as defined below.
*/
@JvmName("baqkacbnaxubexjw")
public suspend fun omsAgent(argument: suspend KubernetesClusterOmsAgentArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterOmsAgentArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.omsAgent = mapped
}
/**
* @param value Is Open Service Mesh enabled? For more details, please visit [Open Service Mesh for AKS](https://docs.microsoft.com/azure/aks/open-service-mesh-about).
*/
@JvmName("mcsoecmeusbueyxg")
public suspend fun openServiceMeshEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.openServiceMeshEnabled = mapped
}
/**
* @param value Should this Kubernetes Cluster have its API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to `false`. Changing this forces a new resource to be created.
*/
@JvmName("wqorsokfxdaejsrh")
public suspend fun privateClusterEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.privateClusterEnabled = mapped
}
/**
* @param value Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to `false`.
* > **Note:** If you use BYO DNS Zone, the AKS cluster should either use a User Assigned Identity or a service principal (which is deprecated) with the `Private DNS Zone Contributor` role and access to this Private DNS Zone. If `UserAssigned` identity is used - to prevent improper resource order destruction - the cluster should depend on the role assignment, like in this example:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const example = new azure.core.ResourceGroup("example", {
* name: "example",
* location: "West Europe",
* });
* const exampleZone = new azure.privatedns.Zone("example", {
* name: "privatelink.eastus2.azmk8s.io",
* resourceGroupName: example.name,
* });
* const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
* name: "aks-example-identity",
* resourceGroupName: example.name,
* location: example.location,
* });
* const exampleAssignment = new azure.authorization.Assignment("example", {
* scope: exampleZone.id,
* roleDefinitionName: "Private DNS Zone Contributor",
* principalId: exampleUserAssignedIdentity.principalId,
* });
* const exampleKubernetesCluster = new azure.containerservice.KubernetesCluster("example", {
* name: "aksexamplewithprivatednszone1",
* location: example.location,
* resourceGroupName: example.name,
* dnsPrefix: "aksexamplednsprefix1",
* privateClusterEnabled: true,
* privateDnsZoneId: exampleZone.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example = azure.core.ResourceGroup("example",
* name="example",
* location="West Europe")
* example_zone = azure.privatedns.Zone("example",
* name="privatelink.eastus2.azmk8s.io",
* resource_group_name=example.name)
* example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
* name="aks-example-identity",
* resource_group_name=example.name,
* location=example.location)
* example_assignment = azure.authorization.Assignment("example",
* scope=example_zone.id,
* role_definition_name="Private DNS Zone Contributor",
* principal_id=example_user_assigned_identity.principal_id)
* example_kubernetes_cluster = azure.containerservice.KubernetesCluster("example",
* name="aksexamplewithprivatednszone1",
* location=example.location,
* resource_group_name=example.name,
* dns_prefix="aksexamplednsprefix1",
* private_cluster_enabled=True,
* private_dns_zone_id=example_zone.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var example = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example",
* Location = "West Europe",
* });
* var exampleZone = new Azure.PrivateDns.Zone("example", new()
* {
* Name = "privatelink.eastus2.azmk8s.io",
* ResourceGroupName = example.Name,
* });
* var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
* {
* Name = "aks-example-identity",
* ResourceGroupName = example.Name,
* Location = example.Location,
* });
* var exampleAssignment = new Azure.Authorization.Assignment("example", new()
* {
* Scope = exampleZone.Id,
* RoleDefinitionName = "Private DNS Zone Contributor",
* PrincipalId = exampleUserAssignedIdentity.PrincipalId,
* });
* var exampleKubernetesCluster = new Azure.ContainerService.KubernetesCluster("example", new()
* {
* Name = "aksexamplewithprivatednszone1",
* Location = example.Location,
* ResourceGroupName = example.Name,
* DnsPrefix = "aksexamplednsprefix1",
* PrivateClusterEnabled = true,
* PrivateDnsZoneId = exampleZone.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/containerservice"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/privatedns"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{
* Name: pulumi.String("privatelink.eastus2.azmk8s.io"),
* ResourceGroupName: example.Name,
* })
* if err != nil {
* return err
* }
* exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
* Name: pulumi.String("aks-example-identity"),
* ResourceGroupName: example.Name,
* Location: example.Location,
* })
* if err != nil {
* return err
* }
* _, err = authorization.NewAssignment(ctx, "example", &authorization.AssignmentArgs{
* Scope: exampleZone.ID(),
* RoleDefinitionName: pulumi.String("Private DNS Zone Contributor"),
* PrincipalId: exampleUserAssignedIdentity.PrincipalId,
* })
* if err != nil {
* return err
* }
* _, err = containerservice.NewKubernetesCluster(ctx, "example", &containerservice.KubernetesClusterArgs{
* Name: pulumi.String("aksexamplewithprivatednszone1"),
* Location: example.Location,
* ResourceGroupName: example.Name,
* DnsPrefix: pulumi.String("aksexamplednsprefix1"),
* PrivateClusterEnabled: pulumi.Bool(true),
* PrivateDnsZoneId: exampleZone.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.privatedns.Zone;
* import com.pulumi.azure.privatedns.ZoneArgs;
* import com.pulumi.azure.authorization.UserAssignedIdentity;
* import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
* import com.pulumi.azure.authorization.Assignment;
* import com.pulumi.azure.authorization.AssignmentArgs;
* import com.pulumi.azure.containerservice.KubernetesCluster;
* import com.pulumi.azure.containerservice.KubernetesClusterArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example")
* .location("West Europe")
* .build());
* var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
* .name("privatelink.eastus2.azmk8s.io")
* .resourceGroupName(example.name())
* .build());
* var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
* .name("aks-example-identity")
* .resourceGroupName(example.name())
* .location(example.location())
* .build());
* var exampleAssignment = new Assignment("exampleAssignment", AssignmentArgs.builder()
* .scope(exampleZone.id())
* .roleDefinitionName("Private DNS Zone Contributor")
* .principalId(exampleUserAssignedIdentity.principalId())
* .build());
* var exampleKubernetesCluster = new KubernetesCluster("exampleKubernetesCluster", KubernetesClusterArgs.builder()
* .name("aksexamplewithprivatednszone1")
* .location(example.location())
* .resourceGroupName(example.name())
* .dnsPrefix("aksexamplednsprefix1")
* .privateClusterEnabled(true)
* .privateDnsZoneId(exampleZone.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: azure:core:ResourceGroup
* properties:
* name: example
* location: West Europe
* exampleZone:
* type: azure:privatedns:Zone
* name: example
* properties:
* name: privatelink.eastus2.azmk8s.io
* resourceGroupName: ${example.name}
* exampleUserAssignedIdentity:
* type: azure:authorization:UserAssignedIdentity
* name: example
* properties:
* name: aks-example-identity
* resourceGroupName: ${example.name}
* location: ${example.location}
* exampleAssignment:
* type: azure:authorization:Assignment
* name: example
* properties:
* scope: ${exampleZone.id}
* roleDefinitionName: Private DNS Zone Contributor
* principalId: ${exampleUserAssignedIdentity.principalId}
* exampleKubernetesCluster:
* type: azure:containerservice:KubernetesCluster
* name: example
* properties:
* name: aksexamplewithprivatednszone1
* location: ${example.location}
* resourceGroupName: ${example.name}
* dnsPrefix: aksexamplednsprefix1
* privateClusterEnabled: true
* privateDnsZoneId: ${exampleZone.id}
* ```
*
*/
@JvmName("yjphnqjmposfknrn")
public suspend fun privateClusterPublicFqdnEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.privateClusterPublicFqdnEnabled = mapped
}
/**
* @param value Either the ID of Private DNS Zone which should be delegated to this Cluster, `System` to have AKS manage this or `None`. In case of `None` you will need to bring your own DNS server and set up resolving, otherwise, the cluster will have issues after provisioning. Changing this forces a new resource to be created.
*/
@JvmName("slednsxcbtxirbgv")
public suspend fun privateDnsZoneId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.privateDnsZoneId = mapped
}
/**
* @param value Whether public network access is allowed for this Kubernetes Cluster. Defaults to `true`.
* !> **Note:** `public_network_access_enabled` is currently not functional and is not passed to the Azure API. For further information please see this [issue](https://github.com/Azure/AKS/issues/3690). For controlling the public and private exposure of a cluster please see the properties `private_cluster_enabled` and `api_server_access_profile`.
*/
@Deprecated(
message = """
`public_network_access_enabled` is currently not functional and is not be passed to the API
""",
)
@JvmName("tpnkiogrpfiyffmp")
public suspend fun publicNetworkAccessEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.publicNetworkAccessEnabled = mapped
}
/**
* @param value Specifies the Resource Group where the Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created.
*/
@JvmName("pnofnfpubrmmvxka")
public suspend fun resourceGroupName(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.resourceGroupName = mapped
}
/**
* @param value Whether Role Based Access Control for the Kubernetes Cluster should be enabled. Defaults to `true`. Changing this forces a new resource to be created.
*/
@JvmName("avsxpkxiofyxwyxd")
public suspend fun roleBasedAccessControlEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.roleBasedAccessControlEnabled = mapped
}
/**
* @param value Whether to enable run command for the cluster or not. Defaults to `true`.
*/
@JvmName("axtgqrlhqkfouoej")
public suspend fun runCommandEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.runCommandEnabled = mapped
}
/**
* @param value A `service_mesh_profile` block as defined below.
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/AzureServiceMeshPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/istio-deploy-addon#register-the-azureservicemeshpreview-feature-flag) for more information.
*/
@JvmName("fpvdrfjhallghcfw")
public suspend fun serviceMeshProfile(`value`: KubernetesClusterServiceMeshProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.serviceMeshProfile = mapped
}
/**
* @param argument A `service_mesh_profile` block as defined below.
* > **Note:** This requires that the Preview Feature `Microsoft.ContainerService/AzureServiceMeshPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/istio-deploy-addon#register-the-azureservicemeshpreview-feature-flag) for more information.
*/
@JvmName("ybdfwusfgloyfauh")
public suspend
fun serviceMeshProfile(argument: suspend KubernetesClusterServiceMeshProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterServiceMeshProfileArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.serviceMeshProfile = mapped
}
/**
* @param value A `service_principal` block as documented below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("bvxnlebywxufeohx")
public suspend fun servicePrincipal(`value`: KubernetesClusterServicePrincipalArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.servicePrincipal = mapped
}
/**
* @param argument A `service_principal` block as documented below. One of either `identity` or `service_principal` must be specified.
* !> **Note:** A migration scenario from `service_principal` to `identity` is supported. When upgrading `service_principal` to `identity`, your cluster's control plane and addon pods will switch to use managed identity, but the kubelets will keep using your configured `service_principal` until you upgrade your Node Pool.
*/
@JvmName("cjtmejgjkhskejbo")
public suspend
fun servicePrincipal(argument: suspend KubernetesClusterServicePrincipalArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterServicePrincipalArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.servicePrincipal = mapped
}
/**
* @param value The SKU Tier that should be used for this Kubernetes Cluster. Possible values are `Free`, `Standard` (which includes the Uptime SLA) and `Premium`. Defaults to `Free`.
* > **Note:** Whilst the AKS API previously supported the `Paid` SKU - the AKS API introduced a breaking change in API Version `2023-02-01` (used in v3.51.0 and later) where the value `Paid` must now be set to `Standard`.
*/
@JvmName("lcoidwwshmeakhdi")
public suspend fun skuTier(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.skuTier = mapped
}
/**
* @param value A `storage_profile` block as defined below.
*/
@JvmName("twqqykhnodbjvogp")
public suspend fun storageProfile(`value`: KubernetesClusterStorageProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.storageProfile = mapped
}
/**
* @param argument A `storage_profile` block as defined below.
*/
@JvmName("cyfjxoofierxrfix")
public suspend
fun storageProfile(argument: suspend KubernetesClusterStorageProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterStorageProfileArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.storageProfile = mapped
}
/**
* @param value Specifies the support plan which should be used for this Kubernetes Cluster. Possible values are `KubernetesOfficial` and `AKSLongTermSupport`. Defaults to `KubernetesOfficial`.
*/
@JvmName("egyryodetjumrtwf")
public suspend fun supportPlan(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.supportPlan = mapped
}
/**
* @param value A mapping of tags to assign to the resource.
*/
@JvmName("wfmynkdlrgcvubba")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values A mapping of tags to assign to the resource.
*/
@JvmName("umficuntgsxdalxu")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param value A `web_app_routing` block as defined below.
*/
@JvmName("wacbrdkbeijvkipg")
public suspend fun webAppRouting(`value`: KubernetesClusterWebAppRoutingArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.webAppRouting = mapped
}
/**
* @param argument A `web_app_routing` block as defined below.
*/
@JvmName("osdvwbaekvutphtu")
public suspend
fun webAppRouting(argument: suspend KubernetesClusterWebAppRoutingArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterWebAppRoutingArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.webAppRouting = mapped
}
/**
* @param value A `windows_profile` block as defined below.
*/
@JvmName("wecbupnghpbmdpju")
public suspend fun windowsProfile(`value`: KubernetesClusterWindowsProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.windowsProfile = mapped
}
/**
* @param argument A `windows_profile` block as defined below.
*/
@JvmName("heexmtprhmamjwtk")
public suspend
fun windowsProfile(argument: suspend KubernetesClusterWindowsProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterWindowsProfileArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.windowsProfile = mapped
}
/**
* @param value A `workload_autoscaler_profile` block defined below.
*/
@JvmName("nmkyisumfwovcoju")
public suspend
fun workloadAutoscalerProfile(`value`: KubernetesClusterWorkloadAutoscalerProfileArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.workloadAutoscalerProfile = mapped
}
/**
* @param argument A `workload_autoscaler_profile` block defined below.
*/
@JvmName("dkbfpvfoawpeolwr")
public suspend
fun workloadAutoscalerProfile(argument: suspend KubernetesClusterWorkloadAutoscalerProfileArgsBuilder.() -> Unit) {
val toBeMapped = KubernetesClusterWorkloadAutoscalerProfileArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.workloadAutoscalerProfile = mapped
}
/**
* @param value Specifies whether Azure AD Workload Identity should be enabled for the Cluster. Defaults to `false`.
* > **Note:** To enable Azure AD Workload Identity `oidc_issuer_enabled` must be set to `true`.
* > **Note:** Enabling this option will allocate Workload Identity resources to the `kube-system` namespace in Kubernetes. If you wish to customize the deployment of Workload Identity, you can refer to [the documentation on Azure AD Workload Identity.](https://azure.github.io/azure-workload-identity/docs/installation/mutating-admission-webhook.html) The documentation provides guidance on how to install the mutating admission webhook, which allows for the customization of Workload Identity deployment.
*/
@JvmName("ipddoqvkrgwvpfyr")
public suspend fun workloadIdentityEnabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.workloadIdentityEnabled = mapped
}
internal fun build(): KubernetesClusterArgs = KubernetesClusterArgs(
aciConnectorLinux = aciConnectorLinux,
apiServerAccessProfile = apiServerAccessProfile,
apiServerAuthorizedIpRanges = apiServerAuthorizedIpRanges,
autoScalerProfile = autoScalerProfile,
automaticChannelUpgrade = automaticChannelUpgrade,
azureActiveDirectoryRoleBasedAccessControl = azureActiveDirectoryRoleBasedAccessControl,
azurePolicyEnabled = azurePolicyEnabled,
confidentialComputing = confidentialComputing,
customCaTrustCertificatesBase64s = customCaTrustCertificatesBase64s,
defaultNodePool = defaultNodePool,
diskEncryptionSetId = diskEncryptionSetId,
dnsPrefix = dnsPrefix,
dnsPrefixPrivateCluster = dnsPrefixPrivateCluster,
edgeZone = edgeZone,
enablePodSecurityPolicy = enablePodSecurityPolicy,
httpApplicationRoutingEnabled = httpApplicationRoutingEnabled,
httpProxyConfig = httpProxyConfig,
identity = identity,
imageCleanerEnabled = imageCleanerEnabled,
imageCleanerIntervalHours = imageCleanerIntervalHours,
ingressApplicationGateway = ingressApplicationGateway,
keyManagementService = keyManagementService,
keyVaultSecretsProvider = keyVaultSecretsProvider,
kubeletIdentity = kubeletIdentity,
kubernetesVersion = kubernetesVersion,
linuxProfile = linuxProfile,
localAccountDisabled = localAccountDisabled,
location = location,
maintenanceWindow = maintenanceWindow,
maintenanceWindowAutoUpgrade = maintenanceWindowAutoUpgrade,
maintenanceWindowNodeOs = maintenanceWindowNodeOs,
microsoftDefender = microsoftDefender,
monitorMetrics = monitorMetrics,
name = name,
networkProfile = networkProfile,
nodeOsChannelUpgrade = nodeOsChannelUpgrade,
nodeResourceGroup = nodeResourceGroup,
oidcIssuerEnabled = oidcIssuerEnabled,
omsAgent = omsAgent,
openServiceMeshEnabled = openServiceMeshEnabled,
privateClusterEnabled = privateClusterEnabled,
privateClusterPublicFqdnEnabled = privateClusterPublicFqdnEnabled,
privateDnsZoneId = privateDnsZoneId,
publicNetworkAccessEnabled = publicNetworkAccessEnabled,
resourceGroupName = resourceGroupName,
roleBasedAccessControlEnabled = roleBasedAccessControlEnabled,
runCommandEnabled = runCommandEnabled,
serviceMeshProfile = serviceMeshProfile,
servicePrincipal = servicePrincipal,
skuTier = skuTier,
storageProfile = storageProfile,
supportPlan = supportPlan,
tags = tags,
webAppRouting = webAppRouting,
windowsProfile = windowsProfile,
workloadAutoscalerProfile = workloadAutoscalerProfile,
workloadIdentityEnabled = workloadIdentityEnabled,
)
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy