@azure/arm-containerservice package

For schedules like: 'recur every month on the 15th' or 'recur every 3 months on the 20th'.

Profile for enabling a user to access a managed cluster.

Advanced Networking profile for enabling observability and security feature suite on a cluster. For more information see aka.ms/aksadvancednetworking.

Observability profile to enable advanced network metrics and flow logs with historical contexts.

Profile to enable performance-enhancing features on clusters that use Azure CNI powered by Cilium.

Security profile to enable security features on cilium based cluster.

Encryption configuration for Cilium-based clusters. Once enabled all traffic between Cilium managed pods will be encrypted when it leaves the node boundary.

Agent Pool.

Artifact streaming profile for the agent pool.

The list of available versions for an agent pool.

The list of available agent pool versions.

Available version information for an agent pool.

Settings for blue-green upgrade on an agentpool

Specifies a list of machine names from the agent pool to be deleted.

Profile of the managed cluster gateway agent pool.

Network settings of an agent pool.

A historical version that can be used for rollback operations.

The security settings of an agent pool.

Contains read-only information about the Agent Pool.

The list of available upgrades for an agent pool.

The list of available upgrade versions.

Available upgrades for an AgentPool.

Settings for upgrading an agentpool

The Windows agent pool's specific profile.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a AgentPools operations.

Optional parameters.

Specifications on auto-scaling.

Azure Key Vault key management service settings for the security profile.

Settings for upgrading a cluster.

The results of a run command

Version information about a product/service that is compatible with a service mesh revision.

Component information for a Kubernetes version.

components of given Kubernetes version.

Optional parameters for the client.

Profile for Linux VMs in the container service cluster.

Optional parameters.

Profile of network configuration.

Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy defaulting behavior. See https://v<version>.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/ where <version> is represented by a <major version>-<minor version> string. Kubernetes version 1.23 would be '1-23'.

Holds configuration customizations for IPVS. May only be specified if 'mode' is set to 'IPVS'.

Interface representing a ContainerService operations.

SSH configuration for Linux-based VMs running on Azure.

Contains information about SSH certificate public key data.

Data used when creating a target resource from a source resource.

The credential result response.

The list credential result response.

For schedules like: 'recur every day' or 'recur every 3 days'.

A date range. For example, between '2022-12-23' and '2023-01-05'.

Delegated resource properties - internal use only.

A domain name that AKS agent nodes are reaching at.

connect information from the AKS agent nodes to a single endpoint.

The resource management error additional info.

The error detail.

Common error response for all Azure Resource Manager APIs to return error details for failed operations.

The complex type of the extended location.

GPU settings for the Agent Pool.

Available Guardrails Version

Whether the version is default or not and support info.

Contains the IPTag associated with the object.

The IdentityBinding resource.

Managed identity profile for the identity binding.

IdentityBinding OIDC issuer profile.

IdentityBinding properties.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a IdentityBindings operations.

Istio Service Mesh Certificate Authority (CA) configuration. For now, we only support plugin certificates as described here https://aka.ms/asm-plugin-ca

Istio components configuration.

Istio egress gateway configuration.

Istio ingress gateway configuration. For now, we support up to one external ingress gateway named aks-istio-ingressgateway-external and one internal ingress gateway named aks-istio-ingressgateway-internal.

Plugin certificates information for Service Mesh.

Istio service mesh configuration.

Configuration for JWT authenticator in the managed cluster.

The claim mapping expression for JWTAuthenticator.

The claim mappings for JWTAuthenticator.

The extra claim mapping expression for JWTAuthenticator.

The OIDC issuer details for JWTAuthenticator.

The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.

The validation rule for JWTAuthenticator.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a JWTAuthenticators operations.

Kubelet configurations of agent nodes. See AKS custom node configuration for more details.

Kubernetes patch version profile

Encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.

Kubernetes version profile for given major.minor release.

Capabilities on this Kubernetes version.

Hold values properties, which is array of KubernetesVersion

A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

OS configurations of Linux agent nodes. See AKS custom node configuration for more details.

The configurations regarding multiple standard load balancers. If not supplied, single load balancer mode will be used. Multiple standard load balancers mode will be used if at lease one configuration is supplied. There has to be a configuration named kubernetes. The name field will be the name of the corresponding public load balancer. There will be an internal load balancer created if needed, and the name will be <name>-internal. The internal lb shares the same configurations as the external one. The internal lbs are not needed to be included in LoadBalancer list.

Properties for a load balancer resource.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a LoadBalancers operations.

Overrides for localDNS profile.

Configures the per-node local DNS, with VnetDNS and KubeDNS overrides. LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster. For more details see aka.ms/aks/localdns.

A machine. Contains details about the underlying virtual machine. A machine may be visible here but not in kubectl get nodes; if so it may be because the machine has not been registered with the Kubernetes API Server yet.

The properties having to do with machine billing.

The hardware and GPU settings of the machine.

The machine IP address details.

The Kubernetes configurations used by the machine.

network properties of the machine

The operating system and disk used by the machine.

The Linux machine's specific profile.

The properties of the machine

The security settings of the machine.

Contains read-only information about the machine.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a Machines operations.

Planned maintenance configuration, used to configure when updates can be deployed to a Managed Cluster. See planned maintenance for more information about planned maintenance.

Properties used to configure planned maintenance for a Managed Cluster.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a MaintenanceConfigurations operations.

Maintenance window used to configure scheduled auto-upgrade for a Managed Cluster.

Managed cluster.

AADProfile specifies attributes for Azure Active Directory integration. For more details see managed AAD on AKS.

When enabling the operator, a set of AKS managed CRDs and controllers will be installed in the cluster. The operator automates the deployment of OSS models for inference and/or training purposes. It provides a set of preset models and enables distributed inference against them.

Access profile for managed cluster API server.

Managed cluster Access Profile.

A Kubernetes add-on profile for a managed cluster.

Information of user assigned identity used by this add-on.

Profile for the container service agent pool.

Properties for the container service agent pool profile.

Configuration for using a sidecar-less Istio control plane for managed ingress via the Gateway API with App Routing. See https://aka.ms/gateway-on-istio for information on using Istio for ingress via the Gateway API.

Auto upgrade profile for a managed cluster.

Azure Monitor addon profiles for monitoring the managed cluster.

Application Monitoring Profile for Kubernetes Application Container. Collects application logs, metrics and traces through auto-instrumentation of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.

Application Monitoring Auto Instrumentation for Kubernetes Application Container. Deploys web hook to auto-instrument Azure Monitor OpenTelemetry based SDKs to collect OpenTelemetry metrics, logs and traces of the application. See aka.ms/AzureMonitorApplicationMonitoring for an overview.

Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Logs and Traces. Collects OpenTelemetry logs and traces of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.

Application Monitoring Open Telemetry Metrics Profile for Kubernetes Application Container Metrics. Collects OpenTelemetry metrics of the application using Azure Monitor OpenTelemetry based SDKs. See aka.ms/AzureMonitorApplicationMonitoring for an overview.

Azure Monitor Container Insights Profile for Kubernetes Events, Inventory and Container stdout & stderr logs etc. See aka.ms/AzureMonitorContainerInsights for an overview.

Kube State Metrics profile for the Azure Managed Prometheus addon. These optional settings are for the kube-state-metrics pod that is deployed with the addon. See aka.ms/AzureManagedPrometheus-optional-parameters for details.

Metrics profile for the Azure Monitor managed service for Prometheus addon. Collect out-of-the-box Kubernetes infrastructure metrics to send to an Azure Monitor Workspace and configure additional scraping for custom targets. See aka.ms/AzureManagedPrometheus for an overview.

The bootstrap profile.

The cost analysis configuration for the cluster

Health monitor profile for the managed cluster.

Settings for hosted system addons.

Cluster HTTP proxy configuration.

Identity for the managed cluster.

Default domain profile for the managed cluster ingress profile.

Ingress profile for the container service cluster.

Application Load Balancer settings for the ingress profile.

Configuration for the ingress managed gateway. See https://aka.ms/k8s-gateway-api for more details.

Nginx ingress controller configuration for the managed cluster ingress profile.

Application Routing add-on settings for the ingress profile.

Profile of the managed cluster load balancer.

Desired managed outbound IPs for the cluster load balancer.

Desired outbound IP Prefix resources for the cluster load balancer.

Desired outbound IP resources for the cluster load balancer.

Profile of the managed outbound IP resources of the managed cluster.

The metrics profile for the ManagedCluster.

Profile of the managed cluster NAT gateway.

Node provisioning profile for the managed cluster.

Node resource group lockdown profile for a managed cluster.

The OIDC issuer profile of the Managed Cluster.

Details about the pod identity assigned to the Managed Cluster.

A pod identity exception, which allows pods with certain labels to access the Azure Instance Metadata Service (IMDS) endpoint without being intercepted by the node-managed identity (NMI) server. See disable AAD Pod Identity for a specific Pod/Application for more details.

The pod identity profile of the Managed Cluster. See use AAD pod identity for more details on pod identity integration.

An error response from the pod identity provisioning.

An error response from the pod identity provisioning.

Pod identity provisioning information.

The list of available upgrade versions.

Available upgrades for an AgentPool.

Properties of the managed cluster.

Parameters to be applied to the cluster-autoscaler when enabled

managed cluster properties for snapshot, these properties are read only.

The SKU of a Managed Cluster.

Security profile for the container service cluster.

Microsoft Defender settings for the security profile.

Microsoft Defender settings for security gating, validates container images eligibility for deployment based on Defender for Containers security findings. Using Admission Controller, it either audits or prevents the deployment of images that do not meet security standards.

Identity information used by Defender security gating to access container registries.

Microsoft Defender settings for the security profile threat detection.

Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here are settings for the security profile.

Image integrity related settings for the security profile.

Node Restriction settings for the security profile.

Workload identity settings for the security profile.

Information about a service principal identity for the cluster to use for manipulating Azure APIs.

A managed cluster snapshot resource.

Properties for a managed cluster snapshot.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a ManagedClusterSnapshots operations.

Optional parameters.

The Static Egress Gateway addon configuration for the cluster.

Contains read-only information about the Managed Cluster.

Storage profile for the container service cluster.

AzureBlob CSI Driver settings for the storage profile.

AzureDisk CSI Driver settings for the storage profile.

AzureFile CSI Driver settings for the storage profile.

Snapshot Controller settings for the storage profile.

The list of available upgrades for compute pools.

Control plane and agent pool upgrade profiles.

Configurations for Gateway API providers to be used for managed ingress with App Routing.

Profile for Windows VMs in the managed cluster.

Workload Auto-scaler profile for the managed cluster.

KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.

VPA (Vertical Pod Autoscaler) settings for the workload auto-scaler profile.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a ManagedClusters operations.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Namespace managed by ARM.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a ManagedNamespaces operations.

Optional parameters.

User assigned identity properties.

Specifications on number of machines.

Mesh membership of a managed cluster.

Private connect profile for mesh membership.

Mesh membership properties of a managed cluster.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a MeshMemberships operations.

Holds information on upgrades and compatibility for given major.minor mesh release.

Mesh revision profile for a mesh.

Mesh revision profile properties for a mesh

Upgrade profile for given mesh.

Mesh upgrade profile properties for a major.minor release.

Properties of a namespace managed by ARM

Default network policy of the namespace, specifying ingress and egress rules.

network profile for managed cluster snapshot, these properties are read only.

Settings to determine the node customization used to provision nodes in a pool.

node image version profile for given major.minor.patch release.

NVIDIA-specific GPU settings

The current status of an async operation.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a OperationStatusResult operations.

Describes the properties of a Operation value.

Describes the properties of a Operation Value Display.

Optional parameters.

Interface representing a Operations operations.

Egress endpoints which AKS agent nodes connect to for common purpose.

Options for the byPage method

An interface that allows async iterable iteration both to completion and by page.

The port range.

Describes the Power State of the cluster

Private endpoint which a connection belongs to.

A private endpoint connection

A list of private endpoint connections

Properties of a private endpoint connection.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a PrivateEndpointConnections operations.

Optional parameters.

A private link resource

Optional parameters.

A list of private link resources

Interface representing a PrivateLinkResources operations.

The state of a private link service connection.

The resource model definition for a Azure Resource Manager proxy resource. It will not have tags and a location

The names of the load balancers to rebalance. If set to empty, all load balancers will be rebalanced.

For schedules like: 'recur every month on the first Monday' or 'recur every 3 months on last Friday'.

Interface representing a ResolvePrivateLinkServiceId operations.

Optional parameters.

Common fields that are returned in the response for all Azure Resource Manager resources

Resource quota for the namespace.

A reference to an Azure resource.

Describes an available Compute SKU.

Describes The SKU capabilities object.

Describes scaling information of a SKU.

Describes metadata for retrieving price info.

Describes an available Compute SKU Location Information.

Describes an available Compute SKU Restriction Information.

Describes scaling information of a SKU.

Describes The zonal capabilities of a SKU.

A run command request

run command result.

Available Safeguards Version

Whether the version is default or not and support info.

Specifications on how to scale a VirtualMachines agent pool.

One and only one of the schedule types should be specified. Choose either 'daily', 'weekly', 'absoluteMonthly' or 'relativeMonthly' for your maintenance schedule.

The scheduler profile for a single scheduler instance.

The pod scheduler profile for the cluster.

Mapping of each scheduler instance to its profile.

Profile for configuring image pull authentication to use service account scoped managed identities for authentication instead of node scoped managed identity (kubelet identity) for authentication to Azure Container Registry. For more information, refer to https://aka.ms/aks/identity-binding/acr-image-pull/docs

Service mesh profile for a managed cluster.

A simple poller that can be used to poll a long running operation.

A node pool snapshot resource.

Properties used to configure a node pool snapshot.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a Snapshots operations.

Optional parameters.

Sysctl settings for Linux agent nodes.

Metadata pertaining to creation and last modification of the resource.

Tags object for patch operations.

Time in a week.

A time range. For example, between 2021-05-25T13:00:00Z and 2021-05-25T14:00:00Z.

The resource model definition for an Azure Resource Manager tracked top level resource which has 'tags' and a 'location'

Trusted access role definition.

Defines binding between a resource and role

Properties for trusted access role binding

Optional parameters.

Optional parameters.

Optional parameters.

Optional parameters.

Interface representing a TrustedAccessRoleBindings operations.

Rule for trusted access role

Optional parameters.

Interface representing a TrustedAccessRoles operations.

Settings for overrides when upgrading a cluster.

Details about a user assigned identity.

Current status on a group of nodes of the same vm size.

Specifications on VirtualMachines agent pool.

Optional parameters.

Interface representing a VmSkus operations.

For schedules like: 'recur every Monday' or 'recur every 3 weeks on Wednesday'.

Windows gMSA Profile in the managed cluster.

Enable advanced network acceleration options. This allows users to configure acceleration using BPF host routing. This can be enabled only with Cilium dataplane. If not specified, the default value is None (no acceleration). The acceleration mode can be changed on a pre-existing cluster. See https://aka.ms/acnsperformance for a detailed explanation
KnownAccelerationMode can be used interchangeably with AccelerationMode, this enum contains the known values that the service supports.

Known values supported by the service

BpfVeth: Enable eBPF host routing with veth device mode.
None: Disable acceleration options.

Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.
KnownAddonAutoscaling can be used interchangeably with AddonAutoscaling, this enum contains the known values that the service supports.

Known values supported by the service

Enabled: Feature to autoscale AKS-managed add-ons is enabled. The default VPA update mode is Initial mode.
Disabled: Feature to autoscale AKS-managed add-ons is disabled.

Action if Kubernetes namespace with same name already exists.
KnownAdoptionPolicy can be used interchangeably with AdoptionPolicy, this enum contains the known values that the service supports.

Known values supported by the service

Never: If the namespace already exists in Kubernetes, attempts to create that same namespace in ARM will fail.
IfIdentical: Take over the existing namespace to be managed by ARM, if there is no difference.
Always: Always take over the existing namespace to be managed by ARM, some fields might be overwritten.

Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true.
KnownAdvancedNetworkPolicies can be used interchangeably with AdvancedNetworkPolicies, this enum contains the known values that the service supports.

Known values supported by the service

L7: Enable Layer7 network policies (FQDN, HTTP/S, Kafka). This option is a superset of the FQDN option.
FQDN: Enable FQDN based network policies
None: Disable Layer 7 network policies (FQDN, HTTP/S, Kafka)

The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
KnownAgentPoolMode can be used interchangeably with AgentPoolMode, this enum contains the known values that the service supports.

Known values supported by the service

System: System agent pools are primarily for hosting critical system pods such as CoreDNS and metrics-server. System agent pools osType must be Linux. System agent pools VM SKU must have at least 2vCPUs and 4GB of memory.
User: User agent pools are primarily for hosting your application pods.
Gateway: Gateway agent pools are dedicated to providing static egress IPs to pods. For more details, see https://aka.ms/aks/static-egress-gateway.
ManagedSystem: ManagedSystem is a system pool managed by AKS. The pool scales dynamically according to cluster usage, and has additional automated monitoring and healing capabilities. There can only be one ManagedSystem pool, and it is recommended to delete all other system pools for the best experience.
Machines: Machines agent pools are dedicated to hosting machines. Only limited operations, such as creation and deletion, are allowed at the pool level. Please use the machine APIs to manage the full machine lifecycle.

SSH access method of an agent pool.
KnownAgentPoolSSHAccess can be used interchangeably with AgentPoolSSHAccess, this enum contains the known values that the service supports.

Known values supported by the service

LocalUser: Can SSH onto the node as a local user using private key.
Disabled: SSH service will be turned off on the node.
EntraId: SSH to node with EntraId integration. More information can be found under https://aka.ms/aks/ssh/aad

The type of Agent Pool.
KnownAgentPoolType can be used interchangeably with AgentPoolType, this enum contains the known values that the service supports.

Known values supported by the service

VirtualMachineScaleSets: Create an Agent Pool backed by a Virtual Machine Scale Set.
AvailabilitySet: Use of this is strongly discouraged.
VirtualMachines: Create an Agent Pool backed by a Single Instance VM orchestration mode.

The artifact source. The source where the artifacts are downloaded from.
KnownArtifactSource can be used interchangeably with ArtifactSource, this enum contains the known values that the service supports.

Known values supported by the service

Cache: pull images from Azure Container Registry with cache
Direct: pull images from Microsoft Artifact Registry

The supported values for cloud setting as a string literal type

The type of the managed inbound Load Balancer BackendPool.
KnownBackendPoolType can be used interchangeably with BackendPoolType, this enum contains the known values that the service supports.

Known values supported by the service

NodeIPConfiguration: The type of the managed inbound Load Balancer BackendPool. https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#configure-load-balancer-backend.
NodeIP: The type of the managed inbound Load Balancer BackendPool. https://cloud-provider-azure.sigs.k8s.io/topics/loadbalancer/#configure-load-balancer-backend.

The health probing behavior for External Traffic Policy Cluster services.
KnownClusterServiceLoadBalancerHealthProbeMode can be used interchangeably with ClusterServiceLoadBalancerHealthProbeMode, this enum contains the known values that the service supports.

Known values supported by the service

ServiceNodePort: Each External Traffic Policy Cluster service will have its own health probe targeting service nodePort.
Shared: All External Traffic Policy Cluster services in a Standard Load Balancer will have a dedicated health probe targeting the backend nodes' kube-proxy health check port 10256.

Tells whether the cluster is Running or Stopped
KnownCode can be used interchangeably with Code, this enum contains the known values that the service supports.

Known values supported by the service

Running: The cluster is running.
Stopped: The cluster is stopped.

The private link service connection status.
KnownConnectionStatus can be used interchangeably with ConnectionStatus, this enum contains the known values that the service supports.

Known values supported by the service

Pending: Connection is pending approval.
Approved: Connection is approved.
Rejected: Connection is rejected.
Disconnected: Connection is disconnected.

Configures container network logs ingestion with Azure Monitor. Which network logs to ingest is controlled by the CRD found in the following links. No network logs are ingested by default. More information on container network logs can be found at https://aka.ms/ContainerNetworkLogsDoc. More information on configuring container network log can be found at https://aka.ms/acns/howtoenablecnl. If not specified, the default is Disabled.
KnownContainerNetworkLogs can be used interchangeably with ContainerNetworkLogs, this enum contains the known values that the service supports.

Known values supported by the service

Disabled: Azure monitor ingestion of container network logs is disabled
Enabled: Azure monitor ingestion of container network logs is enabled

An interface that describes a page of results.

The kind of entity that created the resource.
KnownCreatedByType can be used interchangeably with CreatedByType, this enum contains the known values that the service supports.

Known values supported by the service

User: The entity was created by a user.
Application: The entity was created by an application.
ManagedIdentity: The entity was created by a managed identity.
Key: The entity was created by a key.

Delete options of a namespace.
KnownDeletePolicy can be used interchangeably with DeletePolicy, this enum contains the known values that the service supports.

Known values supported by the service

Keep: Only delete the ARM resource, keep the Kubernetes namespace. Also delete the ManagedByARM label.
Delete: Delete both the ARM resource and the Kubernetes namespace together.

The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action.
KnownDriftAction can be used interchangeably with DriftAction, this enum contains the known values that the service supports.

Known values supported by the service

Synced: The machine is up to date.
Recreate: The machine has drifted and needs to be deleted and recreated.

Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.
KnownDriverType can be used interchangeably with DriverType, this enum contains the known values that the service supports.

Known values supported by the service

GRID: Install the GRID driver for the GPU, suitable for applications requiring virtualization support.
CUDA: Install the CUDA driver for the GPU, optimized for computational tasks in scientific computing and data-intensive applications.

The expander to use when scaling up. If not specified, the default is 'random'. See expanders for more information.
KnownExpander can be used interchangeably with Expander, this enum contains the known values that the service supports.

Known values supported by the service

least-waste: Selects the node group that will have the least idle CPU (if tied, unused memory) after scale-up. This is useful when you have different classes of nodes, for example, high CPU or high memory nodes, and only want to expand those when there are pending pods that need a lot of those resources.
most-pods: Selects the node group that would be able to schedule the most pods when scaling up. This is useful when you are using nodeSelector to make sure certain pods land on certain nodes. Note that this won't cause the autoscaler to select bigger nodes vs. smaller, as it can add multiple smaller nodes at once.
priority: Selects the node group that has the highest priority assigned by the user. It's configuration is described in more details here.
random: Used when you don't have a particular need for the node groups to scale differently.

The type of extendedLocation.
KnownExtendedLocationTypes can be used interchangeably with ExtendedLocationTypes, this enum contains the known values that the service supports.

Known values supported by the service

EdgeZone: Azure Edge Zone extended location type.

The format of the kubeconfig credential.
KnownFormat can be used interchangeably with Format, this enum contains the known values that the service supports.

Known values supported by the service

azure: Return azure auth-provider kubeconfig. This format is deprecated in v1.22 and will be fully removed in v1.26. See: https://aka.ms/k8s/changes-1-26.
exec: Return exec format kubeconfig. This format requires kubelogin binary in the path.

Whether to install GPU drivers. When it's not specified, default is Install.
KnownGPUDriver can be used interchangeably with GPUDriver, this enum contains the known values that the service supports.

Known values supported by the service

Install: Install driver.
None: Skip driver install.

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
KnownGPUInstanceProfile can be used interchangeably with GPUInstanceProfile, this enum contains the known values that the service supports.

Known values supported by the service

MIG1g: MIG 1g GPU instance profile.
MIG2g: MIG 2g GPU instance profile.
MIG3g: MIG 3g GPU instance profile.
MIG4g: MIG 4g GPU instance profile.
MIG7g: MIG 7g GPU instance profile.

Whether to enable Istio as a Gateway API implementation for managed ingress with App Routing.
KnownGatewayAPIIstioEnabled can be used interchangeably with GatewayAPIIstioEnabled, this enum contains the known values that the service supports.

Known values supported by the service

Enabled: Enables managed ingress via the Gateway API using a sidecar-less Istio controlplane.
Disabled: Disables the sidecar-less istio control plane for managed ingress via the Gateway API.

Whether the version is preview or stable.
KnownGuardrailsSupport can be used interchangeably with GuardrailsSupport, this enum contains the known values that the service supports.

Known values supported by the service

Preview: The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases.
Stable: The version is stable and can be used on critical production clusters.

The provisioning state of the last accepted operation.
KnownIdentityBindingProvisioningState can be used interchangeably with IdentityBindingProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Succeeded: Resource has been created.
Failed: Resource creation failed.
Canceled: Resource creation was canceled.
Creating: The identity binding is being created.
Updating: The identity binding is being updated.
Deleting: The identity binding is being deleted.

Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.
KnownInfrastructureEncryption can be used interchangeably with InfrastructureEncryption, this enum contains the known values that the service supports.

Known values supported by the service

Enabled: Encryption at rest of Kubernetes resource objects using service-managed keys is enabled. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.
Disabled: Encryption at rest of Kubernetes resource objects using service-managed keys is disabled. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.

To determine if address belongs IPv4 or IPv6 family
KnownIpFamily can be used interchangeably with IpFamily, this enum contains the known values that the service supports.

Known values supported by the service

IPv4: IPv4 family
IPv6: IPv6 family

IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.
KnownIpvsScheduler can be used interchangeably with IpvsScheduler, this enum contains the known values that the service supports.

Known values supported by the service

RoundRobin: Round Robin
LeastConnection: Least Connection

Mode of an ingress gateway.
KnownIstioIngressGatewayMode can be used interchangeably with IstioIngressGatewayMode, this enum contains the known values that the service supports.

Known values supported by the service

External: The ingress gateway is assigned a public IP address and is publicly accessible.
Internal: The ingress gateway is assigned an internal IP address and cannot is accessed publicly.

The provisioning state of the last accepted operation.
KnownJWTAuthenticatorProvisioningState can be used interchangeably with JWTAuthenticatorProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Succeeded: Resource has been created.
Failed: Resource creation failed.
Canceled: Resource creation was canceled.
Creating: The JWT authenticator is being created.
Updating: The JWT authenticator is being updated.
Deleting: The JWT authenticator is being deleted.

Network access of the key vault. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.
KnownKeyVaultNetworkAccessTypes can be used interchangeably with KeyVaultNetworkAccessTypes, this enum contains the known values that the service supports.

Known values supported by the service

Public: Key vault allows public access from all networks.
Private: Key vault disables public access and enables private link.

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.
KnownKubeletDiskType can be used interchangeably with KubeletDiskType, this enum contains the known values that the service supports.

Known values supported by the service

OS: Kubelet will use the OS disk for its data.
Temporary: Kubelet will use the temporary disk for its data.

Different support tiers for AKS managed clusters
KnownKubernetesSupportPlan can be used interchangeably with KubernetesSupportPlan, this enum contains the known values that the service supports.

Known values supported by the service

KubernetesOfficial: Support for the version is the same as for the open source Kubernetes offering. Official Kubernetes open source community support versions for 1 year after release.
AKSLongTermSupport: Support for the version extended past the KubernetesOfficial support of 1 year. AKS continues to patch CVEs for another 1 year, for a total of 2 years of support.

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.
KnownLicenseType can be used interchangeably with LicenseType, this enum contains the known values that the service supports.

Known values supported by the service

None: No additional licensing is applied.
Windows_Server: Enables Azure Hybrid User Benefits for Windows VMs.

The load balancer sku for the managed cluster. The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.
KnownLoadBalancerSku can be used interchangeably with LoadBalancerSku, this enum contains the known values that the service supports.

Known values supported by the service

standard: Use a a standard Load Balancer. This is the recommended Load Balancer SKU. For more information about on working with the load balancer in the managed cluster, see the standard Load Balancer article.
basic: Use a basic Load Balancer with limited functionality.

Destination server for DNS queries to be forwarded from localDNS.
KnownLocalDNSForwardDestination can be used interchangeably with LocalDNSForwardDestination, this enum contains the known values that the service supports.

Known values supported by the service

ClusterCoreDNS: Forward DNS queries from localDNS to cluster CoreDNS.
VnetDNS: Forward DNS queries from localDNS to DNS server configured in the VNET. A VNET can have multiple DNS servers configured.

Forward policy for selecting upstream DNS server. See forward plugin for more information.
KnownLocalDNSForwardPolicy can be used interchangeably with LocalDNSForwardPolicy, this enum contains the known values that the service supports.

Known values supported by the service

Sequential: Implements sequential upstream DNS server selection. See forward plugin for more information.
RoundRobin: Implements round robin upstream DNS server selection. See forward plugin for more information.
Random: Implements random upstream DNS server selection. See forward plugin for more information.

Mode of enablement for localDNS.
KnownLocalDNSMode can be used interchangeably with LocalDNSMode, this enum contains the known values that the service supports.

Known values supported by the service

Preferred: If the current orchestrator version supports this feature, prefer enabling localDNS.
Required: Enable localDNS.
Disabled: Disable localDNS.

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.
KnownLocalDNSProtocol can be used interchangeably with LocalDNSProtocol, this enum contains the known values that the service supports.

Known values supported by the service

PreferUDP: Prefer UDP protocol for connections from localDNS to upstream DNS server.
ForceTCP: Enforce TCP protocol for connections from localDNS to upstream DNS server.

Log level for DNS queries in localDNS.
KnownLocalDNSQueryLogging can be used interchangeably with LocalDNSQueryLogging, this enum contains the known values that the service supports.

Known values supported by the service

Error: Enables error logging in localDNS. See errors plugin for more information.
Log: Enables query logging in localDNS. See log plugin for more information.

Policy for serving stale data. See cache plugin for more information.
KnownLocalDNSServeStale can be used interchangeably with LocalDNSServeStale, this enum contains the known values that the service supports.

Known values supported by the service

Verify: Serve stale data with verification. First verify that an entry is still unavailable from the source before sending the expired entry to the client. See cache plugin for more information.
Immediate: Serve stale data immediately. Send the expired entry to the client before checking to see if the entry is available from the source. See cache plugin for more information.
Disable: Disable serving stale data.

System-generated state of localDNS.
KnownLocalDNSState can be used interchangeably with LocalDNSState, this enum contains the known values that the service supports.

Known values supported by the service

Enabled: localDNS is enabled.
Disabled: localDNS is disabled.

The current provisioning state of the pod identity.
KnownManagedClusterPodIdentityProvisioningState can be used interchangeably with ManagedClusterPodIdentityProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Assigned: Pod identity is assigned.
Canceled: Pod identity assignment was canceled.
Deleting: Pod identity is being deleted.
Failed: Pod identity assignment failed.
Succeeded: Pod identity assignment succeeded.
Updating: Pod identity is being updated.

The name of a managed cluster SKU.
KnownManagedClusterSKUName can be used interchangeably with ManagedClusterSKUName, this enum contains the known values that the service supports.

Known values supported by the service

Base: Base option for the AKS control plane.
Automatic: Automatic clusters are optimized to run most production workloads with configuration that follows AKS best practices and recommendations for cluster and workload setup, scalability, and security. For more details about Automatic clusters see aka.ms/aks/automatic.

The tier of a managed cluster SKU. If not specified, the default is 'Free'. See AKS Pricing Tier for more details.
KnownManagedClusterSKUTier can be used interchangeably with ManagedClusterSKUTier, this enum contains the known values that the service supports.

Known values supported by the service

Premium: Cluster has premium capabilities in addition to all of the capabilities included in 'Standard'. Premium enables selection of LongTermSupport (aka.ms/aks/lts) for certain Kubernetes versions.
Standard: Recommended for mission-critical and production workloads. Includes Kubernetes control plane autoscaling, workload-intensive testing, and up to 5,000 nodes per cluster. Guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use Availability Zones and 99.9% of availability for clusters that don't use Availability Zones.
Free: The cluster management is free, but charged for VM, storage, and networking usage. Best for experimenting, learning, simple testing, or workloads with fewer than 10 nodes. Not recommended for production use cases.

Configuration for the managed Gateway API installation. If not specified, the default is 'Disabled'. See https://aka.ms/k8s-gateway-api for more details.
KnownManagedGatewayType can be used interchangeably with ManagedGatewayType, this enum contains the known values that the service supports.

Known values supported by the service

Disabled: Gateway API CRDs will not be reconciled on your cluster.
Standard: The latest Gateway CRD bundle from the standard channel that is compatible with your Kubernetes version will be reconciled onto your cluster. See https://gateway-api.sigs.k8s.io/concepts/versioning/ for more details.

The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu.
KnownManagementMode can be used interchangeably with ManagementMode, this enum contains the known values that the service supports.

Known values supported by the service

Unmanaged: Managed GPU experience is disabled for NVIDIA GPUs.
Managed: Managed GPU experience is enabled for NVIDIA GPUs.

The provisioning state of the last accepted operation.
KnownMeshMembershipProvisioningState can be used interchangeably with MeshMembershipProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Canceled: Resource creation was canceled.
Creating: The Mesh Membership is being created.
Deleting: The Mesh Membership is being deleted.
Failed: Resource creation failed.
Succeeded: Resource has been created.
Updating: The Mesh Membership is being updated.

Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None.
KnownMigStrategy can be used interchangeably with MigStrategy, this enum contains the known values that the service supports.

Known values supported by the service

None: Don't set a MIG strategy. If you previously had one set, this will override it and set remove the set MIG strategy.
Single: Set the MIG strategy for managed MIG as single.
Mixed: Set the MIG strategy for managed MIG as mixed.

Specify which proxy mode to use ('IPTABLES', 'IPVS' or 'NFTABLES')
KnownMode can be used interchangeably with Mode, this enum contains the known values that the service supports.

Known values supported by the service

IPTABLES: IPTables proxy mode
IPVS: IPVS proxy mode. Must be using Kubernetes version >= 1.22.
NFTABLES: NFTables proxy mode. Must be using Kubernetes version >= 1.33.

The current provisioning state of the namespace.
KnownNamespaceProvisioningState can be used interchangeably with NamespaceProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Updating: The namespace is being updated.
Deleting: The namespace is being deleted.
Creating: The namespace is being created.
Succeeded: The namespace provisioning succeeded.
Failed: The namespace provisioning failed.
Canceled: The namespace provisioning was canceled.

Network dataplane used in the Kubernetes cluster.
KnownNetworkDataplane can be used interchangeably with NetworkDataplane, this enum contains the known values that the service supports.

Known values supported by the service

azure: Use Azure network dataplane.
cilium: Use Cilium network dataplane. See Azure CNI Powered by Cilium for more information.

The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than 'azure'.
KnownNetworkMode can be used interchangeably with NetworkMode, this enum contains the known values that the service supports.

Known values supported by the service

transparent: No bridge is created. Intra-VM Pod to Pod communication is through IP routes created by Azure CNI. See Transparent Mode for more information.
bridge: This is no longer supported

Network plugin used for building the Kubernetes network.
KnownNetworkPlugin can be used interchangeably with NetworkPlugin, this enum contains the known values that the service supports.

Known values supported by the service

azure: Use the Azure CNI network plugin. See Azure CNI (advanced) networking for more information.
kubenet: Use the Kubenet network plugin. See Kubenet (basic) networking for more information.
none: No CNI plugin is pre-installed. See BYO CNI for more information.

The mode the network plugin should use.
KnownNetworkPluginMode can be used interchangeably with NetworkPluginMode, this enum contains the known values that the service supports.

Known values supported by the service

overlay: Used with networkPlugin=azure, pods are given IPs from the PodCIDR address space but use Azure Routing Domains rather than Kubenet's method of route tables. For more information visit https://aka.ms/aks/azure-cni-overlay.

Network policy used for building the Kubernetes network.
KnownNetworkPolicy can be used interchangeably with NetworkPolicy, this enum contains the known values that the service supports.

Known values supported by the service

none: Network policies will not be enforced. This is the default value when NetworkPolicy is not specified.
calico: Use Calico network policies. See differences between Azure and Calico policies for more information.
azure: Use Azure network policies. See differences between Azure and Calico policies for more information.
cilium: Use Cilium to enforce network policies. This requires networkDataplane to be 'cilium'.

Ingress type for the default NginxIngressController custom resource
KnownNginxIngressControllerType can be used interchangeably with NginxIngressControllerType, this enum contains the known values that the service supports.

Known values supported by the service

AnnotationControlled: The default NginxIngressController will be created. Users can edit the default NginxIngressController Custom Resource to configure load balancer annotations.
External: The default NginxIngressController will be created and the operator will provision an external loadbalancer with it. Any annotation to make the default loadbalancer internal will be overwritten.
Internal: The default NginxIngressController will be created and the operator will provision an internal loadbalancer with it. Any annotation to make the default loadbalancer external will be overwritten.
None: The default Ingress Controller will not be created. It will not be deleted by the system if it exists. Users should delete the default NginxIngressController Custom Resource manually if desired.

Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.
KnownNodeOSUpgradeChannel can be used interchangeably with NodeOSUpgradeChannel, this enum contains the known values that the service supports.

Known values supported by the service

None: No attempt to update your machines OS will be made either by OS or by rolling VHDs. This means you are responsible for your security updates
Unmanaged: OS updates will be applied automatically through the OS built-in patching infrastructure. Newly scaled in machines will be unpatched initially and will be patched at some point by the OS's infrastructure. Behavior of this option depends on the OS in question. Ubuntu and Mariner apply security patches through unattended upgrade roughly once a day around 06:00 UTC. Windows does not apply security patches automatically and so for them this option is equivalent to None till further notice
NodeImage: AKS will update the nodes with a newly patched VHD containing security fixes and bugfixes on a weekly cadence. With the VHD update machines will be rolling reimaged to that VHD following maintenance windows and surge settings. No extra VHD cost is incurred when choosing this option as AKS hosts the images.
SecurityPatch: AKS downloads and updates the nodes with tested security updates. These updates honor the maintenance window settings and produce a new VHD that is used on new nodes. On some occasions it's not possible to apply the updates in place, in such cases the existing nodes will also be re-imaged to the newly produced VHD in order to apply the changes. This option incurs an extra cost of hosting the new Security Patch VHDs in your resource group for just in time consumption.

The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, the default is Auto. For more information see aka.ms/aks/nap#node-pools.
KnownNodeProvisioningDefaultNodePools can be used interchangeably with NodeProvisioningDefaultNodePools, this enum contains the known values that the service supports.

Known values supported by the service

None: No Karpenter NodePools are provisioned automatically. Automatic scaling will not happen unless the user creates one or more NodePool CRD instances.
Auto: A standard set of Karpenter NodePools are provisioned

The node provisioning mode. If not specified, the default is Manual.
KnownNodeProvisioningMode can be used interchangeably with NodeProvisioningMode, this enum contains the known values that the service supports.

Known values supported by the service

Manual: Nodes are provisioned manually by the user
Auto: Nodes are provisioned automatically by AKS using Karpenter (See aka.ms/aks/nap for more details). Fixed size Node Pools can still be created, but autoscaling Node Pools cannot be. (See aka.ms/aks/nap for more details).

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.
KnownOSDiskType can be used interchangeably with OSDiskType, this enum contains the known values that the service supports.

Known values supported by the service

Managed: Azure replicates the operating system disk for a virtual machine to Azure storage to avoid data loss should the VM need to be relocated to another host. Since containers aren't designed to have local state persisted, this behavior offers limited value while providing some drawbacks, including slower node provisioning and higher read/write latency.
Ephemeral: Ephemeral OS disks are stored only on the host machine, just like a temporary disk. This provides lower read/write latency, along with faster node scaling and cluster upgrades.

The operating system type. The default is Linux.
KnownOSType can be used interchangeably with OSType, this enum contains the known values that the service supports.

Known values supported by the service

Linux: Use Linux.
Windows: Use Windows.

operator represents a key's relationship to a set of values. Valid operators are In and NotIn
KnownOperator can be used interchangeably with Operator, this enum contains the known values that the service supports.

Known values supported by the service

In: The value of the key should be in the given list.
NotIn: The value of the key should not be in the given list.
Exists: The value of the key should exist.
DoesNotExist: The value of the key should not exist.

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.
KnownOssku can be used interchangeably with Ossku, this enum contains the known values that the service supports.

Known values supported by the service

Ubuntu: Use Ubuntu as the OS for node images.
AzureLinux: Use AzureLinux as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https://aka.ms/azurelinux for more information.
AzureLinux3: Use AzureLinux3 as the OS for node images. Azure Linux is a container-optimized Linux distro built by Microsoft, visit https://aka.ms/azurelinux for more information. For limitations, visit https://aka.ms/aks/node-images. For OS migration guidance, see https://aka.ms/aks/upgrade-os-version.
Mariner: Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead.
Flatcar: Use Flatcar Container Linux as the OS for node images. Flatcar is a container-optimized, security-focused Linux OS, with an immutable filesystem and part of the Cloud Native Computing Foundation (CNCF). For more information about Flatcar Container Linux for AKS, see aka.ms/aks/flatcar-container-linux-for-aks
CBLMariner: Deprecated OSSKU. Microsoft recommends that new deployments choose 'AzureLinux' instead.
Windows2019: Use Windows2019 as the OS for node images. Unsupported for system node pools. Windows2019 only supports Windows2019 containers; it cannot run Windows2022 containers and vice versa.
Windows2022: Use Windows2022 as the OS for node images. Unsupported for system node pools. Windows2022 only supports Windows2022 containers; it cannot run Windows2019 containers and vice versa.
Ubuntu2204: Use Ubuntu2204 as the OS for node images, however, Ubuntu 22.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see https://aka.ms/aks/supported-ubuntu-versions
Windows2025: Use Windows2025 as the OS for node images. Unsupported for system node pools. Windows2025 supports Windows2022 and Windows 2025 containers; it cannot run Windows2019 containers and vice versa.
WindowsAnnual: Use Windows Annual Channel version as the OS for node images. Unsupported for system node pools. Details about supported container images and kubernetes versions under different AKS Annual Channel versions could be seen in https://aka.ms/aks/windows-annual-channel-details.
Ubuntu2404: Use Ubuntu2404 as the OS for node images, however, Ubuntu 24.04 may not be supported for all nodepools. For limitations and supported kubernetes versions, see see https://aka.ms/aks/supported-ubuntu-versions

The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.
KnownOutboundType can be used interchangeably with OutboundType, this enum contains the known values that the service supports.

Known values supported by the service

loadBalancer: The load balancer is used for egress through an AKS assigned public IP. This supports Kubernetes services of type 'loadBalancer'. For more information see outbound type loadbalancer.
userDefinedRouting: Egress paths must be defined by the user. This is an advanced scenario and requires proper network configuration. For more information see outbound type userDefinedRouting.
managedNATGateway: The AKS-managed NAT gateway is used for egress.
managedNATGatewayV2: The AKS-managed NAT gateway V2 is used for egress.
userAssignedNATGateway: The user-assigned NAT gateway associated to the cluster subnet is used for egress. This is an advanced scenario and requires proper network configuration.
none: The AKS cluster is not set with any outbound-type. All AKS nodes follows Azure VM default outbound behavior. Please refer to https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access/

Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'.
KnownPodIPAllocationMode can be used interchangeably with PodIPAllocationMode, this enum contains the known values that the service supports.

Known values supported by the service

DynamicIndividual: Each node gets allocated with a non-contiguous list of IP addresses assignable to pods. This is better for maximizing a small to medium subnet of size /16 or smaller. The Azure CNI cluster with dynamic IP allocation defaults to this mode if the customer does not explicitly specify a podIPAllocationMode
StaticBlock: Each node is statically allocated CIDR block(s) of size /28 = 16 IPs per block to satisfy the maxPods per node. Number of CIDR blocks >= (maxPods / 16). The block, rather than a single IP, counts against the Azure Vnet Private IP limit of 65K. Therefore block mode is suitable for running larger workloads with more than the current limit of 65K pods in a cluster. This mode is better suited to scale with larger subnets of /15 or bigger

Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is 'IMDS'.
KnownPodLinkLocalAccess can be used interchangeably with PodLinkLocalAccess, this enum contains the known values that the service supports.

Known values supported by the service

IMDS: Pods with hostNetwork=false can access Azure Instance Metadata Service (IMDS) without restriction.
None: Pods with hostNetwork=false cannot access Azure Instance Metadata Service (IMDS).

Enum representing different network policy rules.
KnownPolicyRule can be used interchangeably with PolicyRule, this enum contains the known values that the service supports.

Known values supported by the service

DenyAll: Deny all network traffic.
AllowAll: Allow all network traffic.
AllowSameNamespace: Allow traffic within the same namespace.

The current provisioning state.
KnownPrivateEndpointConnectionProvisioningState can be used interchangeably with PrivateEndpointConnectionProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Canceled: Private endpoint connection provisioning was canceled.
Creating: Private endpoint connection is being created.
Deleting: Private endpoint connection is being deleted.
Failed: Private endpoint connection provisioning failed.
Succeeded: Private endpoint connection provisioning succeeded.

The network protocol of the port.
KnownProtocol can be used interchangeably with Protocol, this enum contains the known values that the service supports.

Known values supported by the service

TCP: TCP protocol.
UDP: UDP protocol.

Mode of traffic redirection.
KnownProxyRedirectionMechanism can be used interchangeably with ProxyRedirectionMechanism, this enum contains the known values that the service supports.

Known values supported by the service

InitContainers: Istio will inject an init container into each pod to redirect traffic (requires NET_ADMIN and NET_RAW).
CNIChaining: Istio will install a chained CNI plugin to redirect traffic (recommended).

PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS
KnownPublicNetworkAccess can be used interchangeably with PublicNetworkAccess, this enum contains the known values that the service supports.

Known values supported by the service

Enabled: Inbound/Outbound to the managedCluster is allowed.
Disabled: Inbound traffic to managedCluster is disabled, traffic from managedCluster is allowed.
SecuredByPerimeter: Inbound/Outbound traffic is managed by Microsoft.Network/NetworkSecurityPerimeters.

The type of identity used for the managed cluster. For more information see use managed identities in AKS.
KnownResourceIdentityType can be used interchangeably with ResourceIdentityType, this enum contains the known values that the service supports.

Known values supported by the service

SystemAssigned: Use an implicitly created system assigned managed identity to manage cluster resources. Master components in the control plane such as kube-controller-manager will use the system assigned managed identity to manipulate Azure resources.
UserAssigned: Use a user-specified identity to manage cluster resources. Master components in the control plane such as kube-controller-manager will use the specified user assigned managed identity to manipulate Azure resources.
None: Do not use a managed identity for the Managed Cluster, service principal will be used instead.

The scale type applicable to the sku.
KnownResourceSkuCapacityScaleType can be used interchangeably with ResourceSkuCapacityScaleType, this enum contains the known values that the service supports.

Known values supported by the service

Automatic: Automatic scaling
Manual: Manual scaling
None: No scaling

The reason for restriction.
KnownResourceSkuRestrictionsReasonCode can be used interchangeably with ResourceSkuRestrictionsReasonCode, this enum contains the known values that the service supports.

Known values supported by the service

QuotaId: Quota ID restriction
NotAvailableForSubscription: Not available for subscription

The type of restrictions.
KnownResourceSkuRestrictionsType can be used interchangeably with ResourceSkuRestrictionsType, this enum contains the known values that the service supports.

Known values supported by the service

Location: Location restriction
Zone: Zone restriction

The restriction level applied to the cluster's node resource group. If not specified, the default is 'Unrestricted'
KnownRestrictionLevel can be used interchangeably with RestrictionLevel, this enum contains the known values that the service supports.

Known values supported by the service

Unrestricted: All RBAC permissions are allowed on the managed node resource group
ReadOnly: Only */read RBAC permissions allowed on the managed node resource group

Whether the version is preview or stable.
KnownSafeguardsSupport can be used interchangeably with SafeguardsSupport, this enum contains the known values that the service supports.

Known values supported by the service

Preview: The version is preview. It is not recommended to use preview versions on critical production clusters. The preview version may not support all use-cases.
Stable: The version is stable and can be used on critical production clusters.

Describes how VMs are added to or removed from Agent Pools. See billing states.
KnownScaleDownMode can be used interchangeably with ScaleDownMode, this enum contains the known values that the service supports.

Known values supported by the service

Delete: Create new instances during scale up and remove instances during scale down.
Deallocate: Attempt to start deallocated instances (if they exist) during scale up and deallocate instances during scale down.

The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs
KnownScaleSetEvictionPolicy can be used interchangeably with ScaleSetEvictionPolicy, this enum contains the known values that the service supports.

Known values supported by the service

Delete: Nodes in the underlying Scale Set of the node pool are deleted when they're evicted.
Deallocate: Nodes in the underlying Scale Set of the node pool are set to the stopped-deallocated state upon eviction. Nodes in the stopped-deallocated state count against your compute quota and can cause issues with cluster scaling or upgrading.

The Virtual Machine Scale Set priority.
KnownScaleSetPriority can be used interchangeably with ScaleSetPriority, this enum contains the known values that the service supports.

Known values supported by the service

Spot: Spot priority VMs will be used. There is no SLA for spot nodes. See spot on AKS for more information.
Regular: Regular VMs will be used.

The config customization mode for this scheduler instance.
KnownSchedulerConfigMode can be used interchangeably with SchedulerConfigMode, this enum contains the known values that the service supports.

Known values supported by the service

Default: No config customization. Use default configuration.
ManagedByCRD: Enable config customization. Customer can specify scheduler configuration via a CRD. See aka.ms/aks/scheduler-crd for details.

Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default.
KnownSeccompDefault can be used interchangeably with SeccompDefault, this enum contains the known values that the service supports.

Known values supported by the service

Unconfined: No seccomp profile is applied, allowing all system calls.
RuntimeDefault: The default seccomp profile for container runtime is applied, which restricts certain system calls for enhanced security.

Mode of the service mesh.
KnownServiceMeshMode can be used interchangeably with ServiceMeshMode, this enum contains the known values that the service supports.

Known values supported by the service

Istio: Istio deployed as an AKS addon.
Disabled: Mesh is disabled.

The type of a snapshot. The default is NodePool.
KnownSnapshotType can be used interchangeably with SnapshotType, this enum contains the known values that the service supports.

Known values supported by the service

NodePool: The snapshot is a snapshot of a node pool.
ManagedCluster: The snapshot is a snapshot of a managed cluster.

Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None.
KnownTransitEncryptionType can be used interchangeably with TransitEncryptionType, this enum contains the known values that the service supports.

Known values supported by the service

WireGuard: Enable WireGuard encryption. Refer to https://docs.cilium.io/en/latest/security/network/encryption-wireguard/ on use cases and implementation details
mTLS: Enables mTLS authentication and encryption for pod-to-pod traffic within the cluster. Refer to https://aka.ms/acnsciliummtls for relevant documentation.
None: Disable Transit encryption

The current provisioning state of trusted access role binding.
KnownTrustedAccessRoleBindingProvisioningState can be used interchangeably with TrustedAccessRoleBindingProvisioningState, this enum contains the known values that the service supports.

Known values supported by the service

Canceled: Trusted access role binding provisioning was canceled.
Deleting: Trusted access role binding is being deleted.
Failed: Trusted access role binding provisioning failed.
Succeeded: Trusted access role binding provisioning succeeded.
Updating: Trusted access role binding is being updated.

The week index. Specifies on which week of the month the dayOfWeek applies.
KnownType can be used interchangeably with Type, this enum contains the known values that the service supports.

Known values supported by the service

First: First week of the month.
Second: Second week of the month.
Third: Third week of the month.
Fourth: Fourth week of the month.
Last: Last week of the month.

Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes.
KnownUndrainableNodeBehavior can be used interchangeably with UndrainableNodeBehavior, this enum contains the known values that the service supports.

Known values supported by the service

Cordon: AKS will cordon the blocked nodes and replace them with surge nodes during upgrade. The blocked nodes will be cordoned and replaced by surge nodes. The blocked nodes will have label 'kubernetes.azure.com/upgrade-status:Quarantined'. A surge node will be retained for each blocked node. A best-effort attempt will be made to delete all other surge nodes. If there are enough surge nodes to replace blocked nodes, then the upgrade operation and the managed cluster will be in failed state. Otherwise, the upgrade operation and the managed cluster will be in canceled state.
Schedule: AKS will mark the blocked nodes schedulable, but the blocked nodes are not upgraded. A best-effort attempt will be made to delete all surge nodes. The upgrade operation and the managed cluster will be in failed state if there are any blocked nodes.

The upgrade channel for auto upgrade. The default is 'none'. For more information see setting the AKS cluster auto-upgrade channel.
KnownUpgradeChannel can be used interchangeably with UpgradeChannel, this enum contains the known values that the service supports.

Known values supported by the service

rapid: Automatically upgrade the cluster to the latest supported patch release on the latest supported minor version. In cases where the cluster is at a version of Kubernetes that is at an N-2 minor version where N is the latest supported minor version, the cluster first upgrades to the latest supported patch version on N-1 minor version. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster first is upgraded to 1.18.6, then is upgraded to 1.19.1.
stable: Automatically upgrade the cluster to the latest supported patch release on minor version N-1, where N is the latest supported minor version. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster is upgraded to 1.18.6.
patch: Automatically upgrade the cluster to the latest supported patch version when it becomes available while keeping the minor version the same. For example, if a cluster is running version 1.17.7 and versions 1.17.9, 1.18.4, 1.18.6, and 1.19.1 are available, your cluster is upgraded to 1.17.9.
node-image: Automatically upgrade the node image to the latest version available. Consider using nodeOSUpgradeChannel instead as that allows you to configure node OS patching separate from Kubernetes version patching
none: Disables auto-upgrades and keeps the cluster at its current version of Kubernetes.

Defines the upgrade strategy for the agent pool. The default is Rolling.
KnownUpgradeStrategy can be used interchangeably with UpgradeStrategy, this enum contains the known values that the service supports.

Known values supported by the service

Rolling: Specifies that the agent pool will conduct rolling upgrade. This is the default upgrade strategy.
BlueGreen: Specifies that the agent pool will conduct blue-green upgrade.

Virtual machine state. Indicates the current state of the underlying virtual machine.
KnownVmState can be used interchangeably with VmState, this enum contains the known values that the service supports.

Known values supported by the service

Running: The virtual machine is currently running.
Deleted: The virtual machine has been deleted by the user or due to spot eviction.

The weekday enum.
KnownWeekDay can be used interchangeably with WeekDay, this enum contains the known values that the service supports.

Known values supported by the service

Sunday: Represents Sunday.
Monday: Represents Monday.
Tuesday: Represents Tuesday.
Wednesday: Represents Wednesday.
Thursday: Represents Thursday.
Friday: Represents Friday.
Saturday: Represents Saturday.

Determines the type of workload a node can run.
KnownWorkloadRuntime can be used interchangeably with WorkloadRuntime, this enum contains the known values that the service supports.

Known values supported by the service

OCIContainer: Nodes will use Kubelet to run standard OCI container workloads.
WasmWasi: Nodes will use Krustlet to run WASM workloads using the WASI provider (Preview).
KataMshvVmIsolation: Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods (Preview). Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series. This naming convention will be deprecated in future releases in favor of KataVmIsolation.
KataVmIsolation: Nodes can use (Kata + Cloud Hypervisor + Hyper-V) to enable Nested VM-based pods. Due to the use Hyper-V, AKS node OS itself is a nested VM (the root OS) of Hyper-V. Thus it can only be used with VM series that support Nested Virtualization such as Dv3 series.

An enum to describe Azure Cloud environments.

Enable advanced network acceleration options. This allows users to configure acceleration using BPF host routing. This can be enabled only with Cilium dataplane. If not specified, the default value is None (no acceleration). The acceleration mode can be changed on a pre-existing cluster. See https://aka.ms/acnsperformance for a detailed explanation

Whether VPA add-on is enabled and configured to scale AKS-managed add-ons.

Action if Kubernetes namespace with same name already exists.

Enable advanced network policies. This allows users to configure Layer 7 network policies (FQDN, HTTP, Kafka). Policies themselves must be configured via the Cilium Network Policy resources, see https://docs.cilium.io/en/latest/security/policy/index.html. This can be enabled only on cilium-based clusters. If not specified, the default value is FQDN if security.enabled is set to true.

The mode of an agent pool. A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools

SSH access method of an agent pool.

The type of Agent Pool.

The artifact source. The source where the artifacts are downloaded from.

The type of the managed inbound Load Balancer BackendPool.

The health probing behavior for External Traffic Policy Cluster services.

Tells whether the cluster is Running or Stopped

The private link service connection status.

Configures container network logs ingestion with Azure Monitor. Which network logs to ingest is controlled by the CRD found in the following links. No network logs are ingested by default. More information on container network logs can be found at https://aka.ms/ContainerNetworkLogsDoc. More information on configuring container network log can be found at https://aka.ms/acns/howtoenablecnl. If not specified, the default is Disabled.

The kind of entity that created the resource.

Delete options of a namespace.

The drift action of the machine. Indicates whether a machine has deviated from its expected state due to changes in managed cluster properties, requiring corrective action.

Specify the type of GPU driver to install when creating Windows agent pools. If not provided, AKS selects the driver based on system compatibility. This cannot be changed once the AgentPool has been created. This cannot be set on Linux AgentPools. For Linux AgentPools, the driver is selected based on system compatibility.

The expander to use when scaling up. If not specified, the default is 'random'. See expanders for more information.

The type of extendedLocation.

The format of the kubeconfig credential.

Whether to install GPU drivers. When it's not specified, default is Install.

GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.

Whether to enable Istio as a Gateway API implementation for managed ingress with App Routing.

Whether the version is preview or stable.

The provisioning state of the last accepted operation.

Whether to enable encryption at rest of Kubernetes resource objects using service-managed keys. More information on this can be found under https://aka.ms/aks/kubernetesResourceObjectEncryption.

To determine if address belongs IPv4 or IPv6 family

IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.

Mode of an ingress gateway.

The provisioning state of the last accepted operation.

Network access of the key vault. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public.

Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage.

Different support tiers for AKS managed clusters

The license type to use for Windows VMs. See Azure Hybrid User Benefits for more details.

The load balancer sku for the managed cluster. The default is 'standard'. See Azure Load Balancer SKUs for more information about the differences between load balancer SKUs.

Destination server for DNS queries to be forwarded from localDNS.

Forward policy for selecting upstream DNS server. See forward plugin for more information.

Mode of enablement for localDNS.

Enforce TCP or prefer UDP protocol for connections from localDNS to upstream DNS server.

Log level for DNS queries in localDNS.

Policy for serving stale data. See cache plugin for more information.

System-generated state of localDNS.

The current provisioning state of the pod identity.

The name of a managed cluster SKU.

The tier of a managed cluster SKU. If not specified, the default is 'Free'. See AKS Pricing Tier for more details.

Configuration for the managed Gateway API installation. If not specified, the default is 'Disabled'. See https://aka.ms/k8s-gateway-api for more details.

The Managed GPU experience installs additional components, such as the Data Center GPU Manager (DCGM) metrics for monitoring, on top of the GPU driver for you. For more details of what is installed, check out aka.ms/aks/managed-gpu.

The provisioning state of the last accepted operation.

Sets the MIG (Multi-Instance GPU) strategy that will be used for managed MIG support. For more information about the different strategies, visit aka.ms/aks/managed-gpu. When not specified, the default is None.

Specify which proxy mode to use ('IPTABLES', 'IPVS' or 'NFTABLES')

The current provisioning state of the namespace.

Network dataplane used in the Kubernetes cluster.

The network mode Azure CNI is configured with. This cannot be specified if networkPlugin is anything other than 'azure'.

Network plugin used for building the Kubernetes network.

The mode the network plugin should use.

Network policy used for building the Kubernetes network.

Ingress type for the default NginxIngressController custom resource

Node OS Upgrade Channel. Manner in which the OS on your nodes is updated. The default is NodeImage.

The set of default Karpenter NodePools (CRDs) configured for node provisioning. This field has no effect unless mode is 'Auto'. Warning: Changing this from Auto to None on an existing cluster will cause the default Karpenter NodePools to be deleted, which will drain and delete the nodes associated with those pools. It is strongly recommended to not do this unless there are idle nodes ready to take the pods evicted by that action. If not specified, the default is Auto. For more information see aka.ms/aks/nap#node-pools.

The node provisioning mode. If not specified, the default is Manual.

The OS disk type to be used for machines in the agent pool. The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to 'Managed'. May not be changed after creation. For more information see Ephemeral OS.

The operating system type. The default is Linux.

operator represents a key's relationship to a set of values. Valid operators are In and NotIn

Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows.

The outbound (egress) routing method. This can only be set at cluster creation time and cannot be changed later. For more information see egress outbound type.

Pod IP Allocation Mode. The IP allocation mode for pods in the agent pool. Must be used with podSubnetId. The default is 'DynamicIndividual'.

Defines access to special link local addresses (Azure Instance Metadata Service, aka IMDS) for pods with hostNetwork=false. If not specified, the default is 'IMDS'.

Enum representing different network policy rules.

The current provisioning state.

The network protocol of the port.

Mode of traffic redirection.

PublicNetworkAccess of the managedCluster. Allow or deny public network access for AKS

The type of identity used for the managed cluster. For more information see use managed identities in AKS.

The scale type applicable to the sku.

The reason for restriction.

The type of restrictions.

The restriction level applied to the cluster's node resource group. If not specified, the default is 'Unrestricted'

Whether the version is preview or stable.

Describes how VMs are added to or removed from Agent Pools. See billing states.

The Virtual Machine Scale Set eviction policy. The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs

The Virtual Machine Scale Set priority.

The config customization mode for this scheduler instance.

Specifies the default seccomp profile applied to all workloads. If not specified, 'Unconfined' will be used by default.

Mode of the service mesh.

The type of a snapshot. The default is NodePool.

Configures pod-to-pod encryption. This can be enabled only on Cilium-based clusters. If not specified, the default value is None.

The current provisioning state of trusted access role binding.

The week index. Specifies on which week of the month the dayOfWeek applies.

Defines the behavior for undrainable nodes during upgrade. The most common cause of undrainable nodes is Pod Disruption Budgets (PDBs), but other issues, such as pod termination grace period is exceeding the remaining per-node drain timeout or pod is still being in a running state, can also cause undrainable nodes.

The upgrade channel for auto upgrade. The default is 'none'. For more information see setting the AKS cluster auto-upgrade channel.

Defines the upgrade strategy for the agent pool. The default is Rolling.

The available API versions.

Virtual machine state. Indicates the current state of the underlying virtual machine.

The weekday enum.

Determines the type of workload a node can run.

Creates a poller from the serialized state of another poller. This can be useful when you want to create pollers on a different host or a poller needs to be constructed after the original one is not in scope.