datamodel

package
v0.20250105.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2025 License: MIT Imports: 17 Imported by: 6

Documentation

Index

Constants

View Source
const (
	// KubernetesWindowsDockerVersion is the default version for docker on Windows nodes in kubernetes.
	KubernetesWindowsDockerVersion = "20.10.9"
	// KubernetesDefaultWindowsSku is the default SKU for Windows VMs in kubernetes.
	KubernetesDefaultWindowsSku = "Datacenter-Core-1809-with-Containers-smalldisk"
	// KubernetesDefaultContainerdWindowsSandboxIsolation is the default containerd handler for windows pods.
	KubernetesDefaultContainerdWindowsSandboxIsolation = "process"
)
View Source
const (
	// AvailabilitySet means that the vms are in an availability set.
	AvailabilitySet = "AvailabilitySet"
	/* DefaultOrchestratorName specifies the 3 character orchestrator code of the cluster template and affects.
	resource naming. */
	DefaultOrchestratorName = "k8s"
	/* DefaultHostedProfileMasterName specifies the 3 character orchestrator code of the clusters with hosted.
	master profiles. */
	DefaultHostedProfileMasterName = "aks"
	// DefaultSubnetNameResourceSegmentIndex specifies the default subnet name resource segment index.
	DefaultSubnetNameResourceSegmentIndex = 10
	// DefaultVnetResourceGroupSegmentIndex specifies the default virtual network resource segment index.
	DefaultVnetResourceGroupSegmentIndex = 4
	// DefaultVnetNameResourceSegmentIndex specifies the default virtual network name segment index.
	DefaultVnetNameResourceSegmentIndex = 8
	// VirtualMachineScaleSets means that the vms are in a virtual machine scaleset.
	VirtualMachineScaleSets = "VirtualMachineScaleSets"
	// ScaleSetPrioritySpot means the ScaleSet will use Spot VMs.
	ScaleSetPrioritySpot = "Spot"
)

Availability profiles.

View Source
const (
	Docker         = "docker"
	KataContainers = "kata-containers"
	Containerd     = "containerd"
)

Supported container runtimes.

View Source
const (
	// NetworkPluginAzure is the string expression for Azure CNI plugin.
	NetworkPluginAzure = "azure"
	// NetworkPluginNone is the string expression for no CNI plugin.
	NetworkPluginNone = "none"
	// VMSSVMType is the string const for the vmss VM Type.
	VMSSVMType = "vmss"
	// StandardVMType is the string const for the standard VM Type.
	StandardVMType = "standard"
)
View Source
const (
	// DefaultEnableCSIProxyWindows determines if CSI proxy should be enabled by default for Windows nodes.
	DefaultEnableCSIProxyWindows = false
	// DefaultWindowsSSHEnabled is the default windowsProfile.sshEnabled value.
	DefaultWindowsSSHEnabled = true
	// DefaultWindowsSecureTLSEnabled is the default windowsProfile.WindowsSecureTlsEnabled value.
	DefaultWindowsSecureTLSEnabled = false
)
View Source
const (
	// AzurePublicCloud is a const string reference identifier for public cloud.
	AzurePublicCloud = "AzurePublicCloud"
	// AzureChinaCloud is a const string reference identifier for china cloud.
	AzureChinaCloud = "AzureChinaCloud"
	// AzureGermanCloud is a const string reference identifier for german cloud.
	AzureGermanCloud = "AzureGermanCloud"
	// AzureUSGovernmentCloud is a const string reference identifier for us government cloud.
	AzureUSGovernmentCloud = "AzureUSGovernmentCloud"
	// AzureStackCloud is a const string reference identifier for Azure Stack cloud.
	AzureStackCloud = "AzureStackCloud"
)
View Source
const (
	// KubernetesDefaultRelease is the default Kubernetes release.
	KubernetesDefaultRelease string = "1.13"
	// KubernetesDefaultReleaseWindows is the default Kubernetes release.
	KubernetesDefaultReleaseWindows string = "1.14"
)
View Source
const (
	// IPMASQAgentAddonName is the name of the ip masq agent addon.
	IPMASQAgentAddonName = "ip-masq-agent"
	// AADPodIdentityAddonName is the name of the aad-pod-identity addon deployment.
	AADPodIdentityAddonName = "aad-pod-identity"
)

Addon name consts.

View Source
const (
	OSSKUCBLMariner = "CBLMariner"
	OSSKUMariner    = "Mariner"
	OSSKUAzureLinux = "AzureLinux"
)
View Source
const (
	BlockOutboundInternet = "BlockOutboundInternet"
	CSERunInBackground    = "CSERunInBackground"
	EnableIPv6DualStack   = "EnableIPv6DualStack"
	EnableIPv6Only        = "EnableIPv6Only"
	EnableWinDSR          = "EnableWinDSR"
)

Feature Flags.

View Source
const (
	AzurePublicCloudSigTenantID     string = "33e01921-4d64-4f8c-a055-5bdaffd5e33d" // AME Tenant
	AzurePublicCloudSigSubscription string = "109a5e88-712a-48ae-9078-9ca8b3c81345" // AKS VHD
)
View Source
const (
	AKSSIGImagePublisher           string = "microsoft-aks"
	AKSWindowsGalleryName          string = "AKSWindows"
	AKSWindowsResourceGroup        string = "AKS-Windows"
	AKSUbuntuGalleryName           string = "AKSUbuntu"
	AKSUbuntuResourceGroup         string = "AKS-Ubuntu"
	AKSCBLMarinerGalleryName       string = "AKSCBLMariner"
	AKSCBLMarinerResourceGroup     string = "AKS-CBLMariner"
	AKSAzureLinuxGalleryName       string = "AKSAzureLinux"
	AKSAzureLinuxResourceGroup     string = "AKS-AzureLinux"
	AKSUbuntuEdgeZoneGalleryName   string = "AKSUbuntuEdgeZone"
	AKSUbuntuEdgeZoneResourceGroup string = "AKS-Ubuntu-EdgeZone"
)

SIG const.

View Source
const (
	// DO NOT MODIFY: used for freezing linux images with docker.
	FrozenLinuxSIGImageVersionForDocker string = "2022.08.29"

	// DO NOT MODIFY: used for freezing linux images for Egress test.
	FrozenLinuxSIGImageVersionForEgressTest string = "2022.10.03"

	// CBLMarinerV1 pinned to the last image build as Mariner 1.0 is out
	//  of support and image builds have stopped.
	FrozenCBLMarinerV1SIGImageVersionForDeprecation string = "202308.28.0"

	// We do not use AKS Windows image versions in AgentBaker. These fake values are only used for unit tests.
	Windows2019SIGImageVersion string = "17763.2019.221114"
	Windows2022SIGImageVersion string = "20348.2022.221114"
	Windows23H2SIGImageVersion string = "25398.2022.221114"
)
View Source
const (
	OutboundTypeNone  string = "none"
	OutboundTypeBlock string = "block"
)

OutboundType describes the options for outbound internet access.

View Source
const (
	// AzureADIdentitySystem is a const string reference identifier for Azure AD identity System.
	AzureADIdentitySystem = "azure_ad"
)
View Source
const (
	ContainerDataDirKey = "dataDir"
)

Known container runtime configuration keys.

View Source
const (
	// Kubernetes is the string constant for the Kubernetes orchestrator type.
	Kubernetes string = "Kubernetes"
)

the orchestrators supported by vlabs.

View Source
const (
	// ManagedDisks means that the nodes use managed disks for their os and attached volumes.
	ManagedDisks = "ManagedDisks"
)

storage profiles.

View Source
const Nvidia470CudaDriverVersion = "cuda-470.82.01"
View Source
const (
	/* TempDiskContainerDataDir is the path used to mount docker images, emptyDir volumes, and kubelet data
	when KubeletDiskType == TempDisk. */
	TempDiskContainerDataDir = "/mnt/aks/containers"
)

Variables

View Source
var (
	NvidiaCudaDriverVersion string
	NvidiaGridDriverVersion string
	AKSGPUCudaVersionSuffix string
	AKSGPUGridVersionSuffix string
)
View Source
var (
	Ubuntu1604OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "UbuntuServer",
		ImageSku:       "16.04-LTS",
		ImagePublisher: "Canonical",
		ImageVersion:   "latest",
	}

	Ubuntu1804OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "UbuntuServer",
		ImageSku:       "18.04-LTS",
		ImagePublisher: "Canonical",
		ImageVersion:   "latest",
	}

	Ubuntu1804Gen2OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks",
		ImageSku:       "aks-ubuntu-1804-gen2-2022-q1",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "2022.02.01",
	}

	RHELOSImageConfig = AzureOSImageConfig{
		ImageOffer:     "RHEL",
		ImageSku:       "7.3",
		ImagePublisher: "RedHat",
		ImageVersion:   "latest",
	}

	AKSUbuntu1604OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks",
		ImageSku:       "aks-ubuntu-1604-2021-q3",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "2021.11.06",
	}

	AKSUbuntu1804OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks",
		ImageSku:       "aks-ubuntu-1804-2022-q1",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "2022.02.01",
	}

	AKSWindowsServer2019OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks-windows",
		ImageSku:       "aks-2019-datacenter-core-smalldisk-2107",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "17763.2061.210714",
	}

	ACC1604OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "confidential-compute-preview",
		ImageSku:       "16.04-LTS",
		ImagePublisher: "Canonical",
		ImageVersion:   "latest",
	}

	AKSUbuntuContainerd1804OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks-aez",
		ImageSku:       "aks-ubuntu-containerd-1804-2021-q2",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "2021.04.27",
	}

	AKSUbuntuContainerd1804Gen2OSImageConfig = AzureOSImageConfig{
		ImageOffer:     "aks-aez",
		ImageSku:       "aks-ubuntu-containerd-1804-gen2-2021-q2",
		ImagePublisher: "microsoft-aks",
		ImageVersion:   "2021.05.01",
	}

	AzureCloudToOSImageMap = map[string]map[Distro]AzureOSImageConfig{
		AzureChinaCloud: {
			Ubuntu:            Ubuntu1604OSImageConfig,
			Ubuntu1804:        Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:    Ubuntu1804Gen2OSImageConfig,
			RHEL:              RHELOSImageConfig,
			AKSUbuntu1604:     AKSUbuntu1604OSImageConfig,
			AKS1604Deprecated: AKSUbuntu1604OSImageConfig,
			AKSUbuntu1804:     AKSUbuntu1804OSImageConfig,
			AKS1804Deprecated: AKSUbuntu1804OSImageConfig,
			AKSWindows2019PIR: AKSWindowsServer2019OSImageConfig,
		},
		AzureGermanCloud: {
			Ubuntu:            Ubuntu1604OSImageConfig,
			Ubuntu1804:        Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:    Ubuntu1804Gen2OSImageConfig,
			RHEL:              RHELOSImageConfig,
			AKSUbuntu1604:     Ubuntu1604OSImageConfig,
			AKS1604Deprecated: Ubuntu1604OSImageConfig,
			AKSUbuntu1804:     Ubuntu1604OSImageConfig,
			AKS1804Deprecated: Ubuntu1604OSImageConfig,
			AKSWindows2019PIR: AKSWindowsServer2019OSImageConfig,
		},
		AzureUSGovernmentCloud: {
			Ubuntu:            Ubuntu1604OSImageConfig,
			Ubuntu1804:        Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:    Ubuntu1804Gen2OSImageConfig,
			RHEL:              RHELOSImageConfig,
			AKSUbuntu1604:     AKSUbuntu1604OSImageConfig,
			AKS1604Deprecated: AKSUbuntu1604OSImageConfig,
			AKSUbuntu1804:     AKSUbuntu1804OSImageConfig,
			AKS1804Deprecated: AKSUbuntu1804OSImageConfig,
			AKSWindows2019PIR: AKSWindowsServer2019OSImageConfig,
		},
		AzurePublicCloud: {
			Ubuntu:                      Ubuntu1604OSImageConfig,
			Ubuntu1804:                  Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:              Ubuntu1804Gen2OSImageConfig,
			RHEL:                        RHELOSImageConfig,
			AKSUbuntu1604:               AKSUbuntu1604OSImageConfig,
			AKS1604Deprecated:           AKSUbuntu1604OSImageConfig,
			AKSUbuntu1804:               AKSUbuntu1804OSImageConfig,
			AKS1804Deprecated:           AKSUbuntu1804OSImageConfig,
			AKSUbuntuContainerd1804:     AKSUbuntuContainerd1804OSImageConfig,
			AKSUbuntuContainerd1804Gen2: AKSUbuntuContainerd1804Gen2OSImageConfig,
			AKSWindows2019PIR:           AKSWindowsServer2019OSImageConfig,
		},
		USNatCloud: {
			Ubuntu:            Ubuntu1604OSImageConfig,
			Ubuntu1804:        Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:    Ubuntu1804Gen2OSImageConfig,
			RHEL:              RHELOSImageConfig,
			AKSUbuntu1604:     AKSUbuntu1604OSImageConfig,
			AKS1604Deprecated: AKSUbuntu1604OSImageConfig,
			AKSUbuntu1804:     AKSUbuntu1804OSImageConfig,
			AKS1804Deprecated: AKSUbuntu1804OSImageConfig,
			AKSWindows2019PIR: AKSWindowsServer2019OSImageConfig,
		},
		USSecCloud: {
			Ubuntu:            Ubuntu1604OSImageConfig,
			Ubuntu1804:        Ubuntu1804OSImageConfig,
			Ubuntu1804Gen2:    Ubuntu1804Gen2OSImageConfig,
			RHEL:              RHELOSImageConfig,
			AKSUbuntu1604:     AKSUbuntu1604OSImageConfig,
			AKS1604Deprecated: AKSUbuntu1604OSImageConfig,
			AKSUbuntu1804:     AKSUbuntu1804OSImageConfig,
			AKS1804Deprecated: AKSUbuntu1804OSImageConfig,
			AKSWindows2019PIR: AKSWindowsServer2019OSImageConfig,
		},
	}
)
View Source
var (
	SIGUbuntu1604ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1604",
		Version:       "2021.11.06",
	}

	SIGUbuntu1804ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804",
		Version:       FrozenLinuxSIGImageVersionForDocker,
	}

	SIGUbuntu1804Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gen2",
		Version:       FrozenLinuxSIGImageVersionForDocker,
	}

	SIGUbuntuGPU1804ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gpu",
		Version:       FrozenLinuxSIGImageVersionForDocker,
	}

	SIGUbuntuGPU1804Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gen2gpu",
		Version:       FrozenLinuxSIGImageVersionForDocker,
	}

	SIGUbuntuContainerd1804ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd1804Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gen2containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuGPUContainerd1804ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gpucontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuGPUContainerd1804Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gen2gpucontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuFipsContainerd1804ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804fipscontainerd",
		Version:       LinuxSIGImageVersion,
	}

	// not a typo, this image was generated on 2021.05.20 UTC and assigned this version.
	SIGUbuntuFipsContainerd1804Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "1804gen2fipscontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuFipsContainerd2004ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2004fipscontainerd",
		Version:       LinuxSIGImageVersion,
	}

	// not a typo, this image was generated on 2021.05.20 UTC and assigned this version.
	SIGUbuntuFipsContainerd2004Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2004gen2fipscontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuFipsContainerd2204ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204fipscontainerd",
		Version:       "202404.09.0",
	}

	SIGUbuntuFipsContainerd2204Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2fipscontainerd",
		Version:       "202404.09.0",
	}

	SIGUbuntuArm64Containerd2204Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2arm64containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuArm64Containerd2404Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2404gen2arm64containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd2204ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd2204Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd2204TLGen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2TLcontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd2004CVMGen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2004gen2CVMcontainerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuMinimalContainerd2204ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204minimalcontainerd",
		Version:       "202401.12.0",
	}

	SIGUbuntuMinimalContainerd2204Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2minimalcontainerd",
		Version:       "202401.12.0",
	}

	SIGUbuntuEgressContainerd2204Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2204gen2containerd",
		Version:       FrozenLinuxSIGImageVersionForEgressTest,
	}

	SIGUbuntuContainerd2404ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2404containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGUbuntuContainerd2404Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSUbuntuResourceGroup,
		Gallery:       AKSUbuntuGalleryName,
		Definition:    "2404gen2containerd",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV1ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V1",
		Version:       FrozenCBLMarinerV1SIGImageVersionForDeprecation,
	}

	SIGCBLMarinerV2Gen1ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2Gen1ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV3Gen1ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V3",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2gen2",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2gen2",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV3Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V3gen2",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2Gen1FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2Gen1FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV3Gen1FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V3fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2Gen2FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2gen2fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2Gen2FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2gen2fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV3Gen2FIPSImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V3gen2fips",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2KataImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2katagen2",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2KataImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2katagen2",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2Arm64ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2gen2arm64",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2Arm64ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2gen2arm64",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV3Arm64ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V3gen2arm64",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2TLImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2gen2TL",
		Version:       LinuxSIGImageVersion,
	}

	SIGAzureLinuxV2TLImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSAzureLinuxResourceGroup,
		Gallery:       AKSAzureLinuxGalleryName,
		Definition:    "V2gen2TL",
		Version:       LinuxSIGImageVersion,
	}

	SIGCBLMarinerV2KataGen2TLImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSCBLMarinerResourceGroup,
		Gallery:       AKSCBLMarinerGalleryName,
		Definition:    "V2katagen2TL",
		Version:       CBLMarinerV2KataGen2TLSIGImageVersion,
	}

	SIGWindows2019ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-2019",
		Version:       Windows2019SIGImageVersion,
	}

	SIGWindows2019ContainerdImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-2019-containerd",
		Version:       Windows2019SIGImageVersion,
	}

	SIGWindows2022ContainerdImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-2022-containerd",
		Version:       Windows2022SIGImageVersion,
	}

	SIGWindows2022ContainerdGen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-2022-containerd-gen2",
		Version:       Windows2022SIGImageVersion,
	}

	SIGWindows23H2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-23H2",
		Version:       Windows23H2SIGImageVersion,
	}

	SIGWindows23H2Gen2ImageConfigTemplate = SigImageConfigTemplate{
		ResourceGroup: AKSWindowsResourceGroup,
		Gallery:       AKSWindowsGalleryName,
		Definition:    "windows-23H2-gen2",
		Version:       Windows23H2SIGImageVersion,
	}
)

SIG config Template.

View Source
var AllKubernetesSupportedVersions = map[string]bool{}/* 180 elements not displayed */

AllKubernetesSupportedVersions is a whitelist map of all supported Kubernetes version strings. The bool value indicates if creating new clusters with this version is allowed.

AvailableUbuntu1804Distros : TODO(amaheshwari): these vars are not consumed by Agentbaker but by RP. do a cleanup to remove these after 20.04 work.

View Source
var AvailableWindowsPIRDistros = []Distro{
	AKSWindows2019PIR,
}
View Source
var (
	AzurePublicCloudSpecForTest = &AzureEnvironmentSpecConfig{
		CloudName: "AzurePublicCloud",

		DockerSpecConfig: DockerSpecConfig{
			DockerEngineRepo:         "https://aptdocker.azureedge.net/repo",
			DockerComposeDownloadURL: "https://github.com/docker/compose/releases/download",
		},

		KubernetesSpecConfig: KubernetesSpecConfig{
			KubernetesImageBase:    "k8s.gcr.io/",
			TillerImageBase:        "gcr.io/kubernetes-helm/",
			ACIConnectorImageBase:  "microsoft/",
			NVIDIAImageBase:        "nvidia/",
			CalicoImageBase:        "calico/",
			AzureCNIImageBase:      "mcr.microsoft.com/containernetworking/",
			MCRKubernetesImageBase: "mcr.microsoft.com/",

			KubeBinariesSASURLBase:               "https://acs-mirror.azureedge.net/kubernetes/",
			WindowsTelemetryGUID:                 "fb801154-36b9-41bc-89c2-f4d4f05472b0",
			CNIPluginsDownloadURL:                "https://acs-mirror.azureedge.net/cni/cni-plugins-amd64-v0.7.6.tgz",
			VnetCNILinuxPluginsDownloadURL:       "https://acs-mirror.azureedge.net/azure-cni/v1.1.3/binaries/azure-vnet-cni-linux-amd64-v1.1.3.tgz",
			VnetCNIWindowsPluginsDownloadURL:     "https://acs-mirror.azureedge.net/azure-cni/v1.1.3/binaries/azure-vnet-cni-singletenancy-windows-amd64-v1.1.3.zip",
			ContainerdDownloadURLBase:            "https://storage.googleapis.com/cri-containerd-release/",
			CSIProxyDownloadURL:                  "https://acs-mirror.azureedge.net/csi-proxy/v0.1.0/binaries/csi-proxy.tar.gz",
			WindowsProvisioningScriptsPackageURL: "https://acs-mirror.azureedge.net/aks-engine/windows/provisioning/signedscripts-v0.2.2.zip",
			WindowsPauseImageURL:                 "mcr.microsoft.com/oss/kubernetes/pause:1.4.0",
			AlwaysPullWindowsPauseImage:          false,
			CseScriptsPackageURL:                 "https://acs-mirror.azureedge.net/aks/windows/cse/csescripts-v0.0.1.zip",
			CNIARM64PluginsDownloadURL:           "https://acs-mirror.azureedge.net/cni-plugins/v0.8.7/binaries/cni-plugins-linux-arm64-v0.8.7.tgz",
			VnetCNIARM64LinuxPluginsDownloadURL:  "https://acs-mirror.azureedge.net/azure-cni/v1.4.13/binaries/azure-vnet-cni-linux-arm64-v1.4.14.tgz",
		},

		EndpointConfig: AzureEndpointConfig{
			ResourceManagerVMDNSSuffix: "cloudapp.azure.com",
		},
	}
)
View Source
var CBLMarinerV2KataGen2TLSIGImageVersion = getSIGVersionFromEmbeddedString(marinerV2KataGen2TLJSONContentsEmbedded)
View Source
var ConvergedGPUDriverSizes = map[string]bool{
	"standard_nv6ads_a10_v5":   true,
	"standard_nv12ads_a10_v5":  true,
	"standard_nv18ads_a10_v5":  true,
	"standard_nv36ads_a10_v5":  true,
	"standard_nv72ads_a10_v5":  true,
	"standard_nv36adms_a10_v5": true,
	"standard_nc8ads_a10_v4":   true,
	"standard_nc16ads_a10_v4":  true,
	"standard_nc32ads_a10_v4":  true,
}
convergedGPUDriverSizes : these sizes use a "converged" driver to support both cuda/grid workloads.

how do you figure this out? ask HPC or find out by trial and error. installing vanilla cuda drivers will fail to install with opaque errors. nvidia-bug-report.sh may be helpful, but usually it tells you the pci card id is incompatible. That sends me to HPC folks. see https://github.com/Azure/azhpc-extensions/blob/daaefd78df6f27012caf30f3b54c3bd6dc437652/NvidiaGPU/resources.json

View Source
var FabricManagerGPUSizes = map[string]bool{

	"standard_nd96asr_v4":        true,
	"standard_nd112asr_a100_v4":  true,
	"standard_nd120asr_a100_v4":  true,
	"standard_nd96amsr_a100_v4":  true,
	"standard_nd112amsr_a100_v4": true,
	"standard_nd120amsr_a100_v4": true,

	"standard_nd96ams_a100_v4": true,
	"standard_nd96ams_v4":      true,

	"standard_nd46s_h100_v5":    true,
	"standard_nd48s_h100_v5":    true,
	"standard_nd50s_h100_v5":    true,
	"standard_nd92is_h100_v5":   true,
	"standard_nd96is_h100_v5":   true,
	"standard_nd100is_h100_v5":  true,
	"standard_nd92isr_h100_v5":  true,
	"standard_nd96isr_h100_v5":  true,
	"standard_nd100isr_h100_v5": true,

	"standard_nc24ads_a100_v4": false,
	"standard_nc48ads_a100_v4": false,
	"standard_nc96ads_a100_v4": false,
}
View Source
var LinuxSIGImageVersion = getSIGVersionFromEmbeddedString(linuxVersionJSONContentsEmbedded)

Functions

func FormatProdFQDNByLocation

func FormatProdFQDNByLocation(fqdnPrefix string, location string, cloudSpecConfig *AzureEnvironmentSpecConfig) string

FormatProdFQDNByLocation constructs an Azure prod fqdn with custom cloud profile.

CustomCloudName is name of environment if customCloudProfile is provided, it will be empty string if

customCloudProfile is empty. Because customCloudProfile is empty for deployment for AzurePublicCloud, AzureChinaCloud,AzureGermanCloud,AzureUSGovernmentCloud, The customCloudName value will be empty string for those clouds.

func GetAllSupportedKubernetesVersions

func GetAllSupportedKubernetesVersions(isUpdate, hasWindows bool) []string

GetAllSupportedKubernetesVersions returns a slice of all supported Kubernetes versions.

func GetCloudTargetEnv

func GetCloudTargetEnv(location string) string

func GetCommandLineOmittedKubeletConfigFlags added in v0.22222.0

func GetCommandLineOmittedKubeletConfigFlags() map[string]bool

CommandLineOmittedKubeletConfigFlags are the flags set by RP that should NOT be included within the set of command line flags when configuring kubelet.

func GetDefaultKubernetesVersion

func GetDefaultKubernetesVersion(hasWindows bool) string

GetDefaultKubernetesVersion returns the default Kubernetes version, that is the latest patch of the default release.

func GetLatestPatchVersion

func GetLatestPatchVersion(majorMinor string, versionsList []string) string

GetLatestPatchVersion gets the most recent patch version from a list of semver versions given a major.minor string.

func GetMaxVersion

func GetMaxVersion(versions []string, preRelease bool) string

GetMaxVersion gets the highest semver version. preRelease=true means accept a pre-release version as a max value.

func GetMinVersion

func GetMinVersion(versions []string, preRelease bool) string

GetMinVersion gets the lowest semver version. preRelease=true means accept a pre-release version as a min value.

func GetOrderedEscapedKeyValsString

func GetOrderedEscapedKeyValsString(config map[string]string) string

GetOrderedEscapedKeyValsString returns an ordered string of escaped, quoted key=val.

func GetStorageAccountType

func GetStorageAccountType(sizeName string) (string, error)

GetStorageAccountType returns the support managed disk storage tier for a give VM size.

func GetSupportedKubernetesVersion

func GetSupportedKubernetesVersion(version string, hasWindows bool) string

GetSupportedKubernetesVersion verifies that a passed-in version string is supported, or returns a default version string if not.

func GetSupportedVersions

func GetSupportedVersions(orchType string, isUpdate, hasWindows bool) ([]string, string)

GetSupportedVersions get supported version list for a certain orchestrator.

func GetValidPatchVersion

func GetValidPatchVersion(orchType, orchVer string, isUpdate, hasWindows bool) string

GetValidPatchVersion gets the current valid patch version for the minor version of the passed in version.

func GetVersionsBetween

func GetVersionsBetween(versions []string, versionMin, versionMax string, inclusive, preReleases bool) []string

GetVersionsBetween returns a list of versions between a min and max inclusive=true means that we test for equality on both bounds preReleases=true means that we include pre-release versions in the list.

func GetVersionsGt

func GetVersionsGt(versions []string, version string, inclusive, preReleases bool) []string

GetVersionsGt returns a list of versions greater than a semver string given a list of versions inclusive=true means that we test for equality as well preReleases=true means that we include pre-release versions in the list.

func GetVersionsLt

func GetVersionsLt(versions []string, version string, inclusive, preReleases bool) []string

GetVersionsLt returns a list of versions less than than a semver string given a list of versions inclusive=true means that we test for equality as well preReleases=true means that we include pre-release versions in the list.

func IndentString

func IndentString(original string, spaces int) string

IndentString pads each line of an original string with N spaces and returns the new value.

func IsKubernetesVersionGe

func IsKubernetesVersionGe(actualVersion, version string) bool

IsKubernetesVersionGe returns true if actualVersion is greater than or equal to version.

func IsMIGNode

func IsMIGNode(gpuInstanceProfile string) bool

IsMIGNode check if the node should be partitioned.

func IsSgxEnabledSKU

func IsSgxEnabledSKU(vmSize string) bool

IsSgxEnabledSKU determines if an VM SKU has SGX driver support.

func IsSupportedKubernetesVersion

func IsSupportedKubernetesVersion(version string, isUpdate, hasWindows bool) bool

IsSupportedKubernetesVersion return true if the provided Kubernetes version is supported.

func IsValidMinVersion

func IsValidMinVersion(orchType, orchRelease, orchVersion, minVersion string) (bool, error)

func LoadConfig added in v0.12345678.1

func LoadConfig() error

func RationalizeReleaseAndVersion

func RationalizeReleaseAndVersion(orchType, orchRel, orchVer string, isUpdate, hasWindows bool) string

RationalizeReleaseAndVersion return a version when it can be rationalized from the input, otherwise "".

func SliceIntIsNonEmpty

func SliceIntIsNonEmpty(s []int) bool

SliceIntIsNonEmpty is a simple convenience to determine if a []int is non-empty.

func ValidateDNSPrefix

func ValidateDNSPrefix(dnsName string) error

ValidateDNSPrefix is a helper function to check that a DNS Prefix is valid.

func WrapAsVerbatim

func WrapAsVerbatim(s string) string

WrapAsVerbatim formats a string for inserting a literal string into an ARM expression.

Types

type AADProfile

type AADProfile struct {
	// The client AAD application ID.
	ClientAppID string `json:"clientAppID,omitempty"`
	// The server AAD application ID.
	ServerAppID string `json:"serverAppID,omitempty"`
	// The server AAD application secret.
	ServerAppSecret string `json:"serverAppSecret,omitempty" conform:"redact"`
	// The AAD tenant ID to use for authentication.
	// If not specified, will use the tenant of the deployment subscription.
	// Optional.
	TenantID string `json:"tenantID,omitempty"`
	// The Azure Active Directory Group Object ID that will be assigned the cluster-admin RBAC role.
	// Optional.
	AdminGroupID string `json:"adminGroupID,omitempty"`
	// The authenticator to use, either "oidc" or "webhook".
	Authenticator AuthenticatorType `json:"authenticator"`
}

AADProfile specifies attributes for AAD integration.

type AKSKubeletConfiguration

type AKSKubeletConfiguration struct {
	// Kind is a string value representing the REST resource this object represents.
	// Servers may infer this from the endpoint the client submits requests to.
	// Cannot be updated.
	// In CamelCase.
	// More info:
	// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.
	// +optional.
	Kind string `json:"kind,omitempty" protobuf:"bytes,1,opt,name=kind"`
	/* APIVersion defines the versioned schema of this representation of an object.
	Servers should convert recognized schemas to the latest internal value, and
	may reject unrecognized values.
	More info:
	https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	+optional. */
	APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,2,opt,name=apiVersion"`
	/* staticPodPath is the path to the directory containing local (static) pods to
	run, or the path to a single static pod file.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	the set of static pods specified at the new path may be different than the
	ones the Kubelet initially started with, and this may disrupt your node.
	Default: ""
	+optional. */
	StaticPodPath string `json:"staticPodPath,omitempty"`
	/* address is the IP address for the Kubelet to serve on (set to 0.0.0.0
	for all interfaces).
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Default: "0.0.0.0"
	+optional. */
	Address string `json:"address,omitempty"`
	/* readOnlyPort is the read-only port for the Kubelet to serve on with
	no authentication/authorization.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Default: 0 (disabled)
	+optional. */
	ReadOnlyPort int32 `json:"readOnlyPort,omitempty"`
	/* tlsCertFile is the file containing x509 Certificate for HTTPS. (CA cert,
	if any, concatenated after server cert). If tlsCertFile and
	tlsPrivateKeyFile are not provided, a self-signed certificate
	and key are generated for the public address and saved to the directory
	passed to the Kubelet's --cert-dir flag.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Default: ""
	+optional. */
	TLSCertFile string `json:"tlsCertFile,omitempty"`
	/* tlsPrivateKeyFile is the file containing x509 private key matching tlsCertFile
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Default: ""
	+optional. */
	TLSPrivateKeyFile string `json:"tlsPrivateKeyFile,omitempty"`
	/* TLSCipherSuites is the list of allowed cipher suites for the server.
	Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Default: nil
	+optional. */
	TLSCipherSuites []string `json:"tlsCipherSuites,omitempty"`
	/* rotateCertificates enables client certificate rotation. The Kubelet will request a
	new certificate from the certificates.k8s.io API. This requires an approver to approve the
	certificate signing requests.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	disabling it may disrupt the Kubelet's ability to authenticate with the API server
	after the current certificate expires.
	Default: false
	+optional. */
	RotateCertificates bool `json:"rotateCertificates,omitempty"`
	// serverTLSBootstrap enables server certificate bootstrap. Instead of self
	// signing a serving certificate, the Kubelet will request a certificate from
	// the 'certificates.k8s.io' API. This requires an approver to approve the
	// certificate signing requests (CSR). The RotateKubeletServerCertificate feature
	// must be enabled when setting this field.
	// Default: false
	// +optional
	ServerTLSBootstrap bool `json:"serverTLSBootstrap,omitempty"`
	/* authentication specifies how requests to the Kubelet's server are authenticated
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Defaults:
	  anonymous:
	    enabled: false
	  webhook:
	    enabled: true
	    cacheTTL: "2m"
	+optional. */
	Authentication KubeletAuthentication `json:"authentication"`
	/* authorization specifies how requests to the Kubelet's server are authorized
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may disrupt components that interact with the Kubelet server.
	Defaults:
	  mode: Webhook
	  webhook:
	    cacheAuthorizedTTL: "5m"
	    cacheUnauthorizedTTL: "30s"
	+optional. */
	Authorization KubeletAuthorization `json:"authorization"`
	/* eventRecordQPS is the maximum event creations per second. If 0, there
	is no limit enforced.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may impact scalability by changing the amount of traffic produced by
	event creations.
	Default: 5
	+optional. */
	EventRecordQPS *int32 `json:"eventRecordQPS,omitempty"`
	/* clusterDomain is the DNS domain for this cluster. If set, kubelet will
	configure all containers to search this domain in addition to the
	host's search domains.
	Dynamic Kubelet Config (beta): Dynamically updating this field is not recommended,
	as it should be kept in sync with the rest of the cluster.
	Default: ""
	+optional. */
	ClusterDomain string `json:"clusterDomain,omitempty"`
	/* clusterDNS is a list of IP addresses for the cluster DNS server. If set,
	kubelet will configure all containers to use this for DNS resolution
	instead of the host's DNS servers.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	changes will only take effect on Pods created after the update. Draining
	the node is recommended before changing this field.
	Default: nil
	+optional. */
	ClusterDNS []string `json:"clusterDNS,omitempty"`
	/* streamingConnectionIdleTimeout is the maximum time a streaming connection
	can be idle before the connection is automatically closed.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may impact components that rely on infrequent updates over streaming
	connections to the Kubelet server.
	Default: "4h"
	+optional. */
	StreamingConnectionIdleTimeout Duration `json:"streamingConnectionIdleTimeout,omitempty"`
	/* nodeStatusUpdateFrequency is the frequency that kubelet computes node
	status. If node lease feature is not enabled, it is also the frequency that
	kubelet posts node status to master.
	Note: When node lease feature is not enabled, be cautious when changing the
	constant, it must work with nodeMonitorGracePeriod in nodecontroller.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may impact node scalability, and also that the node controller's
	nodeMonitorGracePeriod must be set to N*NodeStatusUpdateFrequency,
	where N is the number of retries before the node controller marks
	the node unhealthy.
	Default: "10s"
	+optional. */
	NodeStatusUpdateFrequency Duration `json:"nodeStatusUpdateFrequency,omitempty"`
	/* nodeStatusReportFrequency is the frequency that kubelet posts node
	status to master if node status does not change. Kubelet will ignore this
	frequency and post node status immediately if any change is detected. It is
	only used when node lease feature is enabled. nodeStatusReportFrequency's
	default value is 5m. But if nodeStatusUpdateFrequency is set explicitly,
	nodeStatusReportFrequency's default value will be set to
	nodeStatusUpdateFrequency for backward compatibility.
	Default: "5m"
	+optional. */
	NodeStatusReportFrequency Duration `json:"nodeStatusReportFrequency,omitempty"`
	/* imageGCHighThresholdPercent is the percent of disk usage after which
	image garbage collection is always run. The percent is calculated as
	this field value out of 100.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may trigger or delay garbage collection, and may change the image overhead
	on the node.
	Default: 85
	+optional. */
	ImageGCHighThresholdPercent *int32 `json:"imageGCHighThresholdPercent,omitempty"`
	/* imageGCLowThresholdPercent is the percent of disk usage before which
	image garbage collection is never run. Lowest disk usage to garbage
	collect to. The percent is calculated as this field value out of 100.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may trigger or delay garbage collection, and may change the image overhead
	on the node.
	Default: 80
	+optional. */
	ImageGCLowThresholdPercent *int32 `json:"imageGCLowThresholdPercent,omitempty"`
	/* Enable QoS based Cgroup hierarchy: top level cgroups for QoS Classes
	And all Burstable and BestEffort pods are brought up under their
	specific top level QoS cgroup.
	Dynamic Kubelet Config (beta): This field should not be updated without a full node
	reboot. It is safest to keep this value the same as the local config.
	Default: true
	+optional. */
	CgroupsPerQOS *bool `json:"cgroupsPerQOS,omitempty"`
	/* CPUManagerPolicy is the name of the policy to use.
	Requires the CPUManager feature gate to be enabled.
	Dynamic Kubelet Config (beta): This field should not be updated without a full node
	reboot. It is safest to keep this value the same as the local config.
	Default: "none"
	+optional. */
	CPUManagerPolicy string `json:"cpuManagerPolicy,omitempty"`
	/* TopologyManagerPolicy is the name of the policy to use.
	Policies other than "none" require the TopologyManager feature gate to be enabled.
	Dynamic Kubelet Config (beta): This field should not be updated without a full node
	reboot. It is safest to keep this value the same as the local config.
	Default: "none"
	+optional. */
	TopologyManagerPolicy string `json:"topologyManagerPolicy,omitempty"`
	/* maxPods is the number of pods that can run on this Kubelet.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	changes may cause Pods to fail admission on Kubelet restart, and may change
	the value reported in Node.Status.Capacity[v1.ResourcePods], thus affecting
	future scheduling decisions. Increasing this value may also decrease performance,
	as more Pods can be packed into a single node.
	Default: 110
	+optional. */
	MaxPods int32 `json:"maxPods,omitempty"`
	/* PodPidsLimit is the maximum number of pids in any pod.
	Requires the SupportPodPidsLimit feature gate to be enabled.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	lowering it may prevent container processes from forking after the change.
	Default: -1
	+optional. */
	PodPidsLimit *int64 `json:"podPidsLimit,omitempty"`
	/* ResolverConfig is the resolver configuration file used as the basis
	for the container DNS resolution configuration.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	changes will only take effect on Pods created after the update. Draining
	the node is recommended before changing this field.
	Default: "/etc/resolv.conf"
	+optional. */
	ResolverConfig string `json:"resolvConf,omitempty"`
	/* cpuCFSQuota enables CPU CFS quota enforcement for containers that
	specify CPU limits.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	disabling it may reduce node stability.
	Default: true
	+optional. */
	CPUCFSQuota *bool `json:"cpuCFSQuota,omitempty"`
	/* CPUCFSQuotaPeriod is the CPU CFS quota period value, cpu.cfs_period_us.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	limits set for containers will result in different cpu.cfs_quota settings. This
	will trigger container restarts on the node being reconfigured.
	Default: "100ms"
	+optional. */
	CPUCFSQuotaPeriod Duration `json:"cpuCFSQuotaPeriod,omitempty"`
	/* Map of signal names to quantities that defines hard eviction thresholds. For example: {"memory.available": "300Mi"}.
	To explicitly disable, pass a 0% or 100% threshold on an arbitrary resource.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may trigger or delay Pod evictions.
	Default:
	  memory.available:  "100Mi"
	  nodefs.available:  "10%"
	  nodefs.inodesFree: "5%"
	  imagefs.available: "15%"
	+optional. */
	EvictionHard map[string]string `json:"evictionHard,omitempty"`
	/* protectKernelDefaults, if true, causes the Kubelet to error if kernel
	flags are not as it expects. Otherwise the Kubelet will attempt to modify
	kernel flags to match its expectation.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	enabling it may cause the Kubelet to crash-loop if the Kernel is not configured as
	Kubelet expects.
	Default: false
	+optional. */
	ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"`
	/* featureGates is a map of feature names to bools that enable or disable alpha/experimental
	features. This field modifies piecemeal the built-in default values from
	"k8s.io/kubernetes/pkg/features/kube_features.go".
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider the
	documentation for the features you are enabling or disabling. While we
	encourage feature developers to make it possible to dynamically enable
	and disable features, some changes may require node reboots, and some
	features may require careful coordination to retroactively disable.
	Default: nil
	+optional. */
	FeatureGates map[string]bool `json:"featureGates,omitempty"`
	/* failSwapOn tells the Kubelet to fail to start if swap is enabled on the node.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	setting it to true will cause the Kubelet to crash-loop if swap is enabled.
	Default: true
	+optional. */
	FailSwapOn *bool `json:"failSwapOn,omitempty"`
	/* A quantity defines the maximum size of the container log file before it is rotated.
	For example: "5Mi" or "256Ki".
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may trigger log rotation.
	Default: "10Mi"
	+optional. */
	ContainerLogMaxSize string `json:"containerLogMaxSize,omitempty"`
	/* Maximum number of container log files that can be present for a container.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	lowering it may cause log files to be deleted.
	Default: 5
	+optional. */
	ContainerLogMaxFiles *int32 `json:"containerLogMaxFiles,omitempty"`

	/* systemReserved is a set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G)
	pairs that describe resources reserved for non-kubernetes components.
	Currently only cpu and memory are supported.
	See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may not be possible to increase the reserved resources, because this
	requires resizing cgroups. Always look for a NodeAllocatableEnforced event
	after updating this field to ensure that the update was successful.
	Default: nil
	+optional. */
	SystemReserved map[string]string `json:"systemReserved,omitempty"`
	/* A set of ResourceName=ResourceQuantity (e.g. cpu=200m,memory=150G) pairs
	that describe resources reserved for kubernetes system components.
	Currently cpu, memory and local storage for root file system are supported.
	See http://kubernetes.io/docs/user-guide/compute-resources for more detail.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	it may not be possible to increase the reserved resources, because this
	requires resizing cgroups. Always look for a NodeAllocatableEnforced event
	after updating this field to ensure that the update was successful.
	Default: nil
	+optional. */
	KubeReserved map[string]string `json:"kubeReserved,omitempty"`
	/* This flag specifies the various Node Allocatable enforcements that Kubelet needs to perform.
	This flag accepts a list of options. Acceptable options are `none`, `pods`, `system-reserved` &
	`kube-reserved`. If `none` is specified, no other options may be specified.
	Refer to
	[Node Allocatable](https://git.k8s.io/community/contributors/design-proposals/node/node-allocatable.md)
	doc for more information.
	Dynamic Kubelet Config (beta): If dynamically updating this field, consider that
	removing enforcements may reduce the stability of the node. Alternatively, adding
	enforcements may reduce the stability of components which were using more than
	the reserved amount of resources; for example, enforcing kube-reserved may cause
	Kubelets to OOM if it uses more than the reserved resources, and enforcing system-reserved
	may cause system daemons to OOM if they use more than the reserved resources.
	Default: ["pods"]
	+optional. */
	EnforceNodeAllocatable []string `json:"enforceNodeAllocatable,omitempty"`
	/* A comma separated whitelist of unsafe sysctls or sysctl patterns (ending in *).
	Unsafe sysctl groups are kernel.shm*, kernel.msg*, kernel.sem, fs.mqueue.*, and net.*.
	These sysctls are namespaced but not allowed by default.
	For example: "kernel.msg*,net.ipv4.route.min_pmtu"
	Default: []
	+optional. */
	AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty"`
	// serializeImagePulls when enabled, tells the Kubelet to pull images one
	// at a time. We recommend *not* changing the default value on nodes that
	// run docker daemon with version  < 1.9 or an Aufs storage backend.
	// Issue #10959 has more details.
	// Default: true
	// +optional
	SerializeImagePulls *bool `json:"serializeImagePulls,omitempty"`
	// SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads.
	// Default: false
	// +optional
	SeccompDefault *bool `json:"seccompDefault,omitempty"`
}

AKSKubeletConfiguration contains the configuration for the Kubelet that AKS set.

this is a subset of KubeletConfiguration defined in

https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/kubelet/config/v1beta1/types.go changed metav1.Duration to Duration and pointers to values to simplify translation.

type AddonNodePoolsConfig

type AddonNodePoolsConfig struct {
	Name   string            `json:"name,omitempty"`
	Config map[string]string `json:"config,omitempty"`
}

AddonNodePoolsConfig defines configuration for pool-specific cluster-autoscaler configuration.

type AddonProfile

type AddonProfile struct {
	Enabled bool              `json:"enabled"`
	Config  map[string]string `json:"config"`
	// Identity contains information of the identity associated with this addon.
	// This property will only appear in an MSI-enabled cluster.
	Identity *UserAssignedIdentity `json:"identity,omitempty"`
}

AddonProfile represents an addon for managed cluster.

type AgentPoolProfile

type AgentPoolProfile struct {
	Name                  string               `json:"name"`
	VMSize                string               `json:"vmSize"`
	KubeletDiskType       KubeletDiskType      `json:"kubeletDiskType,omitempty"`
	WorkloadRuntime       WorkloadRuntime      `json:"workloadRuntime,omitempty"`
	DNSPrefix             string               `json:"dnsPrefix,omitempty"`
	OSType                OSType               `json:"osType,omitempty"`
	Ports                 []int                `json:"ports,omitempty"`
	AvailabilityProfile   string               `json:"availabilityProfile"`
	StorageProfile        string               `json:"storageProfile,omitempty"`
	VnetSubnetID          string               `json:"vnetSubnetID,omitempty"`
	Distro                Distro               `json:"distro,omitempty"`
	CustomNodeLabels      map[string]string    `json:"customNodeLabels,omitempty"`
	PreprovisionExtension *Extension           `json:"preProvisionExtension"`
	KubernetesConfig      *KubernetesConfig    `json:"kubernetesConfig,omitempty"`
	VnetCidrs             []string             `json:"vnetCidrs,omitempty"`
	WindowsNameVersion    string               `json:"windowsNameVersion,omitempty"`
	CustomKubeletConfig   *CustomKubeletConfig `json:"customKubeletConfig,omitempty"`
	CustomLinuxOSConfig   *CustomLinuxOSConfig `json:"customLinuxOSConfig,omitempty"`
	MessageOfTheDay       string               `json:"messageOfTheDay,omitempty"`
	/* This is a new property and all old agent pools do no have this field. We need to keep the default
	behavior to reboot Windows node when it is nil. */
	NotRebootWindowsNode    *bool                    `json:"notRebootWindowsNode,omitempty"`
	AgentPoolWindowsProfile *AgentPoolWindowsProfile `json:"agentPoolWindowsProfile,omitempty"`
}

AgentPoolProfile represents an agent pool definition.

func (*AgentPoolProfile) GetAgentPoolWindowsProfile added in v0.22222.0

func (a *AgentPoolProfile) GetAgentPoolWindowsProfile() *AgentPoolWindowsProfile

func (*AgentPoolProfile) GetCustomLinuxOSConfig added in v0.22222.0

func (a *AgentPoolProfile) GetCustomLinuxOSConfig() *CustomLinuxOSConfig

func (*AgentPoolProfile) GetKubernetesLabels

func (a *AgentPoolProfile) GetKubernetesLabels() string

GetKubernetesLabels returns a k8s API-compliant labels string for nodes in this profile.

func (*AgentPoolProfile) Is2204VHDDistro added in v0.22222.0

func (a *AgentPoolProfile) Is2204VHDDistro() bool

Is2204VHDDistro returns true if the distro uses 2204 VHD.

func (*AgentPoolProfile) Is2404VHDDistro added in v0.22222.0

func (a *AgentPoolProfile) Is2404VHDDistro() bool

Is2404VHDDistro returns true if the distro uses 2404 VHD.

func (*AgentPoolProfile) IsAvailabilitySets

func (a *AgentPoolProfile) IsAvailabilitySets() bool

IsAvailabilitySets returns true if the customer specified disks.

func (*AgentPoolProfile) IsAzureLinuxCgroupV2VHDDistro added in v0.22222.0

func (a *AgentPoolProfile) IsAzureLinuxCgroupV2VHDDistro() bool

IsAzureLinuxCgroupV2VHDDistro returns true if the distro uses Azure Linux CgrpupV2 VHD.

func (*AgentPoolProfile) IsCustomVNET

func (a *AgentPoolProfile) IsCustomVNET() bool

IsCustomVNET returns true if the customer brought their own VNET.

func (*AgentPoolProfile) IsDisableWindowsOutboundNat added in v0.22222.0

func (a *AgentPoolProfile) IsDisableWindowsOutboundNat() bool

IsDisableWindowsOutboundNat returns true if the Windows agent pool disable OutboundNAT.

func (*AgentPoolProfile) IsSkipCleanupNetwork added in v0.22222.0

func (a *AgentPoolProfile) IsSkipCleanupNetwork() bool

IsSkipCleanupNetwork returns true if AKS-RP sets the field NotRebootWindowsNode to true.

func (*AgentPoolProfile) IsVHDDistro

func (a *AgentPoolProfile) IsVHDDistro() bool

IsVHDDistro returns true if the distro uses VHD SKUs.

func (*AgentPoolProfile) IsVirtualMachineScaleSets

func (a *AgentPoolProfile) IsVirtualMachineScaleSets() bool

IsVirtualMachineScaleSets returns true if the agent pool availability profile is VMSS.

func (*AgentPoolProfile) IsWindows

func (a *AgentPoolProfile) IsWindows() bool

IsWindows returns true if the agent pool is windows.

type AgentPoolWindowsProfile added in v0.22222.0

type AgentPoolWindowsProfile struct {
	DisableOutboundNat *bool `json:"disableOutboundNat,omitempty"`

	// Windows next-gen networking uses Windows eBPF for the networking dataplane.
	NextGenNetworkingURL *string `json:"nextGenNetworkingURL,omitempty"`
}

func (*AgentPoolWindowsProfile) GetNextGenNetworkingURL added in v0.22222.0

func (a *AgentPoolWindowsProfile) GetNextGenNetworkingURL() string

func (*AgentPoolWindowsProfile) IsNextGenNetworkingEnabled added in v0.22222.0

func (a *AgentPoolWindowsProfile) IsNextGenNetworkingEnabled() bool

type AuthenticatorType

type AuthenticatorType string

AuthenticatorType represents the authenticator type the cluster was. set up with.

const (
	// OIDC represent cluster setup in OIDC auth mode.
	OIDC AuthenticatorType = "oidc"
	// Webhook represent cluster setup in wehhook auth mode.
	Webhook AuthenticatorType = "webhook"
)

type AzureEndpointConfig

type AzureEndpointConfig struct {
	ResourceManagerVMDNSSuffix string `json:"resourceManagerVMDNSSuffix,omitempty"`
}

AzureEndpointConfig describes an Azure endpoint.

type AzureEnvironmentSpecConfig

type AzureEnvironmentSpecConfig struct {
	CloudName            string                        `json:"cloudName,omitempty"`
	DockerSpecConfig     DockerSpecConfig              `json:"dockerSpecConfig,omitempty"`
	KubernetesSpecConfig KubernetesSpecConfig          `json:"kubernetesSpecConfig,omitempty"`
	EndpointConfig       AzureEndpointConfig           `json:"endpointConfig,omitempty"`
	OSImageConfig        map[Distro]AzureOSImageConfig `json:"osImageConfig,omitempty"`
}

AzureEnvironmentSpecConfig is the overall configuration differences in different cloud environments.

type AzureOSImageConfig

type AzureOSImageConfig struct {
	ImageOffer     string `json:"imageOffer,omitempty"`
	ImageSku       string `json:"imageSku,omitempty"`
	ImagePublisher string `json:"imagePublisher,omitempty"`
	ImageVersion   string `json:"imageVersion,omitempty"`
}

AzureOSImageConfig describes an Azure OS image.

type CSEStatus

type CSEStatus struct {
	// ExitCode stores the exitCode from CSE output.
	ExitCode string `json:"exitCode,omitempty"`
	// Output stores the output from CSE output.
	Output string `json:"output,omitempty"`
	// Error stores the error from CSE output.
	Error string `json:"error,omitempty"`
	// ExecDuration stores the execDuration in seconds from CSE output.
	ExecDuration string `json:"execDuration,omitempty"`
	// KernelStartTime of current boot, output from systemctl show -p KernelTimestamp.
	KernelStartTime string `json:"kernelStartTime,omitempty"`
	// SystemdSummary of current boot, output from systemd-analyze.
	SystemdSummary string `json:"systemdSummary,omitempty"`
	// CSEStartTime indicate starttime of CSE.
	CSEStartTime string `json:"cseStartTime,omitempty"`
	/* GuestAgentStartTime indicate starttime of GuestAgent, output from systemctl show
	walinuxagent.service -p ExecMainStartTimestamp */
	GuestAgentStartTime string `json:"guestAgentStartTime,omitempty"`
	// BootDatapoints contains datapoints (key-value pair) from VM boot process.
	BootDatapoints map[string]string `json:"bootDatapoints,omitempty"`
}

type CSEStatusParsingError

type CSEStatusParsingError struct {
	Code    CSEStatusParsingErrorCode
	Message string
}

func (*CSEStatusParsingError) Error

func (err *CSEStatusParsingError) Error() string

type CSEStatusParsingErrorCode

type CSEStatusParsingErrorCode string
const (
	// CSEMessageUnmarshalError is the error code for unmarshal cse message.
	CSEMessageUnmarshalError CSEStatusParsingErrorCode = "CSEMessageUnmarshalError"
	// CSEMessageExitCodeEmptyError is the error code for empty cse message exit code.
	CSEMessageExitCodeEmptyError CSEStatusParsingErrorCode = "CSEMessageExitCodeEmptyError"
	// InvalidCSEMessage is the error code for cse invalid message.
	InvalidCSEMessage CSEStatusParsingErrorCode = "InvalidCSEMessage"
)

type CertificateProfile

type CertificateProfile struct {
	// CaCertificate is the certificate authority certificate.
	CaCertificate string `json:"caCertificate,omitempty" conform:"redact"`
	// ApiServerCertificate is the rest api server certificate, and signed by the CA.
	APIServerCertificate string `json:"apiServerCertificate,omitempty" conform:"redact"`
	// ClientCertificate is the certificate used by the client kubelet services and signed by the CA.
	ClientCertificate string `json:"clientCertificate,omitempty" conform:"redact"`
	// ClientPrivateKey is the private key used by the client kubelet services and signed by the CA.
	ClientPrivateKey string `json:"clientPrivateKey,omitempty" conform:"redact"`
	// KubeConfigCertificate is the client certificate used for kubectl cli and signed by the CA.
	KubeConfigCertificate string `json:"kubeConfigCertificate,omitempty" conform:"redact"`
	// KubeConfigPrivateKey is the client private key used for kubectl cli and signed by the CA.
	KubeConfigPrivateKey string `json:"kubeConfigPrivateKey,omitempty" conform:"redact"`
}

CertificateProfile represents the definition of the master cluster.

type ComponentConfiguration added in v0.22222.0

type ComponentConfiguration struct {
	Image       *string
	Config      map[string]string
	DownloadURL *string
}

type ContainerService

type ContainerService struct {
	ID       string                `json:"id"`
	Location string                `json:"location"`
	Name     string                `json:"name"`
	Plan     *ResourcePurchasePlan `json:"plan,omitempty"`
	Tags     map[string]string     `json:"tags"`
	Type     string                `json:"type"`

	Properties *Properties `json:"properties,omitempty"`
}

ContainerService complies with the ARM model of resource definition in a JSON template.

func (*ContainerService) IsAKSCustomCloud

func (cs *ContainerService) IsAKSCustomCloud() bool

IsAKSCustomCloud checks if it's in AKS custom cloud.

type ContainerdWindowsRuntimes

type ContainerdWindowsRuntimes struct {
	DefaultSandboxIsolation string            `json:"defaultSandboxIsolation,omitempty"`
	RuntimeHandlers         []RuntimeHandlers `json:"runtimesHandlers,omitempty"`
}

ContainerdWindowsRuntimes configures containerd runtimes that are available on the windows nodes.

type CustomCATrustConfig added in v0.22222.0

type CustomCATrustConfig struct {
	CustomCATrustCerts []string `json:"customCATrustCerts,omitempty"`
}

type CustomCloudEnv

type CustomCloudEnv struct {
	// TODO(ace): why is Name uppercase?
	// in Linux, this was historically specified as "name" when serialized.
	// However Windows relies on the json tag as "Name".
	// TODO(ace): can we align on one casing?
	SnakeCaseName                string              `json:"name,omitempty"`
	Name                         string              `json:"Name,omitempty"`
	McrURL                       string              `json:"mcrURL,omitempty"`
	RepoDepotEndpoint            string              `json:"repoDepotEndpoint,omitempty"`
	ManagementPortalURL          string              `json:"managementPortalURL,omitempty"`
	PublishSettingsURL           string              `json:"publishSettingsURL,omitempty"`
	ServiceManagementEndpoint    string              `json:"serviceManagementEndpoint,omitempty"`
	ResourceManagerEndpoint      string              `json:"resourceManagerEndpoint,omitempty"`
	ActiveDirectoryEndpoint      string              `json:"activeDirectoryEndpoint,omitempty"`
	GalleryEndpoint              string              `json:"galleryEndpoint,omitempty"`
	KeyVaultEndpoint             string              `json:"keyVaultEndpoint,omitempty"`
	GraphEndpoint                string              `json:"graphEndpoint,omitempty"`
	ServiceBusEndpoint           string              `json:"serviceBusEndpoint,omitempty"`
	BatchManagementEndpoint      string              `json:"batchManagementEndpoint,omitempty"`
	StorageEndpointSuffix        string              `json:"storageEndpointSuffix,omitempty"`
	SQLDatabaseDNSSuffix         string              `json:"sqlDatabaseDNSSuffix,omitempty"`
	TrafficManagerDNSSuffix      string              `json:"trafficManagerDNSSuffix,omitempty"`
	KeyVaultDNSSuffix            string              `json:"keyVaultDNSSuffix,omitempty"`
	ServiceBusEndpointSuffix     string              `json:"serviceBusEndpointSuffix,omitempty"`
	ServiceManagementVMDNSSuffix string              `json:"serviceManagementVMDNSSuffix,omitempty"`
	ResourceManagerVMDNSSuffix   string              `json:"resourceManagerVMDNSSuffix,omitempty"`
	ContainerRegistryDNSSuffix   string              `json:"containerRegistryDNSSuffix,omitempty"`
	CosmosDBDNSSuffix            string              `json:"cosmosDBDNSSuffix,omitempty"`
	TokenAudience                string              `json:"tokenAudience,omitempty"`
	ResourceIdentifiers          ResourceIdentifiers `json:"resourceIdentifiers,omitempty"`
}

CustomCloudEnv represents the custom cloud env info of the AKS cluster.

type CustomConfiguration added in v0.22222.0

type CustomConfiguration struct {
	KubernetesConfigurations        map[string]*ComponentConfiguration
	WindowsKubernetesConfigurations map[string]*ComponentConfiguration
}

type CustomConfigurationComponent added in v0.22222.0

type CustomConfigurationComponent string
const (
	ComponentkubeProxy CustomConfigurationComponent = "kube-proxy"
	Componentkubelet   CustomConfigurationComponent = "kubelet"
)

type CustomFile

type CustomFile struct {
	Source string `json:"source,omitempty"`
	Dest   string `json:"dest,omitempty"`
}

CustomFile has source as the full absolute source path to a file and dest is the full absolute desired destination path to put the file on a master node.

type CustomKubeletConfig

type CustomKubeletConfig struct {
	CPUManagerPolicy      string    `json:"cpuManagerPolicy,omitempty"`
	CPUCfsQuota           *bool     `json:"cpuCfsQuota,omitempty"`
	CPUCfsQuotaPeriod     string    `json:"cpuCfsQuotaPeriod,omitempty"`
	ImageGcHighThreshold  *int32    `json:"imageGcHighThreshold,omitempty"`
	ImageGcLowThreshold   *int32    `json:"imageGcLowThreshold,omitempty"`
	TopologyManagerPolicy string    `json:"topologyManagerPolicy,omitempty"`
	AllowedUnsafeSysctls  *[]string `json:"allowedUnsafeSysctls,omitempty"`
	FailSwapOn            *bool     `json:"failSwapOn,omitempty"`
	ContainerLogMaxSizeMB *int32    `json:"containerLogMaxSizeMB,omitempty"`
	ContainerLogMaxFiles  *int32    `json:"containerLogMaxFiles,omitempty"`
	PodMaxPids            *int32    `json:"podMaxPids,omitempty"`
	SeccompDefault        *bool     `json:"seccompDefault,omitempty"`
}

CustomKubeletConfig represents custom kubelet configurations for agent pool nodes.

type CustomLinuxOSConfig

type CustomLinuxOSConfig struct {
	Sysctls                    *SysctlConfig `json:"sysctls,omitempty"`
	TransparentHugePageEnabled string        `json:"transparentHugePageEnabled,omitempty"`
	TransparentHugePageDefrag  string        `json:"transparentHugePageDefrag,omitempty"`
	SwapFileSizeMB             *int32        `json:"swapFileSizeMB,omitempty"`
	UlimitConfig               *UlimitConfig `json:"ulimitConfig,omitempty"`
}

CustomLinuxOSConfig represents custom os configurations for agent pool nodes.

func (*CustomLinuxOSConfig) GetUlimitConfig added in v0.22222.0

func (c *CustomLinuxOSConfig) GetUlimitConfig() *UlimitConfig

type CustomProfile

type CustomProfile struct {
	Orchestrator string `json:"orchestrator,omitempty"`
}

CustomProfile specifies custom properties that are used for cluster instantiation. Should not be used by most users.

type CustomSearchDomain

type CustomSearchDomain struct {
	Name          string `json:"name,omitempty"`
	RealmUser     string `json:"realmUser,omitempty"`
	RealmPassword string `json:"realmPassword,omitempty"`
}

CustomSearchDomain represents the Search Domain when the custom vnet has a windows server DNS as a nameserver.

type DiagnosticsProfile

type DiagnosticsProfile struct {
	VMDiagnostics *VMDiagnostics `json:"vmDiagnostics"`
}

DiagnosticsProfile setting to enable/disable capturing. diagnostics for VMs hosting container cluster.

type Distro

type Distro string

Distro represents Linux distro to use for Linux VMs.

const (
	Ubuntu                              Distro = "ubuntu"
	Ubuntu1804                          Distro = "ubuntu-18.04"
	Ubuntu1804Gen2                      Distro = "ubuntu-18.04-gen2"
	AKSUbuntu1804Gen2                   Distro = "ubuntu-18.04-gen2" // same distro as Ubuntu1804Gen2, renamed for clarity
	AKSUbuntu1604                       Distro = "aks-ubuntu-16.04"
	AKSUbuntu1804                       Distro = "aks-ubuntu-18.04"
	AKSUbuntuGPU1804                    Distro = "aks-ubuntu-gpu-18.04"
	AKSUbuntuGPU1804Gen2                Distro = "aks-ubuntu-gpu-18.04-gen2"
	AKSUbuntuContainerd1804             Distro = "aks-ubuntu-containerd-18.04"
	AKSUbuntuContainerd1804Gen2         Distro = "aks-ubuntu-containerd-18.04-gen2"
	AKSUbuntuGPUContainerd1804          Distro = "aks-ubuntu-gpu-containerd-18.04"
	AKSUbuntuGPUContainerd1804Gen2      Distro = "aks-ubuntu-gpu-containerd-18.04-gen2"
	AKSCBLMarinerV1                     Distro = "aks-cblmariner-v1"
	AKSCBLMarinerV2                     Distro = "aks-cblmariner-v2"
	AKSAzureLinuxV2                     Distro = "aks-azurelinux-v2"
	AKSAzureLinuxV3                     Distro = "aks-azurelinux-v3"
	AKSCBLMarinerV2Gen2                 Distro = "aks-cblmariner-v2-gen2"
	AKSAzureLinuxV2Gen2                 Distro = "aks-azurelinux-v2-gen2"
	AKSAzureLinuxV3Gen2                 Distro = "aks-azurelinux-v3-gen2"
	AKSCBLMarinerV2FIPS                 Distro = "aks-cblmariner-v2-fips"
	AKSAzureLinuxV2FIPS                 Distro = "aks-azurelinux-v2-fips"
	AKSAzureLinuxV3FIPS                 Distro = "aks-azurelinux-v3-fips"
	AKSCBLMarinerV2Gen2FIPS             Distro = "aks-cblmariner-v2-gen2-fips"
	AKSAzureLinuxV2Gen2FIPS             Distro = "aks-azurelinux-v2-gen2-fips"
	AKSAzureLinuxV3Gen2FIPS             Distro = "aks-azurelinux-v3-gen2-fips"
	AKSCBLMarinerV2Gen2Kata             Distro = "aks-cblmariner-v2-gen2-kata"
	AKSAzureLinuxV2Gen2Kata             Distro = "aks-azurelinux-v2-gen2-kata"
	AKSCBLMarinerV2Gen2TL               Distro = "aks-cblmariner-v2-gen2-tl"
	AKSAzureLinuxV2Gen2TL               Distro = "aks-azurelinux-v2-gen2-tl"
	AKSCBLMarinerV2KataGen2TL           Distro = "aks-cblmariner-v2-kata-gen2-tl"
	AKSUbuntuFipsContainerd1804         Distro = "aks-ubuntu-fips-containerd-18.04"
	AKSUbuntuFipsContainerd1804Gen2     Distro = "aks-ubuntu-fips-containerd-18.04-gen2"
	AKSUbuntuFipsContainerd2004         Distro = "aks-ubuntu-fips-containerd-20.04"
	AKSUbuntuFipsContainerd2004Gen2     Distro = "aks-ubuntu-fips-containerd-20.04-gen2"
	AKSUbuntuFipsContainerd2204         Distro = "aks-ubuntu-fips-containerd-22.04"
	AKSUbuntuFipsContainerd2204Gen2     Distro = "aks-ubuntu-fips-containerd-22.04-gen2"
	AKSUbuntuEdgeZoneContainerd1804     Distro = "aks-ubuntu-edgezone-containerd-18.04"
	AKSUbuntuEdgeZoneContainerd1804Gen2 Distro = "aks-ubuntu-edgezone-containerd-18.04-gen2"
	AKSUbuntuEdgeZoneContainerd2204     Distro = "aks-ubuntu-edgezone-containerd-22.04"
	AKSUbuntuEdgeZoneContainerd2204Gen2 Distro = "aks-ubuntu-edgezone-containerd-22.04-gen2"
	AKSUbuntuContainerd2204             Distro = "aks-ubuntu-containerd-22.04"
	AKSUbuntuContainerd2204Gen2         Distro = "aks-ubuntu-containerd-22.04-gen2"
	AKSUbuntuContainerd2004CVMGen2      Distro = "aks-ubuntu-containerd-20.04-cvm-gen2"
	AKSUbuntuArm64Containerd2204Gen2    Distro = "aks-ubuntu-arm64-containerd-22.04-gen2"
	AKSUbuntuArm64Containerd2404Gen2    Distro = "aks-ubuntu-arm64-containerd-24.04-gen2"
	AKSCBLMarinerV2Arm64Gen2            Distro = "aks-cblmariner-v2-arm64-gen2"
	AKSAzureLinuxV2Arm64Gen2            Distro = "aks-azurelinux-v2-arm64-gen2"
	AKSAzureLinuxV3Arm64Gen2            Distro = "aks-azurelinux-v3-arm64-gen2"
	AKSUbuntuContainerd2204TLGen2       Distro = "aks-ubuntu-containerd-22.04-tl-gen2"
	AKSUbuntuMinimalContainerd2204      Distro = "aks-ubuntu-minimal-containerd-22.04"
	AKSUbuntuMinimalContainerd2204Gen2  Distro = "aks-ubuntu-minimal-containerd-22.04-gen2"
	AKSUbuntuEgressContainerd2204Gen2   Distro = "aks-ubuntu-egress-containerd-22.04-gen2"
	AKSUbuntuContainerd2404             Distro = "aks-ubuntu-containerd-24.04"
	AKSUbuntuContainerd2404Gen2         Distro = "aks-ubuntu-containerd-24.04-gen2"

	RHEL              Distro = "rhel"
	CoreOS            Distro = "coreos"
	AKS1604Deprecated Distro = "aks"      // deprecated AKS 16.04 distro. Equivalent to aks-ubuntu-16.04.
	AKS1804Deprecated Distro = "aks-1804" // deprecated AKS 18.04 distro. Equivalent to aks-ubuntu-18.04.

	// Windows string const.
	// AKSWindows2019 stands for distro of windows server 2019 SIG image with docker.
	AKSWindows2019 Distro = "aks-windows-2019"
	// AKSWindows2019Containerd stands for distro for windows server 2019 SIG image with containerd.
	AKSWindows2019Containerd Distro = "aks-windows-2019-containerd"
	// AKSWindows2022Containerd stands for distro for windows server 2022 SIG image with containerd.
	AKSWindows2022Containerd Distro = "aks-windows-2022-containerd"
	// AKSWindows2022ContainerdGen2 stands for distro for windows server 2022 Gen 2 SIG image with containerd.
	AKSWindows2022ContainerdGen2 Distro = "aks-windows-2022-containerd-gen2"
	// AKSWindows23H2 stands for distro for windows 23H2 SIG image.
	AKSWindows23H2 Distro = "aks-windows-23H2"
	// AKSWindows23H2Gen2 stands for distro for windows 23H2 Gen 2 SIG image.
	AKSWindows23H2Gen2 Distro = "aks-windows-23H2-gen2"
	// AKSWindows2019PIR stands for distro of windows server 2019 PIR image with docker.
	AKSWindows2019PIR        Distro = "aks-windows-2019-pir"
	CustomizedImage          Distro = "CustomizedImage"
	CustomizedImageKata      Distro = "CustomizedImageKata"
	CustomizedWindowsOSImage Distro = "CustomizedWindowsOSImage"

	// USNatCloud is a const string reference identifier for USNat.
	USNatCloud = "USNatCloud"
	// USSecCloud is a const string reference identifier for USSec.
	USSecCloud = "USSecCloud"
)

Distro string consts.

func (Distro) Is2204VHDDistro added in v0.22222.0

func (d Distro) Is2204VHDDistro() bool

func (Distro) Is2404VHDDistro added in v0.22222.0

func (d Distro) Is2404VHDDistro() bool

This function will later be consumed by CSE to determine cgroupv2 usage.

func (Distro) IsAzureLinuxCgroupV2VHDDistro added in v0.22222.0

func (d Distro) IsAzureLinuxCgroupV2VHDDistro() bool

func (Distro) IsAzureLinuxDistro added in v0.22222.0

func (d Distro) IsAzureLinuxDistro() bool

func (Distro) IsContainerdDistro

func (d Distro) IsContainerdDistro() bool

IsContainerdSKU returns true if distro type is containerd-enabled.

func (Distro) IsGPUDistro

func (d Distro) IsGPUDistro() bool

func (Distro) IsGen2Distro

func (d Distro) IsGen2Distro() bool

func (Distro) IsKataDistro added in v0.22222.0

func (d Distro) IsKataDistro() bool

func (Distro) IsVHDDistro

func (d Distro) IsVHDDistro() bool

func (Distro) IsWindowsDistro added in v0.22222.0

func (d Distro) IsWindowsDistro() bool

func (Distro) IsWindowsPIRDistro

func (d Distro) IsWindowsPIRDistro() bool

func (Distro) IsWindowsSIGDistro

func (d Distro) IsWindowsSIGDistro() bool

type DockerSpecConfig

type DockerSpecConfig struct {
	DockerEngineRepo         string `json:"dockerEngineRepo,omitempty"`
	DockerComposeDownloadURL string `json:"dockerComposeDownloadURL,omitempty"`
}

DockerSpecConfig is the configurations of docker.

type Duration

type Duration string

type EnvironmentInfo added in v0.22222.0

type EnvironmentInfo struct {
	// SubscriptionID is the customer's subscription ID.
	SubscriptionID string
	// TenantID is the customer's tenant ID.
	TenantID string
	// Region is the customer's region (e.g. eastus).
	Region string
}

EnvironmentInfo represents the set of required fields to determine specifics about the customer's environment. This info will be used in baker APIs to return the correct SIG image config.

type Extension

type Extension struct {
	Name        string `json:"name"`
	SingleOrAll string `json:"singleOrAll"`
	Template    string `json:"template"`
}

Extension represents an extension definition in the master or agentPoolProfile.

type ExtensionProfile

type ExtensionProfile struct {
	Name                           string             `json:"name"`
	Version                        string             `json:"version"`
	ExtensionParameters            string             `json:"extensionParameters,omitempty"`
	ExtensionParametersKeyVaultRef *KeyvaultSecretRef `json:"parametersKeyvaultSecretRef,omitempty"`
	RootURL                        string             `json:"rootURL,omitempty"`
	// This is only needed for preprovision extensions and it needs to be a bash script.
	Script   string `json:"script,omitempty"`
	URLQuery string `json:"urlQuery,omitempty"`
}

ExtensionProfile represents an extension definition.

type FeatureFlags

type FeatureFlags struct {
	EnableCSERunInBackground bool `json:"enableCSERunInBackground,omitempty"`
	BlockOutboundInternet    bool `json:"blockOutboundInternet,omitempty"`
	EnableIPv6DualStack      bool `json:"enableIPv6DualStack,omitempty"`
	EnableIPv6Only           bool `json:"enableIPv6Only,omitempty"`
	EnableWinDSR             bool `json:"enableWinDSR,omitempty"`
}

FeatureFlags defines feature-flag restricted functionality.

func (*FeatureFlags) IsFeatureEnabled

func (f *FeatureFlags) IsFeatureEnabled(feature string) bool

IsFeatureEnabled returns true if a feature flag is on for the provided feature.

type GetLatestSigImageConfigRequest added in v0.22222.0

type GetLatestSigImageConfigRequest struct {
	SIGConfig      SIGConfig
	SubscriptionID string
	TenantID       string
	Region         string
	Distro         Distro
}

GetLatestSigImageConfigRequest describes the input for a GetLatestSigImageConfig HTTP request. This is mostly a wrapper over existing types so RP doesn't have to manually construct JSON.

type HTTPProxyConfig

type HTTPProxyConfig struct {
	HTTPProxy  *string   `json:"httpProxy,omitempty"`
	HTTPSProxy *string   `json:"httpsProxy,omitempty"`
	NoProxy    *[]string `json:"noProxy,omitempty"`
	TrustedCA  *string   `json:"trustedCa,omitempty"`
}

HTTPProxyConfig represents configurations of http proxy.

type HostedMasterProfile

type HostedMasterProfile struct {
	// Master public endpoint/FQDN with port.
	// The format will be FQDN:2376.
	// Not used during PUT, returned as part of GETFQDN.
	FQDN string `json:"fqdn,omitempty"`
	// IPAddress.
	// if both FQDN and IPAddress are specified, we should use IPAddress.
	IPAddress string `json:"ipAddress,omitempty"`
	DNSPrefix string `json:"dnsPrefix"`
	// FQDNSubdomain is used by private cluster without dnsPrefix so they have fixed FQDN.
	FQDNSubdomain string `json:"fqdnSubdomain"`
	/* Subnet holds the CIDR which defines the Azure Subnet in which
	Agents will be provisioned. This is stored on the HostedMasterProfile
	and will become `masterSubnet` in the compiled template. */
	Subnet string `json:"subnet"`
	// ApiServerWhiteListRange is a comma delimited CIDR which is whitelisted to AKS.
	APIServerWhiteListRange *string `json:"apiServerWhiteListRange"`
	IPMasqAgent             bool    `json:"ipMasqAgent"`
}

HostedMasterProfile defines properties for a hosted master.

type ImageReference

type ImageReference struct {
	Name           string `json:"name,omitempty"`
	ResourceGroup  string `json:"resourceGroup,omitempty"`
	SubscriptionID string `json:"subscriptionId,omitempty"`
	Gallery        string `json:"gallery,omitempty"`
	Version        string `json:"version,omitempty"`
}

ImageReference represents a reference to an Image resource in Azure.

func (*ImageReference) IsValid

func (i *ImageReference) IsValid() bool

IsValid returns true if ImageRefernce contains at least Name and ResourceGroup.

type K8sComponents

type K8sComponents struct {
	// Full path to the "pause" image. Used for --pod-infra-container-image.
	// For example: "mcr.microsoft.com/oss/kubernetes/pause:1.3.1".
	PodInfraContainerImageURL string

	// Full path to the hyperkube image.
	// For example: "mcr.microsoft.com/hyperkube-amd64:v1.16.13".
	HyperkubeImageURL string

	// Full path to the Windows package (windowszip) to use.
	// For example: https://acs-mirror.azureedge.net/kubernetes/v1.17.8/windowszip/v1.17.8-1int.zip.
	WindowsPackageURL string

	// Full path to the Linux package (tar.gz) to use.
	// For example: url=https://acs-mirror.azureedge.net/kubernetes/v1.25.6-hotfix.20230612/binaries/v1.25.6-hotfix.20230612.tar.gz
	LinuxPrivatePackageURL string

	// Full path to the Windows credential provider (tar.gz) to use.
	// For example: https://acs-mirror.azureedge.net/cloud-provider-azure/v1.29.4/binaries/azure-acr-credential-provider-windows-amd64-v1.29.4.tar.gz
	WindowsCredentialProviderURL string

	// Full path to the Linux credential provider (tar.gz) to use.
	// For example: "https://acs-mirror.azureedge.net/cloud-provider-azure/v1.29.4/binaries/azure-acr-credential-provider-linux-amd64-v1.29.4.tar.gz"
	LinuxCredentialProviderURL string
}

type KeyVaultCertificate

type KeyVaultCertificate struct {
	CertificateURL   string `json:"certificateUrl,omitempty"`
	CertificateStore string `json:"certificateStore,omitempty"`
}

KeyVaultCertificate specifies a certificate to install. On Linux, the certificate file is placed under the /var/lib/waagent directory with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for the private key. Both of these files are .pem formatted. On windows the certificate will be saved in the specified store.

type KeyVaultID

type KeyVaultID struct {
	ID string `json:"id,omitempty"`
}

KeyVaultID specifies a key vault.

type KeyVaultRef

type KeyVaultRef struct {
	KeyVault      KeyVaultID `json:"keyVault"`
	SecretName    string     `json:"secretName"`
	SecretVersion string     `json:"secretVersion,omitempty"`
}

KeyVaultRef represents a reference to KeyVault instance on Azure.

type KeyVaultSecrets

type KeyVaultSecrets struct {
	SourceVault       *KeyVaultID           `json:"sourceVault,omitempty"`
	VaultCertificates []KeyVaultCertificate `json:"vaultCertificates,omitempty"`
}

KeyVaultSecrets specifies certificates to install on the pool of machines from a given key vault. the key vault specified must have been granted read permissions to CRP.

type KeyvaultSecretRef

type KeyvaultSecretRef struct {
	VaultID       string `json:"vaultID"`
	SecretName    string `json:"secretName"`
	SecretVersion string `json:"version,omitempty"`
}

KeyvaultSecretRef specifies path to the Azure keyvault along with secret name and (optionaly) version for Service Principal's secret.

type KubeletAnonymousAuthentication

type KubeletAnonymousAuthentication struct {
	// enabled allows anonymous requests to the kubelet server.
	// Requests that are not rejected by another authentication method are treated as anonymous requests.
	// Anonymous requests have a username of system:anonymous, and a group name of system:unauthenticated.
	// +optional.
	Enabled bool `json:"enabled,omitempty"`
}

type KubeletAuthentication

type KubeletAuthentication struct {
	// x509 contains settings related to x509 client certificate authentication.
	// +optional.
	X509 KubeletX509Authentication `json:"x509"`
	// webhook contains settings related to webhook bearer token authentication.
	// +optional.
	Webhook KubeletWebhookAuthentication `json:"webhook"`
	// anonymous contains settings related to anonymous authentication.
	// +optional.
	Anonymous KubeletAnonymousAuthentication `json:"anonymous"`
}

below are copied from Kubernetes.

type KubeletAuthorization

type KubeletAuthorization struct {
	// mode is the authorization mode to apply to requests to the kubelet server.
	// Valid values are AlwaysAllow and Webhook.
	// Webhook mode uses the SubjectAccessReview API to determine authorization.
	// +optional.
	Mode KubeletAuthorizationMode `json:"mode,omitempty"`

	// webhook contains settings related to Webhook authorization.
	// +optional.
	Webhook KubeletWebhookAuthorization `json:"webhook"`
}

type KubeletAuthorizationMode

type KubeletAuthorizationMode string

type KubeletDiskType

type KubeletDiskType string

KubeletDiskType describes options for placement of the primary kubelet partition. docker images, emptyDir volumes, and pod logs.

const (
	// OSDisk indicates data wil be shared with the OS.
	OSDisk KubeletDiskType = "OS"
	// TempDisk indicates date will be isolated on the temporary disk.
	TempDisk KubeletDiskType = "Temporary"
)

type KubeletWebhookAuthentication

type KubeletWebhookAuthentication struct {
	// enabled allows bearer token authentication backed by the tokenreviews.authentication.k8s.io API.
	// +optional.
	Enabled bool `json:"enabled,omitempty"`
	// cacheTTL enables caching of authentication results.
	// +optional.
	CacheTTL Duration `json:"cacheTTL,omitempty"`
}

type KubeletWebhookAuthorization

type KubeletWebhookAuthorization struct {
	// cacheAuthorizedTTL is the duration to cache 'authorized' responses from the webhook authorizer.
	// +optional.
	CacheAuthorizedTTL Duration `json:"cacheAuthorizedTTL,omitempty"`
	// cacheUnauthorizedTTL is the duration to cache 'unauthorized' responses from the webhook authorizer.
	// +optional.
	CacheUnauthorizedTTL Duration `json:"cacheUnauthorizedTTL,omitempty"`
}

type KubeletX509Authentication

type KubeletX509Authentication struct {
	/* clientCAFile is the path to a PEM-encoded certificate bundle. If set, any request presenting a client certificate
	signed by one of the authorities in the bundle is authenticated with a username corresponding to the CommonName,
	and groups corresponding to the Organization in the client certificate.
	+optional. */
	ClientCAFile string `json:"clientCAFile,omitempty"`
}

type KubernetesAddon

type KubernetesAddon struct {
	Name       string                    `json:"name,omitempty"`
	Enabled    *bool                     `json:"enabled,omitempty"`
	Mode       string                    `json:"mode,omitempty"`
	Containers []KubernetesContainerSpec `json:"containers,omitempty"`
	Config     map[string]string         `json:"config,omitempty"`
	Pools      []AddonNodePoolsConfig    `json:"pools,omitempty"`
	Data       string                    `json:"data,omitempty"`
}

KubernetesAddon defines a list of addons w/ configuration to include with the cluster deployment.

func (KubernetesAddon) GetAddonContainersIndexByName

func (a KubernetesAddon) GetAddonContainersIndexByName(containerName string) int

GetAddonContainersIndexByName returns the KubernetesAddon containers index with the name `containerName`.

func (*KubernetesAddon) IsDisabled

func (a *KubernetesAddon) IsDisabled() bool

IsDisabled returns true if the addon is explicitly disabled.

func (*KubernetesAddon) IsEnabled

func (a *KubernetesAddon) IsEnabled() bool

IsEnabled returns true if the addon is enabled.

type KubernetesConfig

type KubernetesConfig struct {
	KubernetesImageBase               string            `json:"kubernetesImageBase,omitempty"`
	MCRKubernetesImageBase            string            `json:"mcrKubernetesImageBase,omitempty"`
	ClusterSubnet                     string            `json:"clusterSubnet,omitempty"`
	NetworkPolicy                     string            `json:"networkPolicy,omitempty"`
	NetworkPlugin                     string            `json:"networkPlugin,omitempty"`
	NetworkMode                       string            `json:"networkMode,omitempty"`
	ContainerRuntime                  string            `json:"containerRuntime,omitempty"`
	MaxPods                           int               `json:"maxPods,omitempty"`
	DockerBridgeSubnet                string            `json:"dockerBridgeSubnet,omitempty"`
	DNSServiceIP                      string            `json:"dnsServiceIP,omitempty"`
	ServiceCIDR                       string            `json:"serviceCidr,omitempty"`
	UseManagedIdentity                bool              `json:"useManagedIdentity,omitempty"`
	UserAssignedID                    string            `json:"userAssignedID,omitempty"`
	UserAssignedClientID              string            `json:"userAssignedClientID,omitempty"` //nolint: lll // Note: cannot be provided in config. Used *only* for transferring this to azure.json.
	CustomHyperkubeImage              string            `json:"customHyperkubeImage,omitempty"`
	CustomKubeProxyImage              string            `json:"customKubeProxyImage,omitempty"`
	CustomKubeBinaryURL               string            `json:"customKubeBinaryURL,omitempty"`
	MobyVersion                       string            `json:"mobyVersion,omitempty"`
	ContainerdVersion                 string            `json:"containerdVersion,omitempty"`
	WindowsNodeBinariesURL            string            `json:"windowsNodeBinariesURL,omitempty"`
	WindowsContainerdURL              string            `json:"windowsContainerdURL,omitempty"`
	WindowsSdnPluginURL               string            `json:"windowsSdnPluginURL,omitempty"`
	UseInstanceMetadata               *bool             `json:"useInstanceMetadata,omitempty"`
	EnableRbac                        *bool             `json:"enableRbac,omitempty"`
	EnableSecureKubelet               *bool             `json:"enableSecureKubelet,omitempty"`
	PrivateCluster                    *PrivateCluster   `json:"privateCluster,omitempty"`
	GCHighThreshold                   int               `json:"gchighthreshold,omitempty"`
	GCLowThreshold                    int               `json:"gclowthreshold,omitempty"`
	EnableEncryptionWithExternalKms   *bool             `json:"enableEncryptionWithExternalKms,omitempty"`
	Addons                            []KubernetesAddon `json:"addons,omitempty"`
	ContainerRuntimeConfig            map[string]string `json:"containerRuntimeConfig,omitempty"`
	ControllerManagerConfig           map[string]string `json:"controllerManagerConfig,omitempty"`
	SchedulerConfig                   map[string]string `json:"schedulerConfig,omitempty"`
	CloudProviderBackoffMode          string            `json:"cloudProviderBackoffMode"`
	CloudProviderBackoff              *bool             `json:"cloudProviderBackoff,omitempty"`
	CloudProviderBackoffRetries       int               `json:"cloudProviderBackoffRetries,omitempty"`
	CloudProviderBackoffJitter        float64           `json:"cloudProviderBackoffJitter,omitempty"`
	CloudProviderBackoffDuration      int               `json:"cloudProviderBackoffDuration,omitempty"`
	CloudProviderBackoffExponent      float64           `json:"cloudProviderBackoffExponent,omitempty"`
	CloudProviderRateLimit            *bool             `json:"cloudProviderRateLimit,omitempty"`
	CloudProviderRateLimitQPS         float64           `json:"cloudProviderRateLimitQPS,omitempty"`
	CloudProviderRateLimitQPSWrite    float64           `json:"cloudProviderRateLimitQPSWrite,omitempty"`
	CloudProviderRateLimitBucket      int               `json:"cloudProviderRateLimitBucket,omitempty"`
	CloudProviderRateLimitBucketWrite int               `json:"cloudProviderRateLimitBucketWrite,omitempty"`
	CloudProviderDisableOutboundSNAT  *bool             `json:"cloudProviderDisableOutboundSNAT,omitempty"`
	NodeStatusUpdateFrequency         string            `json:"nodeStatusUpdateFrequency,omitempty"`
	LoadBalancerSku                   string            `json:"loadBalancerSku,omitempty"`
	ExcludeMasterFromStandardLB       *bool             `json:"excludeMasterFromStandardLB,omitempty"`
	AzureCNIURLLinux                  string            `json:"azureCNIURLLinux,omitempty"`
	AzureCNIURLARM64Linux             string            `json:"azureCNIURLARM64Linux,omitempty"`
	AzureCNIURLWindows                string            `json:"azureCNIURLWindows,omitempty"`
	MaximumLoadBalancerRuleCount      int               `json:"maximumLoadBalancerRuleCount,omitempty"`
	PrivateAzureRegistryServer        string            `json:"privateAzureRegistryServer,omitempty"`
	NetworkPluginMode                 string            `json:"networkPluginMode,omitempty"`
}

KubernetesConfig contains the Kubernetes config structure, containing Kubernetes specific configuration.

func (*KubernetesConfig) GetAddonByName

func (k *KubernetesConfig) GetAddonByName(addonName string) KubernetesAddon

GetAddonByName returns the KubernetesAddon instance with name `addonName`.

func (*KubernetesConfig) GetAzureCNIURLARM64Linux added in v0.22222.0

func (k *KubernetesConfig) GetAzureCNIURLARM64Linux(cloudSpecConfig *AzureEnvironmentSpecConfig) string

GetAzureCNIURLARM64Linux returns the full URL to source Azure CNI binaries for ARM64 Linux from.

func (*KubernetesConfig) GetAzureCNIURLLinux

func (k *KubernetesConfig) GetAzureCNIURLLinux(cloudSpecConfig *AzureEnvironmentSpecConfig) string

GetAzureCNIURLLinux returns the full URL to source Azure CNI binaries from.

func (*KubernetesConfig) GetAzureCNIURLWindows

func (k *KubernetesConfig) GetAzureCNIURLWindows(cloudSpecConfig *AzureEnvironmentSpecConfig) string

GetAzureCNIURLWindows returns the full URL to source Azure CNI binaries from.

func (*KubernetesConfig) IsAADPodIdentityEnabled

func (k *KubernetesConfig) IsAADPodIdentityEnabled() bool

IsAADPodIdentityEnabled checks if the AAD pod identity addon is enabled.

func (*KubernetesConfig) IsAddonDisabled

func (k *KubernetesConfig) IsAddonDisabled(addonName string) bool
IsAddonDisabled checks whether a k8s addon with name "addonName"

is explicitly disabled based on the Enabled field of KubernetesAddon. If the value of Enabled is nil, we return false (not explicitly disabled).

func (*KubernetesConfig) IsAddonEnabled

func (k *KubernetesConfig) IsAddonEnabled(addonName string) bool
IsAddonEnabled checks whether a k8s addon with name "addonName" is enabled or not based on the Enabled

field of KubernetesAddon. If the value of Enabled is nil, the "defaultValue" is returned.

func (*KubernetesConfig) IsIPMasqAgentDisabled

func (k *KubernetesConfig) IsIPMasqAgentDisabled() bool

IsIPMasqAgentDisabled checks if the ip-masq-agent addon is disabled.

func (*KubernetesConfig) IsIPMasqAgentEnabled

func (k *KubernetesConfig) IsIPMasqAgentEnabled() bool

IsIPMasqAgentEnabled checks if the ip-masq-agent addon is enabled.

func (*KubernetesConfig) IsRBACEnabled

func (k *KubernetesConfig) IsRBACEnabled() bool

IsRBACEnabled checks if RBAC is enabled.

func (*KubernetesConfig) IsUsingNetworkPluginMode added in v0.22222.0

func (k *KubernetesConfig) IsUsingNetworkPluginMode(mode string) bool

IsUsingNetworkPluginMode returns true of NetworkPluginMode matches mode param.

func (*KubernetesConfig) NeedsContainerd

func (k *KubernetesConfig) NeedsContainerd() bool

NeedsContainerd returns whether or not we need the containerd runtime configuration. E.g., kata configuration requires containerd config.

func (*KubernetesConfig) PrivateJumpboxProvision

func (k *KubernetesConfig) PrivateJumpboxProvision() bool

PrivateJumpboxProvision checks if a private cluster has jumpbox auto-provisioning.

func (*KubernetesConfig) RequiresDocker

func (k *KubernetesConfig) RequiresDocker() bool

RequiresDocker returns if the kubernetes settings require docker binary to be installed.

func (*KubernetesConfig) UserAssignedIDEnabled

func (k *KubernetesConfig) UserAssignedIDEnabled() bool

UserAssignedIDEnabled checks if the user assigned ID is enabled or not.

type KubernetesContainerSpec

type KubernetesContainerSpec struct {
	Name           string `json:"name,omitempty"`
	Image          string `json:"image,omitempty"`
	CPURequests    string `json:"cpuRequests,omitempty"`
	MemoryRequests string `json:"memoryRequests,omitempty"`
	CPULimits      string `json:"cpuLimits,omitempty"`
	MemoryLimits   string `json:"memoryLimits,omitempty"`
}

KubernetesContainerSpec defines configuration for a container spec.

type KubernetesSpecConfig

type KubernetesSpecConfig struct {
	AzureTelemetryPID                    string `json:"azureTelemetryPID,omitempty"`
	KubernetesImageBase                  string `json:"kubernetesImageBase,omitempty"`
	TillerImageBase                      string `json:"tillerImageBase,omitempty"`
	ACIConnectorImageBase                string `json:"aciConnectorImageBase,omitempty"`
	MCRKubernetesImageBase               string `json:"mcrKubernetesImageBase,omitempty"`
	NVIDIAImageBase                      string `json:"nvidiaImageBase,omitempty"`
	AzureCNIImageBase                    string `json:"azureCNIImageBase,omitempty"`
	CalicoImageBase                      string `json:"CalicoImageBase,omitempty"`
	EtcdDownloadURLBase                  string `json:"etcdDownloadURLBase,omitempty"`
	KubeBinariesSASURLBase               string `json:"kubeBinariesSASURLBase,omitempty"`
	WindowsTelemetryGUID                 string `json:"windowsTelemetryGUID,omitempty"`
	CNIPluginsDownloadURL                string `json:"cniPluginsDownloadURL,omitempty"`
	VnetCNILinuxPluginsDownloadURL       string `json:"vnetCNILinuxPluginsDownloadURL,omitempty"`
	VnetCNIWindowsPluginsDownloadURL     string `json:"vnetCNIWindowsPluginsDownloadURL,omitempty"`
	ContainerdDownloadURLBase            string `json:"containerdDownloadURLBase,omitempty"`
	CSIProxyDownloadURL                  string `json:"csiProxyDownloadURL,omitempty"`
	WindowsProvisioningScriptsPackageURL string `json:"windowsProvisioningScriptsPackageURL,omitempty"`
	WindowsPauseImageURL                 string `json:"windowsPauseImageURL,omitempty"`
	AlwaysPullWindowsPauseImage          bool   `json:"alwaysPullWindowsPauseImage,omitempty"`
	CseScriptsPackageURL                 string `json:"cseScriptsPackageURL,omitempty"`
	CNIARM64PluginsDownloadURL           string `json:"cniARM64PluginsDownloadURL,omitempty"`
	VnetCNIARM64LinuxPluginsDownloadURL  string `json:"vnetCNIARM64LinuxPluginsDownloadURL,omitempty"`
	CredentialProviderURL                string `json:"credentialProviderURL,omitempty"`
}

KubernetesSpecConfig is the kubernetes container images used.

type LinuxProfile

type LinuxProfile struct {
	AdminUsername string `json:"adminUsername"`
	SSH           struct {
		PublicKeys []PublicKey `json:"publicKeys"`
	} `json:"ssh"`
	Secrets            []KeyVaultSecrets   `json:"secrets,omitempty"`
	Distro             Distro              `json:"distro,omitempty"`
	CustomSearchDomain *CustomSearchDomain `json:"customSearchDomain,omitempty"`
}

LinuxProfile represents the linux parameters passed to the cluster.

func (*LinuxProfile) HasSearchDomain

func (l *LinuxProfile) HasSearchDomain() bool

HasSearchDomain returns true if the customer specified secrets to install.

func (*LinuxProfile) HasSecrets

func (l *LinuxProfile) HasSecrets() bool

HasSecrets returns true if the customer specified secrets to install.

type NodeBootstrapping

type NodeBootstrapping struct {
	CustomData     string
	CSE            string
	OSImageConfig  *AzureOSImageConfig
	SigImageConfig *SigImageConfig
}

NodeBootstrapping represents the custom data, CSE, and OS image info needed for node bootstrapping.

type NodeBootstrappingConfiguration

type NodeBootstrappingConfiguration struct {
	ContainerService              *ContainerService
	CloudSpecConfig               *AzureEnvironmentSpecConfig
	K8sComponents                 *K8sComponents
	AgentPoolProfile              *AgentPoolProfile
	TenantID                      string
	SubscriptionID                string
	ResourceGroupName             string
	UserAssignedIdentityClientID  string
	OSSKU                         string
	ConfigGPUDriverIfNeeded       bool
	Disable1804SystemdResolved    bool
	EnableGPUDevicePluginIfNeeded bool
	EnableKubeletConfigFile       bool
	EnableNvidia                  bool
	EnableACRTeleportPlugin       bool
	TeleportdPluginURL            string
	EnableArtifactStreaming       bool
	ContainerdVersion             string
	RuncVersion                   string
	// ContainerdPackageURL and RuncPackageURL are beneficial for testing non-official.
	// containerd and runc, like the pre-released ones.
	// Currently both configurations are for test purpose, and only deb package is supported.
	ContainerdPackageURL string
	RuncPackageURL       string
	// KubeletClientTLSBootstrapToken - kubelet client TLS bootstrap token to use.
	/* When this feature is enabled, we skip kubelet kubeconfig generation and replace it with bootstrap
	kubeconfig. */
	// ref: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-tls-bootstrapping.
	KubeletClientTLSBootstrapToken *string
	// EnableSecureTLSBootstraping - when this feature is enabled we don't hard-code TLS bootstrap tokens at all,
	// instead we create a modified bootstrap kubeconfig which points towards the STLS bootstrap client-go
	// credential plugin installed on the VHD, which will be responsible for generating TLS bootstrap tokens on the fly
	EnableSecureTLSBootstrapping bool
	// CustomSecureTLSBootstrapAADServerAppID serves as an optional override of the AAD server application ID
	// used by the secure TLS bootstrap client-go credential plugin when requesting JWTs from AAD
	CustomSecureTLSBootstrapAADServerAppID string
	FIPSEnabled                            bool
	HTTPProxyConfig                        *HTTPProxyConfig
	KubeletConfig                          map[string]string
	KubeproxyConfig                        map[string]string
	EnableRuncShimV2                       bool
	GPUInstanceProfile                     string
	PrimaryScaleSetName                    string
	SIGConfig                              SIGConfig
	IsARM64                                bool
	CustomCATrustConfig                    *CustomCATrustConfig
	DisableUnattendedUpgrades              bool
	SSHStatus                              SSHStatus
	DisableCustomData                      bool
	OutboundType                           string
	EnableIMDSRestriction                  bool
	// InsertIMDSRestrictionRuleToMangleTable is only checked when EnableIMDSRestriction is true.
	// When this is true, iptables rule will be inserted to `mangle` table. This is for Linux Cilium
	// CNI, which will overwrite the `filter` table so that we can only insert to `mangle` table to avoid
	// our added rule is overwritten by Cilium.
	InsertIMDSRestrictionRuleToMangleTable bool

	// Version is required for node-bootstrapper application to determine the version of the config file.
	Version string
}

NodeBootstrappingConfiguration represents configurations for node bootstrapping.

func (*NodeBootstrappingConfiguration) GetOrderedKubeletConfigStringForPowershell

func (config *NodeBootstrappingConfiguration) GetOrderedKubeletConfigStringForPowershell(customKc *CustomKubeletConfig) string

GetOrderedKubeletConfigStringForPowershell returns an ordered string of key/val pairs for Powershell script consumption.

func (*NodeBootstrappingConfiguration) GetOrderedKubeproxyConfigStringForPowershell added in v0.22222.0

func (config *NodeBootstrappingConfiguration) GetOrderedKubeproxyConfigStringForPowershell() string

GetOrderedKubeproxyConfigStringForPowershell returns an ordered string of key/val pairs for Powershell script consumption.

type OSType

type OSType string

OSType represents OS types of agents.

const (
	Windows OSType = "Windows"
	Linux   OSType = "Linux"
)

the OSTypes supported by vlabs.

type OrchestratorProfile

type OrchestratorProfile struct {
	OrchestratorType    string            `json:"orchestratorType"`
	OrchestratorVersion string            `json:"orchestratorVersion"`
	KubernetesConfig    *KubernetesConfig `json:"kubernetesConfig,omitempty"`
}

OrchestratorProfile contains Orchestrator properties.

func (*OrchestratorProfile) IsAzureCNI

func (o *OrchestratorProfile) IsAzureCNI() bool

IsAzureCNI returns true if Azure CNI network plugin is enabled.

func (*OrchestratorProfile) IsKubernetes

func (o *OrchestratorProfile) IsKubernetes() bool

IsKubernetes returns true if this template is for Kubernetes orchestrator.

func (*OrchestratorProfile) IsNoneCNI added in v0.22222.0

func (o *OrchestratorProfile) IsNoneCNI() bool

IsNoneCNI returns true if network plugin none is enabled.

func (*OrchestratorProfile) VersionIs added in v0.22222.0

func (o *OrchestratorProfile) VersionIs(expr string) bool

VersionIs takes a constraint expression to validate the OrchestratorVersion meets this constraint. Examples of expressions are `>= 1.24` or `!= 1.25.4`. More info: https://github.com/Masterminds/semver#checking-version-constraints.

func (*OrchestratorProfile) VersionSupportsFeatureFlag added in v0.22222.0

func (o *OrchestratorProfile) VersionSupportsFeatureFlag(flag string) bool

type PrivateCluster

type PrivateCluster struct {
	Enabled                *bool                  `json:"enabled,omitempty"`
	EnableHostsConfigAgent *bool                  `json:"enableHostsConfigAgent,omitempty"`
	JumpboxProfile         *PrivateJumpboxProfile `json:"jumpboxProfile,omitempty"`
}

PrivateCluster defines the configuration for a private cluster.

type PrivateEgress added in v0.22222.0

type PrivateEgress struct {
	Enabled                 bool   `json:"enabled"`
	ContainerRegistryServer string `json:"containerRegistryServer"`
	ProxyAddress            string `json:"proxyAddress"`
}

type PrivateJumpboxProfile

type PrivateJumpboxProfile struct {
	Name           string `json:"name" validate:"required"`
	VMSize         string `json:"vmSize" validate:"required"`
	OSDiskSizeGB   int    `json:"osDiskSizeGB,omitempty" validate:"min=0,max=2048"`
	Username       string `json:"username,omitempty"`
	PublicKey      string `json:"publicKey" validate:"required"`
	StorageProfile string `json:"storageProfile,omitempty"`
}

PrivateJumpboxProfile represents a jumpbox definition.

type Properties

type Properties struct {
	ClusterID               string
	ProvisioningState       ProvisioningState        `json:"provisioningState,omitempty"`
	OrchestratorProfile     *OrchestratorProfile     `json:"orchestratorProfile,omitempty"`
	AgentPoolProfiles       []*AgentPoolProfile      `json:"agentPoolProfiles,omitempty"`
	LinuxProfile            *LinuxProfile            `json:"linuxProfile,omitempty"`
	WindowsProfile          *WindowsProfile          `json:"windowsProfile,omitempty"`
	ExtensionProfiles       []*ExtensionProfile      `json:"extensionProfiles"`
	DiagnosticsProfile      *DiagnosticsProfile      `json:"diagnosticsProfile,omitempty"`
	ServicePrincipalProfile *ServicePrincipalProfile `json:"servicePrincipalProfile,omitempty"`
	CertificateProfile      *CertificateProfile      `json:"certificateProfile,omitempty"`
	AADProfile              *AADProfile              `json:"aadProfile,omitempty"`
	CustomProfile           *CustomProfile           `json:"customProfile,omitempty"`
	HostedMasterProfile     *HostedMasterProfile     `json:"hostedMasterProfile,omitempty"`
	AddonProfiles           map[string]AddonProfile  `json:"addonProfiles,omitempty"`
	FeatureFlags            *FeatureFlags            `json:"featureFlags,omitempty"`
	CustomCloudEnv          *CustomCloudEnv          `json:"customCloudEnv,omitempty"`
	CustomConfiguration     *CustomConfiguration     `json:"customConfiguration,omitempty"`
	SecurityProfile         *SecurityProfile         `json:"securityProfile,omitempty"`
}

Properties represents the AKS cluster definition.

func GetK8sDefaultProperties

func GetK8sDefaultProperties(hasWindows bool) *Properties

GetK8sDefaultProperties returns a struct of type Properties for testing purposes.

func (*Properties) AreAgentProfilesCustomVNET

func (p *Properties) AreAgentProfilesCustomVNET() bool

AreAgentProfilesCustomVNET returns true if all of the agent profiles in the clusters are configured with VNET.

func (*Properties) GetClusterID

func (p *Properties) GetClusterID() string

GetClusterID creates a unique 8 string cluster ID.

func (*Properties) GetComponentKubernetesConfiguration added in v0.22222.0

func (p *Properties) GetComponentKubernetesConfiguration(component CustomConfigurationComponent) *ComponentConfiguration

func (*Properties) GetComponentWindowsKubernetesConfiguration added in v0.22222.0

func (p *Properties) GetComponentWindowsKubernetesConfiguration(component CustomConfigurationComponent) *ComponentConfiguration

func (*Properties) GetCustomCloudName

func (p *Properties) GetCustomCloudName() string

GetCustomCloudName returns name of environment if customCloudProfile is provided, returns empty string if customCloudProfile is empty.Because customCloudProfile is empty for deployment is AzurePublicCloud, AzureChinaCloud, AzureGermanCloud, AzureUSGovernmentCloud, the return value will be empty string for those clouds.

func (*Properties) GetCustomEnvironmentJSON

func (p *Properties) GetCustomEnvironmentJSON(escape bool) (string, error)

GetCustomEnvironmentJSON return the JSON format string for custom environment.

func (*Properties) GetKubeProxyFeatureGatesWindowsArguments

func (p *Properties) GetKubeProxyFeatureGatesWindowsArguments() string

GetKubeProxyFeatureGatesWindowsArguments returns the feature gates string for the kube-proxy arguments in Windows nodes.

func (*Properties) GetNSGName

func (p *Properties) GetNSGName() string

GetNSGName returns the name of the network security group of the cluster.

func (*Properties) GetPrimaryAvailabilitySetName

func (p *Properties) GetPrimaryAvailabilitySetName() string

GetPrimaryAvailabilitySetName returns the name of the primary availability set of the cluster.

func (*Properties) GetResourcePrefix

func (p *Properties) GetResourcePrefix() string

GetResourcePrefix returns the prefix to use for naming cluster resources.

func (*Properties) GetRouteTableName

func (p *Properties) GetRouteTableName() string

GetRouteTableName returns the route table name of the cluster.

func (*Properties) GetSubnetName

func (p *Properties) GetSubnetName() string

GetSubnetName returns the subnet name of the cluster based on its current configuration.

func (*Properties) GetVMType

func (p *Properties) GetVMType() string

GetVMType returns the type of VM "vmss" or "standard" to be passed to the cloud provider.

func (*Properties) GetVNetResourceGroupName

func (p *Properties) GetVNetResourceGroupName() string

GetVNetResourceGroupName returns the virtual network resource group name of the cluster.

func (*Properties) GetVirtualNetworkName

func (p *Properties) GetVirtualNetworkName() string

GetVirtualNetworkName returns the virtual network name of the cluster.

func (*Properties) HasAadProfile

func (p *Properties) HasAadProfile() bool

HasAadProfile returns true if the has aad profile.

func (*Properties) HasDCSeriesSKU

func (p *Properties) HasDCSeriesSKU() bool

HasDCSeriesSKU returns whether or not there is an DC series SKU agent pool.

func (*Properties) HasVMSSAgentPool

func (p *Properties) HasVMSSAgentPool() bool

HasVMSSAgentPool returns true if the cluster contains Virtual Machine Scale Sets agent pools.

func (*Properties) HasWindows

func (p *Properties) HasWindows() bool

HasWindows returns true if the cluster contains windows.

func (*Properties) IsAKSCustomCloud

func (p *Properties) IsAKSCustomCloud() bool

IsAKSCustomCloud checks if it's in AKS custom cloud.

func (*Properties) IsIPMasqAgentDisabled

func (p *Properties) IsIPMasqAgentDisabled() bool

IsIPMasqAgentDisabled returns true if the ip-masq-agent functionality is disabled.

func (*Properties) IsIPMasqAgentEnabled

func (p *Properties) IsIPMasqAgentEnabled() bool

IsIPMasqAgentEnabled returns true if the cluster has a hosted master and IpMasqAgent is disabled.

func (*Properties) IsVHDDistroForAllNodes

func (p *Properties) IsVHDDistroForAllNodes() bool

IsVHDDistroForAllNodes returns true if all of the agent pools plus masters are running the VHD image.

func (*Properties) K8sOrchestratorName

func (p *Properties) K8sOrchestratorName() string

K8sOrchestratorName returns the 3 character orchestrator code for kubernetes-based clusters.

type ProvisioningState

type ProvisioningState string

ProvisioningState represents the current state of container service resource.

type PublicKey

type PublicKey struct {
	KeyData string `json:"keyData"`
}

PublicKey represents an SSH key for LinuxProfile.

type ResourceIdentifiers

type ResourceIdentifiers struct {
	Graph               string `json:"graph,omitempty"`
	KeyVault            string `json:"keyVault,omitempty"`
	Datalake            string `json:"datalake,omitempty"`
	Batch               string `json:"batch,omitempty"`
	OperationalInsights string `json:"operationalInsights,omitempty"`
	Storage             string `json:"storage,omitempty"`
}

ResourceIdentifiers represents resource ids.

type ResourcePurchasePlan

type ResourcePurchasePlan struct {
	Name          string `json:"name"`
	Product       string `json:"product"`
	PromotionCode string `json:"promotionCode"`
	Publisher     string `json:"publisher"`
}

ResourcePurchasePlan defines resource plan as required by ARM for billing purposes.

type RuntimeHandlers

type RuntimeHandlers struct {
	BuildNumber string `json:"buildNumber,omitempty"`
}

RuntimeHandlers configures the runtime settings in containerd.

type SIGAzureEnvironmentSpecConfig

type SIGAzureEnvironmentSpecConfig struct {
	CloudName                    string                    `json:"cloudName,omitempty"`
	SigTenantID                  string                    `json:"sigTenantID,omitempty"`
	SubscriptionID               string                    `json:"subscriptionID,omitempty"`
	SigUbuntuImageConfig         map[Distro]SigImageConfig `json:"sigUbuntuImageConfig,omitempty"`
	SigCBLMarinerImageConfig     map[Distro]SigImageConfig `json:"sigCBLMarinerImageConfig,omitempty"`
	SigAzureLinuxImageConfig     map[Distro]SigImageConfig `json:"sigAzureLinuxImageConfig,omitempty"`
	SigWindowsImageConfig        map[Distro]SigImageConfig `json:"sigWindowsImageConfig,omitempty"`
	SigUbuntuEdgeZoneImageConfig map[Distro]SigImageConfig `json:"sigUbuntuEdgeZoneImageConfig,omitempty"`
}

SIGAzureEnvironmentSpecConfig is the overall configuration differences in different cloud environments.

TODO(tonyxu) merge this with AzureEnvironmentSpecConfig from aks-engine(pkg/api/azenvtypes.go) once

it's moved into AKS RP.

func GetAzurePublicSIGConfigForTest

func GetAzurePublicSIGConfigForTest() SIGAzureEnvironmentSpecConfig

GetAzurePublicSIGConfigForTest returns a statically defined sigconfig. This should only be used for unit tests and e2es.

func GetSIGAzureCloudSpecConfig

func GetSIGAzureCloudSpecConfig(sigConfig SIGConfig, region string) (SIGAzureEnvironmentSpecConfig, error)

GetSIGAzureCloudSpecConfig get cloud specific sig config.

type SIGConfig

type SIGConfig struct {
	TenantID       string                      `json:"tenantID"`
	SubscriptionID string                      `json:"subscriptionID"`
	Galleries      map[string]SIGGalleryConfig `json:"galleries"`
}

SIGConfig is used to hold configuration parameters to access AKS VHDs stored in a SIG.

type SIGGalleryConfig

type SIGGalleryConfig struct {
	GalleryName   string `json:"galleryName"`
	ResourceGroup string `json:"resourceGroup"`
}

type SSHStatus added in v0.22222.0

type SSHStatus int
const (
	SSHUnspecified SSHStatus = iota
	SSHOff
	SSHOn
)

type SecurityProfile added in v0.22222.0

type SecurityProfile struct {
	PrivateEgress *PrivateEgress `json:"privateEgress,omitempty"`
}

SecurityProfile begin.

func (*SecurityProfile) GetPrivateEgressContainerRegistryServer added in v0.12345611.0

func (s *SecurityProfile) GetPrivateEgressContainerRegistryServer() string

func (*SecurityProfile) GetProxyAddress added in v0.22222.0

func (s *SecurityProfile) GetProxyAddress() string

type ServicePrincipalProfile

type ServicePrincipalProfile struct {
	ClientID          string             `json:"clientId"`
	Secret            string             `json:"secret,omitempty" conform:"redact"`
	ObjectID          string             `json:"objectId,omitempty"`
	KeyvaultSecretRef *KeyvaultSecretRef `json:"keyvaultSecretRef,omitempty"`
}

ServicePrincipalProfile contains the client and secret used by the cluster for Azure Resource CRUD.

type SigImageConfig

type SigImageConfig struct {
	SigImageConfigTemplate
	SubscriptionID string
}

SigImageConfig represents the SIG image configuration.

type SigImageConfigOpt

type SigImageConfigOpt func(*SigImageConfig)

type SigImageConfigTemplate

type SigImageConfigTemplate struct {
	ResourceGroup string
	Gallery       string
	Definition    string
	Version       string
}

SigImageConfigTemplate represents the SIG image configuration template.

func (SigImageConfigTemplate) WithOptions

func (template SigImageConfigTemplate) WithOptions(options ...SigImageConfigOpt) SigImageConfig

WithOptions converts a SigImageConfigTemplate to SigImageConfig instance via function opts.

type SysctlConfig

type SysctlConfig struct {
	NetCoreSomaxconn               *int32 `json:"netCoreSomaxconn,omitempty"`
	NetCoreNetdevMaxBacklog        *int32 `json:"netCoreNetdevMaxBacklog,omitempty"`
	NetCoreRmemDefault             *int32 `json:"netCoreRmemDefault,omitempty"`
	NetCoreRmemMax                 *int32 `json:"netCoreRmemMax,omitempty"`
	NetCoreWmemDefault             *int32 `json:"netCoreWmemDefault,omitempty"`
	NetCoreWmemMax                 *int32 `json:"netCoreWmemMax,omitempty"`
	NetCoreOptmemMax               *int32 `json:"netCoreOptmemMax,omitempty"`
	NetIpv4TcpMaxSynBacklog        *int32 `json:"netIpv4TcpMaxSynBacklog,omitempty"`
	NetIpv4TcpMaxTwBuckets         *int32 `json:"netIpv4TcpMaxTwBuckets,omitempty"`
	NetIpv4TcpFinTimeout           *int32 `json:"netIpv4TcpFinTimeout,omitempty"`
	NetIpv4TcpKeepaliveTime        *int32 `json:"netIpv4TcpKeepaliveTime,omitempty"`
	NetIpv4TcpKeepaliveProbes      *int32 `json:"netIpv4TcpKeepaliveProbes,omitempty"`
	NetIpv4TcpkeepaliveIntvl       *int32 `json:"netIpv4TcpkeepaliveIntvl,omitempty"`
	NetIpv4TcpTwReuse              *bool  `json:"netIpv4TcpTwReuse,omitempty"`
	NetIpv4IpLocalPortRange        string `json:"netIpv4IpLocalPortRange,omitempty"`
	NetIpv4NeighDefaultGcThresh1   *int32 `json:"netIpv4NeighDefaultGcThresh1,omitempty"`
	NetIpv4NeighDefaultGcThresh2   *int32 `json:"netIpv4NeighDefaultGcThresh2,omitempty"`
	NetIpv4NeighDefaultGcThresh3   *int32 `json:"netIpv4NeighDefaultGcThresh3,omitempty"`
	NetNetfilterNfConntrackMax     *int32 `json:"netNetfilterNfConntrackMax,omitempty"`
	NetNetfilterNfConntrackBuckets *int32 `json:"netNetfilterNfConntrackBuckets,omitempty"`
	FsInotifyMaxUserWatches        *int32 `json:"fsInotifyMaxUserWatches,omitempty"`
	FsFileMax                      *int32 `json:"fsFileMax,omitempty"`
	FsAioMaxNr                     *int32 `json:"fsAioMaxNr,omitempty"`
	FsNrOpen                       *int32 `json:"fsNrOpen,omitempty"`
	KernelThreadsMax               *int32 `json:"kernelThreadsMax,omitempty"`
	VMMaxMapCount                  *int32 `json:"vmMaxMapCount,omitempty"`
	VMSwappiness                   *int32 `json:"vmSwappiness,omitempty"`
	VMVfsCachePressure             *int32 `json:"vmVfsCachePressure,omitempty"`
}

SysctlConfig represents sysctl configs in customLinuxOsConfig.

type TypeMeta

type TypeMeta struct {
	// APIVersion is on every object.
	APIVersion string `json:"apiVersion"`
}

TypeMeta describes an individual API model object.

type UlimitConfig added in v0.22222.0

type UlimitConfig struct {
	MaxLockedMemory string `json:"maxLockedMemory ,omitempty"`
	NoFile          string `json:"noFile,omitempty"`
}

type UserAssignedIdentity

type UserAssignedIdentity struct {
	ResourceID string `json:"resourceId,omitempty"`
	ClientID   string `json:"clientId,omitempty"`
	ObjectID   string `json:"objectId,omitempty"`
}

UserAssignedIdentity contains information that uniquely identifies an identity.

type VMDiagnostics

type VMDiagnostics struct {
	Enabled bool `json:"enabled"`

	// Specifies storage account Uri where Boot Diagnostics (CRP &
	// VMSS BootDiagostics) and VM Diagnostics logs (using Linux
	// Diagnostics Extension) will be stored. Uri will be of standard
	// blob domain. i.e. https://storageaccount.blob.core.windows.net/
	// This field is readonly as ACS RP will create a storage account
	// for the customer.
	StorageURL *neturl.URL `json:"storageUrl"`
}

VMDiagnostics contains settings to on/off boot diagnostics collection in RD Host.

type WindowsProfile

type WindowsProfile struct {
	AdminUsername                 string                     `json:"adminUsername"`
	AdminPassword                 string                     `json:"adminPassword" conform:"redact"`
	CSIProxyURL                   string                     `json:"csiProxyURL,omitempty"`
	EnableCSIProxy                *bool                      `json:"enableCSIProxy,omitempty"`
	ImageRef                      *ImageReference            `json:"imageReference,omitempty"`
	ImageVersion                  string                     `json:"imageVersion"`
	ProvisioningScriptsPackageURL string                     `json:"provisioningScriptsPackageURL,omitempty"`
	WindowsImageSourceURL         string                     `json:"windowsImageSourceURL"`
	WindowsPublisher              string                     `json:"windowsPublisher"`
	WindowsOffer                  string                     `json:"windowsOffer"`
	WindowsSku                    string                     `json:"windowsSku"`
	WindowsDockerVersion          string                     `json:"windowsDockerVersion"`
	Secrets                       []KeyVaultSecrets          `json:"secrets,omitempty"`
	SSHEnabled                    *bool                      `json:"sshEnabled,omitempty"`
	EnableAutomaticUpdates        *bool                      `json:"enableAutomaticUpdates,omitempty"`
	IsCredentialAutoGenerated     *bool                      `json:"isCredentialAutoGenerated,omitempty"`
	EnableAHUB                    *bool                      `json:"enableAHUB,omitempty"`
	WindowsPauseImageURL          string                     `json:"windowsPauseImageURL"`
	AlwaysPullWindowsPauseImage   *bool                      `json:"alwaysPullWindowsPauseImage,omitempty"`
	ContainerdWindowsRuntimes     *ContainerdWindowsRuntimes `json:"containerdWindowsRuntimes,omitempty"`
	WindowsCalicoPackageURL       string                     `json:"windowsCalicoPackageURL,omitempty"`
	//nolint:stylecheck // keep field names the same as RP
	WindowsSecureTlsEnabled *bool `json:"windowsSecureTlsEnabled,omitempty"`
	//nolint:stylecheck // keep field names the same as RP
	WindowsGmsaPackageUrl          string  `json:"windowsGmsaPackageUrl,omitempty"`
	CseScriptsPackageURL           string  `json:"cseScriptsPackageURL,omitempty"`
	GpuDriverURL                   string  `json:"gpuDriverUrl,omitempty"`
	HnsRemediatorIntervalInMinutes *uint32 `json:"hnsRemediatorIntervalInMinutes,omitempty"`
	LogGeneratorIntervalInMinutes  *uint32 `json:"logGeneratorIntervalInMinutes,omitempty"`
}

WindowsProfile represents the windows parameters passed to the cluster.

func (*WindowsProfile) GetContainerdWindowsRuntimeHandlers

func (w *WindowsProfile) GetContainerdWindowsRuntimeHandlers() string

GetContainerdWindowsRuntimeHandlers gets comma separated list of runtimehandler names.

func (*WindowsProfile) GetDefaultContainerdWindowsSandboxIsolation

func (w *WindowsProfile) GetDefaultContainerdWindowsSandboxIsolation() string

GetDefaultContainerdWindowsSandboxIsolation gets the default containerd runtime handler or return default value.

func (*WindowsProfile) GetHnsRemediatorIntervalInMinutes added in v0.22222.0

func (w *WindowsProfile) GetHnsRemediatorIntervalInMinutes() uint32

GetHnsRemediatorIntervalInMinutes gets HnsRemediatorIntervalInMinutes specified or returns default value.

func (*WindowsProfile) GetLogGeneratorIntervalInMinutes added in v0.22222.0

func (w *WindowsProfile) GetLogGeneratorIntervalInMinutes() uint32

GetLogGeneratorIntervalInMinutes gets LogGeneratorIntervalInMinutes specified or returns default value.

func (*WindowsProfile) GetSSHEnabled

func (w *WindowsProfile) GetSSHEnabled() bool

GetSSHEnabled gets it ssh should be enabled for Windows nodes.

func (*WindowsProfile) GetWindowsDockerVersion

func (w *WindowsProfile) GetWindowsDockerVersion() string

GetWindowsDockerVersion gets the docker version specified or returns default value.

func (*WindowsProfile) GetWindowsSku

func (w *WindowsProfile) GetWindowsSku() string

GetWindowsSku gets the marketplace sku specified (such as Datacenter-Core-1809-with-Containers-smalldisk) or returns default value.

func (*WindowsProfile) HasCustomImage

func (w *WindowsProfile) HasCustomImage() bool

HasCustomImage returns true if there is a custom windows os image url specified.

func (*WindowsProfile) HasImageRef

func (w *WindowsProfile) HasImageRef() bool

HasImageRef returns true if the customer brought os image.

func (*WindowsProfile) HasSecrets

func (w *WindowsProfile) HasSecrets() bool

HasSecrets returns true if the customer specified secrets to install.

func (*WindowsProfile) IsAlwaysPullWindowsPauseImage

func (w *WindowsProfile) IsAlwaysPullWindowsPauseImage() bool

IsAlwaysPullWindowsPauseImage returns true if the windows pause image always needs a force pull.

func (*WindowsProfile) IsCSIProxyEnabled

func (w *WindowsProfile) IsCSIProxyEnabled() bool

IsCSIProxyEnabled returns true if csi proxy service should be enable for Windows nodes.

func (*WindowsProfile) IsWindowsSecureTlsEnabled

func (w *WindowsProfile) IsWindowsSecureTlsEnabled() bool

IsWindowsSecureTLSEnabled returns true if secure TLS should be enabled for Windows nodes.

type WorkloadRuntime

type WorkloadRuntime string

WorkloadRuntime describes choices for the type of workload: container or wasm-wasi, currently.

const (
	// OCIContainer indicates that kubelet will be used for a container workload.
	OCIContainer WorkloadRuntime = "OCIContainer"
	// WasmWasi indicates Krustlet will be used for a WebAssembly workload.
	WasmWasi WorkloadRuntime = "WasmWasi"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL