v2/api/containerservice/v1api20230202preview/managed_cluster_spec_arm_types_gen.go

// Code generated by azure-service-operator-codegen. DO NOT EDIT.
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
package v1api20230202preview

import "github.com/Azure/azure-service-operator/v2/pkg/genruntime"

type ManagedCluster_Spec_ARM struct {
	// ExtendedLocation: The extended location of the Virtual Machine.
	ExtendedLocation *ExtendedLocation_ARM `json:"extendedLocation,omitempty"`

	// Identity: The identity of the managed cluster, if configured.
	Identity *ManagedClusterIdentity_ARM `json:"identity,omitempty"`

	// Location: The geo-location where the resource lives
	Location *string `json:"location,omitempty"`
	Name     string  `json:"name,omitempty"`

	// Properties: Properties of a managed cluster.
	Properties *ManagedClusterProperties_ARM `json:"properties,omitempty"`

	// Sku: The managed cluster SKU.
	Sku *ManagedClusterSKU_ARM `json:"sku,omitempty"`

	// Tags: Resource tags.
	Tags map[string]string `json:"tags"`
}

var _ genruntime.ARMResourceSpec = &ManagedCluster_Spec_ARM{}

// GetAPIVersion returns the ARM API version of the resource. This is always "2023-02-02-preview"
func (cluster ManagedCluster_Spec_ARM) GetAPIVersion() string {
	return string(APIVersion_Value)
}

// GetName returns the Name of the resource
func (cluster *ManagedCluster_Spec_ARM) GetName() string {
	return cluster.Name
}

// GetType returns the ARM Type of the resource. This is always "Microsoft.ContainerService/managedClusters"
func (cluster *ManagedCluster_Spec_ARM) GetType() string {
	return "Microsoft.ContainerService/managedClusters"
}

// The complex type of the extended location.
type ExtendedLocation_ARM struct {
	// Name: The name of the extended location.
	Name *string `json:"name,omitempty"`

	// Type: The type of the extended location.
	Type *ExtendedLocationType `json:"type,omitempty"`
}

// Identity for the managed cluster.
type ManagedClusterIdentity_ARM struct {
	// Type: For more information see [use managed identities in
	// AKS](https://docs.microsoft.com/azure/aks/use-managed-identity).
	Type                   *ManagedClusterIdentity_Type               `json:"type,omitempty"`
	UserAssignedIdentities map[string]UserAssignedIdentityDetails_ARM `json:"userAssignedIdentities,omitempty"`
}

// Properties of the managed cluster.
type ManagedClusterProperties_ARM struct {
	// AadProfile: The Azure Active Directory configuration.
	AadProfile *ManagedClusterAADProfile_ARM `json:"aadProfile,omitempty"`

	// AddonProfiles: The profile of managed cluster add-on.
	AddonProfiles map[string]ManagedClusterAddonProfile_ARM `json:"addonProfiles"`

	// AgentPoolProfiles: The agent pool properties.
	AgentPoolProfiles []ManagedClusterAgentPoolProfile_ARM `json:"agentPoolProfiles"`

	// ApiServerAccessProfile: The access profile for managed cluster API server.
	ApiServerAccessProfile *ManagedClusterAPIServerAccessProfile_ARM `json:"apiServerAccessProfile,omitempty"`

	// AutoScalerProfile: Parameters to be applied to the cluster-autoscaler when enabled
	AutoScalerProfile *ManagedClusterProperties_AutoScalerProfile_ARM `json:"autoScalerProfile,omitempty"`

	// AutoUpgradeProfile: The auto upgrade configuration.
	AutoUpgradeProfile *ManagedClusterAutoUpgradeProfile_ARM `json:"autoUpgradeProfile,omitempty"`

	// AzureMonitorProfile: Prometheus addon profile for the container service cluster
	AzureMonitorProfile *ManagedClusterAzureMonitorProfile_ARM `json:"azureMonitorProfile,omitempty"`

	// CreationData: CreationData to be used to specify the source Snapshot ID if the cluster will be created/upgraded using a
	// snapshot.
	CreationData *CreationData_ARM `json:"creationData,omitempty"`

	// DisableLocalAccounts: If set to true, getting static credentials will be disabled for this cluster. This must only be
	// used on Managed Clusters that are AAD enabled. For more details see [disable local
	// accounts](https://docs.microsoft.com/azure/aks/managed-aad#disable-local-accounts-preview).
	DisableLocalAccounts *bool   `json:"disableLocalAccounts,omitempty"`
	DiskEncryptionSetID  *string `json:"diskEncryptionSetID,omitempty"`

	// DnsPrefix: This cannot be updated once the Managed Cluster has been created.
	DnsPrefix *string `json:"dnsPrefix,omitempty"`

	// EnableNamespaceResources: The default value is false. It can be enabled/disabled on creation and updating of the managed
	// cluster. See [https://aka.ms/NamespaceARMResource](https://aka.ms/NamespaceARMResource) for more details on Namespace as
	// a ARM Resource.
	EnableNamespaceResources *bool `json:"enableNamespaceResources,omitempty"`

	// EnablePodSecurityPolicy: (DEPRECATED) Whether to enable Kubernetes pod security policy (preview). PodSecurityPolicy was
	// deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25. Learn more at https://aka.ms/k8s/psp and
	// https://aka.ms/aks/psp.
	EnablePodSecurityPolicy *bool `json:"enablePodSecurityPolicy,omitempty"`

	// EnableRBAC: Whether to enable Kubernetes Role-Based Access Control.
	EnableRBAC *bool `json:"enableRBAC,omitempty"`

	// FqdnSubdomain: This cannot be updated once the Managed Cluster has been created.
	FqdnSubdomain *string `json:"fqdnSubdomain,omitempty"`

	// GuardrailsProfile: The guardrails profile holds all the guardrails information for a given cluster
	GuardrailsProfile *GuardrailsProfile_ARM `json:"guardrailsProfile,omitempty"`

	// HttpProxyConfig: Configurations for provisioning the cluster with HTTP proxy servers.
	HttpProxyConfig *ManagedClusterHTTPProxyConfig_ARM `json:"httpProxyConfig,omitempty"`

	// IdentityProfile: Identities associated with the cluster.
	IdentityProfile map[string]UserAssignedIdentity_ARM `json:"identityProfile"`

	// IngressProfile: Ingress profile for the managed cluster.
	IngressProfile *ManagedClusterIngressProfile_ARM `json:"ingressProfile,omitempty"`

	// KubernetesVersion: When you upgrade a supported AKS cluster, Kubernetes minor versions cannot be skipped. All upgrades
	// must be performed sequentially by major version number. For example, upgrades between 1.14.x -> 1.15.x or 1.15.x ->
	// 1.16.x are allowed, however 1.14.x -> 1.16.x is not allowed. See [upgrading an AKS
	// cluster](https://docs.microsoft.com/azure/aks/upgrade-cluster) for more details.
	KubernetesVersion *string `json:"kubernetesVersion,omitempty"`

	// LinuxProfile: The profile for Linux VMs in the Managed Cluster.
	LinuxProfile *ContainerServiceLinuxProfile_ARM `json:"linuxProfile,omitempty"`

	// NetworkProfile: The network configuration profile.
	NetworkProfile *ContainerServiceNetworkProfile_ARM `json:"networkProfile,omitempty"`

	// NodeResourceGroup: The name of the resource group containing agent pool nodes.
	NodeResourceGroup *string `json:"nodeResourceGroup,omitempty"`

	// NodeResourceGroupProfile: The node resource group configuration profile.
	NodeResourceGroupProfile *ManagedClusterNodeResourceGroupProfile_ARM `json:"nodeResourceGroupProfile,omitempty"`

	// OidcIssuerProfile: The OIDC issuer profile of the Managed Cluster.
	OidcIssuerProfile *ManagedClusterOIDCIssuerProfile_ARM `json:"oidcIssuerProfile,omitempty"`

	// PodIdentityProfile: See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more
	// details on AAD pod identity integration.
	PodIdentityProfile *ManagedClusterPodIdentityProfile_ARM `json:"podIdentityProfile,omitempty"`

	// PrivateLinkResources: Private link resources associated with the cluster.
	PrivateLinkResources []PrivateLinkResource_ARM `json:"privateLinkResources"`

	// PublicNetworkAccess: Allow or deny public network access for AKS
	PublicNetworkAccess *ManagedClusterProperties_PublicNetworkAccess `json:"publicNetworkAccess,omitempty"`

	// SecurityProfile: Security profile for the managed cluster.
	SecurityProfile *ManagedClusterSecurityProfile_ARM `json:"securityProfile,omitempty"`

	// ServiceMeshProfile: Service mesh profile for a managed cluster.
	ServiceMeshProfile *ServiceMeshProfile_ARM `json:"serviceMeshProfile,omitempty"`

	// ServicePrincipalProfile: Information about a service principal identity for the cluster to use for manipulating Azure
	// APIs.
	ServicePrincipalProfile *ManagedClusterServicePrincipalProfile_ARM `json:"servicePrincipalProfile,omitempty"`

	// StorageProfile: Storage profile for the managed cluster.
	StorageProfile *ManagedClusterStorageProfile_ARM `json:"storageProfile,omitempty"`

	// UpgradeSettings: Settings for upgrading a cluster.
	UpgradeSettings *ClusterUpgradeSettings_ARM `json:"upgradeSettings,omitempty"`

	// WindowsProfile: The profile for Windows VMs in the Managed Cluster.
	WindowsProfile *ManagedClusterWindowsProfile_ARM `json:"windowsProfile,omitempty"`

	// WorkloadAutoScalerProfile: Workload Auto-scaler profile for the managed cluster.
	WorkloadAutoScalerProfile *ManagedClusterWorkloadAutoScalerProfile_ARM `json:"workloadAutoScalerProfile,omitempty"`
}

// The SKU of a Managed Cluster.
type ManagedClusterSKU_ARM struct {
	// Name: The name of a managed cluster SKU.
	Name *ManagedClusterSKU_Name `json:"name,omitempty"`

	// Tier: If not specified, the default is 'Free'. See [AKS Pricing
	// Tier](https://learn.microsoft.com/azure/aks/free-standard-pricing-tiers) for more details.
	Tier *ManagedClusterSKU_Tier `json:"tier,omitempty"`
}

// Settings for upgrading a cluster.
type ClusterUpgradeSettings_ARM struct {
	// OverrideSettings: Settings for overrides.
	OverrideSettings *UpgradeOverrideSettings_ARM `json:"overrideSettings,omitempty"`
}

// Profile for Linux VMs in the container service cluster.
type ContainerServiceLinuxProfile_ARM struct {
	// AdminUsername: The administrator username to use for Linux VMs.
	AdminUsername *string `json:"adminUsername,omitempty"`

	// Ssh: The SSH configuration for Linux-based VMs running on Azure.
	Ssh *ContainerServiceSshConfiguration_ARM `json:"ssh,omitempty"`
}

// Profile of network configuration.
type ContainerServiceNetworkProfile_ARM struct {
	// DnsServiceIP: An IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address
	// range specified in serviceCidr.
	DnsServiceIP *string `json:"dnsServiceIP,omitempty"`

	// DockerBridgeCidr: A CIDR notation IP range assigned to the Docker bridge network. It must not overlap with any Subnet IP
	// ranges or the Kubernetes service address range.
	DockerBridgeCidr *string `json:"dockerBridgeCidr,omitempty"`

	// IpFamilies: IP families are used to determine single-stack or dual-stack clusters. For single-stack, the expected value
	// is IPv4. For dual-stack, the expected values are IPv4 and IPv6.
	IpFamilies []ContainerServiceNetworkProfile_IpFamilies `json:"ipFamilies"`

	// KubeProxyConfig: Holds configuration customizations for kube-proxy. Any values not defined will use the kube-proxy
	// defaulting behavior. See https://v<version>.docs.kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/
	// where <version> is represented by a <major version>-<minor version> string. Kubernetes version 1.23 would be '1-23'.
	KubeProxyConfig *ContainerServiceNetworkProfile_KubeProxyConfig_ARM `json:"kubeProxyConfig,omitempty"`

	// LoadBalancerProfile: Profile of the cluster load balancer.
	LoadBalancerProfile *ManagedClusterLoadBalancerProfile_ARM `json:"loadBalancerProfile,omitempty"`

	// LoadBalancerSku: The default is 'standard'. See [Azure Load Balancer
	// SKUs](https://docs.microsoft.com/azure/load-balancer/skus) for more information about the differences between load
	// balancer SKUs.
	LoadBalancerSku *LoadBalancerSku `json:"loadBalancerSku,omitempty"`

	// NatGatewayProfile: Profile of the cluster NAT gateway.
	NatGatewayProfile *ManagedClusterNATGatewayProfile_ARM `json:"natGatewayProfile,omitempty"`

	// NetworkDataplane: Network dataplane used in the Kubernetes cluster.
	NetworkDataplane *NetworkDataplane `json:"networkDataplane,omitempty"`

	// NetworkMode: This cannot be specified if networkPlugin is anything other than 'azure'.
	NetworkMode *NetworkMode `json:"networkMode,omitempty"`

	// NetworkPlugin: Network plugin used for building the Kubernetes network.
	NetworkPlugin *NetworkPlugin `json:"networkPlugin,omitempty"`

	// NetworkPluginMode: Network plugin mode used for building the Kubernetes network.
	NetworkPluginMode *NetworkPluginMode `json:"networkPluginMode,omitempty"`

	// NetworkPolicy: Network policy used for building the Kubernetes network.
	NetworkPolicy *NetworkPolicy `json:"networkPolicy,omitempty"`

	// OutboundType: This can only be set at cluster creation time and cannot be changed later. For more information see
	// [egress outbound type](https://docs.microsoft.com/azure/aks/egress-outboundtype).
	OutboundType *ContainerServiceNetworkProfile_OutboundType `json:"outboundType,omitempty"`

	// PodCidr: A CIDR notation IP range from which to assign pod IPs when kubenet is used.
	PodCidr *string `json:"podCidr,omitempty"`

	// PodCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is
	// expected for dual-stack networking.
	PodCidrs []string `json:"podCidrs"`

	// ServiceCidr: A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP
	// ranges.
	ServiceCidr *string `json:"serviceCidr,omitempty"`

	// ServiceCidrs: One IPv4 CIDR is expected for single-stack networking. Two CIDRs, one for each IP family (IPv4/IPv6), is
	// expected for dual-stack networking. They must not overlap with any Subnet IP ranges.
	ServiceCidrs []string `json:"serviceCidrs"`
}

// Data used when creating a target resource from a source resource.
type CreationData_ARM struct {
	SourceResourceId *string `json:"sourceResourceId,omitempty"`
}

// The type of extendedLocation.
// +kubebuilder:validation:Enum={"EdgeZone"}
type ExtendedLocationType string

const ExtendedLocationType_EdgeZone = ExtendedLocationType("EdgeZone")

// Mapping from string to ExtendedLocationType
var extendedLocationType_Values = map[string]ExtendedLocationType{
	"edgezone": ExtendedLocationType_EdgeZone,
}

// The Guardrails profile.
type GuardrailsProfile_ARM struct {
	// ExcludedNamespaces: List of namespaces excluded from guardrails checks
	ExcludedNamespaces []string `json:"excludedNamespaces"`

	// Level: The guardrails level to be used. By default, Guardrails is enabled for all namespaces except those that AKS
	// excludes via systemExcludedNamespaces
	Level *GuardrailsProfile_Level `json:"level,omitempty"`

	// Version: The version of constraints to use
	Version *string `json:"version,omitempty"`
}

// For more details see [managed AAD on AKS](https://docs.microsoft.com/azure/aks/managed-aad).
type ManagedClusterAADProfile_ARM struct {
	// AdminGroupObjectIDs: The list of AAD group object IDs that will have admin role of the cluster.
	AdminGroupObjectIDs []string `json:"adminGroupObjectIDs"`

	// ClientAppID: (DEPRECATED) The client AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.
	ClientAppID *string `json:"clientAppID,omitempty"`

	// EnableAzureRBAC: Whether to enable Azure RBAC for Kubernetes authorization.
	EnableAzureRBAC *bool `json:"enableAzureRBAC,omitempty"`

	// Managed: Whether to enable managed AAD.
	Managed *bool `json:"managed,omitempty"`

	// ServerAppID: (DEPRECATED) The server AAD application ID. Learn more at https://aka.ms/aks/aad-legacy.
	ServerAppID *string `json:"serverAppID,omitempty"`

	// ServerAppSecret: (DEPRECATED) The server AAD application secret. Learn more at https://aka.ms/aks/aad-legacy.
	ServerAppSecret *string `json:"serverAppSecret,omitempty"`

	// TenantID: The AAD tenant ID to use for authentication. If not specified, will use the tenant of the deployment
	// subscription.
	TenantID *string `json:"tenantID,omitempty"`
}

// A Kubernetes add-on profile for a managed cluster.
type ManagedClusterAddonProfile_ARM struct {
	// Config: Key-value pairs for configuring an add-on.
	Config map[string]string `json:"config"`

	// Enabled: Whether the add-on is enabled or not.
	Enabled *bool `json:"enabled,omitempty"`
}

// Profile for the container service agent pool.
type ManagedClusterAgentPoolProfile_ARM struct {
	// AvailabilityZones: The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType
	// property is 'VirtualMachineScaleSets'.
	AvailabilityZones []string `json:"availabilityZones"`

	// CapacityReservationGroupID: AKS will associate the specified agent pool with the Capacity Reservation Group.
	CapacityReservationGroupID *string `json:"capacityReservationGroupID,omitempty"`

	// Count: Number of agents (VMs) to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive)
	// for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1.
	Count *int `json:"count,omitempty"`

	// CreationData: CreationData to be used to specify the source Snapshot ID if the node pool will be created/upgraded using
	// a snapshot.
	CreationData *CreationData_ARM `json:"creationData,omitempty"`

	// EnableAutoScaling: Whether to enable auto-scaler
	EnableAutoScaling *bool `json:"enableAutoScaling,omitempty"`

	// EnableCustomCATrust: When set to true, AKS adds a label to the node indicating that the feature is enabled and deploys a
	// daemonset along with host services to sync custom certificate authorities from user-provided list of base64 encoded
	// certificates into node trust stores. Defaults to false.
	EnableCustomCATrust *bool `json:"enableCustomCATrust,omitempty"`

	// EnableEncryptionAtHost: This is only supported on certain VM sizes and in certain Azure regions. For more information,
	// see: https://docs.microsoft.com/azure/aks/enable-host-encryption
	EnableEncryptionAtHost *bool `json:"enableEncryptionAtHost,omitempty"`

	// EnableFIPS: See [Add a FIPS-enabled node
	// pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more
	// details.
	EnableFIPS *bool `json:"enableFIPS,omitempty"`

	// EnableNodePublicIP: Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses.
	// A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine
	// to minimize hops. For more information see [assigning a public IP per
	// node](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). The
	// default is false.
	EnableNodePublicIP *bool `json:"enableNodePublicIP,omitempty"`

	// EnableUltraSSD: Whether to enable UltraSSD
	EnableUltraSSD *bool `json:"enableUltraSSD,omitempty"`

	// GpuInstanceProfile: GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU.
	GpuInstanceProfile *GPUInstanceProfile `json:"gpuInstanceProfile,omitempty"`
	HostGroupID        *string             `json:"hostGroupID,omitempty"`

	// KubeletConfig: The Kubelet configuration on the agent pool nodes.
	KubeletConfig *KubeletConfig_ARM `json:"kubeletConfig,omitempty"`

	// KubeletDiskType: Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral
	// storage.
	KubeletDiskType *KubeletDiskType `json:"kubeletDiskType,omitempty"`

	// LinuxOSConfig: The OS configuration of Linux agent nodes.
	LinuxOSConfig *LinuxOSConfig_ARM `json:"linuxOSConfig,omitempty"`

	// MaxCount: The maximum number of nodes for auto-scaling
	MaxCount *int `json:"maxCount,omitempty"`

	// MaxPods: The maximum number of pods that can run on a node.
	MaxPods *int `json:"maxPods,omitempty"`

	// MessageOfTheDay: A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of
	// the message of the day for Linux nodes. It must not be specified for Windows nodes. It must be a static string (i.e.,
	// will be printed raw and not be executed as a script).
	MessageOfTheDay *string `json:"messageOfTheDay,omitempty"`

	// MinCount: The minimum number of nodes for auto-scaling
	MinCount *int `json:"minCount,omitempty"`

	// Mode: A cluster must have at least one 'System' Agent Pool at all times. For additional information on agent pool
	// restrictions  and best practices, see: https://docs.microsoft.com/azure/aks/use-system-pools
	Mode *AgentPoolMode `json:"mode,omitempty"`

	// Name: Windows agent pool names must be 6 characters or less.
	Name *string `json:"name,omitempty"`

	// NetworkProfile: Network-related settings of an agent pool.
	NetworkProfile *AgentPoolNetworkProfile_ARM `json:"networkProfile,omitempty"`

	// NodeLabels: The node labels to be persisted across all nodes in agent pool.
	NodeLabels           map[string]string `json:"nodeLabels"`
	NodePublicIPPrefixID *string           `json:"nodePublicIPPrefixID,omitempty"`

	// NodeTaints: The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule.
	NodeTaints []string `json:"nodeTaints"`

	// OrchestratorVersion: Both patch version <major.minor.patch> and <major.minor> are supported. When <major.minor> is
	// specified, the latest supported patch version is chosen automatically. Updating the agent pool with the same
	// <major.minor> once it has been created will not trigger an upgrade, even if a newer patch version is available. As a
	// best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version
	// must have the same major version as the control plane. The node pool minor version must be within two minor versions of
	// the control plane version. The node pool version cannot be greater than the control plane version. For more information
	// see [upgrading a node pool](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#upgrade-a-node-pool).
	OrchestratorVersion *string                 `json:"orchestratorVersion,omitempty"`
	OsDiskSizeGB        *ContainerServiceOSDisk `json:"osDiskSizeGB,omitempty"`

	// OsDiskType: The default is 'Ephemeral' if the VM supports it and has a cache disk larger than the requested
	// OSDiskSizeGB. Otherwise,  defaults to 'Managed'. May not be changed after creation. For more information see [Ephemeral
	// OS](https://docs.microsoft.com/azure/aks/cluster-configuration#ephemeral-os).
	OsDiskType *OSDiskType `json:"osDiskType,omitempty"`

	// OsSKU: Specifies the OS SKU used by the agent pool. If not specified, the default is Ubuntu if OSType=Linux or
	// Windows2019 if  OSType=Windows. And the default Windows OSSKU will be changed to Windows2022 after Windows2019 is
	// deprecated.
	OsSKU *OSSKU `json:"osSKU,omitempty"`

	// OsType: The operating system type. The default is Linux.
	OsType      *OSType `json:"osType,omitempty"`
	PodSubnetID *string `json:"podSubnetID,omitempty"`

	// PowerState: When an Agent Pool is first created it is initially Running. The Agent Pool can be stopped by setting this
	// field to Stopped. A stopped Agent Pool stops all of its VMs and does not accrue billing charges. An Agent Pool can only
	// be stopped if it is Running and provisioning state is Succeeded
	PowerState                *PowerState_ARM `json:"powerState,omitempty"`
	ProximityPlacementGroupID *string         `json:"proximityPlacementGroupID,omitempty"`

	// ScaleDownMode: This also effects the cluster autoscaler behavior. If not specified, it defaults to Delete.
	ScaleDownMode *ScaleDownMode `json:"scaleDownMode,omitempty"`

	// ScaleSetEvictionPolicy: This cannot be specified unless the scaleSetPriority is 'Spot'. If not specified, the default is
	// 'Delete'.
	ScaleSetEvictionPolicy *ScaleSetEvictionPolicy `json:"scaleSetEvictionPolicy,omitempty"`

	// ScaleSetPriority: The Virtual Machine Scale Set priority. If not specified, the default is 'Regular'.
	ScaleSetPriority *ScaleSetPriority `json:"scaleSetPriority,omitempty"`

	// SpotMaxPrice: Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any
	// on-demand price. For more details on spot pricing, see [spot VMs
	// pricing](https://docs.microsoft.com/azure/virtual-machines/spot-vms#pricing)
	SpotMaxPrice *float64 `json:"spotMaxPrice,omitempty"`

	// Tags: The tags to be persisted on the agent pool virtual machine scale set.
	Tags map[string]string `json:"tags"`

	// Type: The type of Agent Pool.
	Type *AgentPoolType `json:"type,omitempty"`

	// UpgradeSettings: Settings for upgrading the agentpool
	UpgradeSettings *AgentPoolUpgradeSettings_ARM `json:"upgradeSettings,omitempty"`

	// VmSize: VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods
	// might fail to run correctly. For more details on restricted VM sizes, see:
	// https://docs.microsoft.com/azure/aks/quotas-skus-regions
	VmSize       *string `json:"vmSize,omitempty"`
	VnetSubnetID *string `json:"vnetSubnetID,omitempty"`

	// WindowsProfile: The Windows agent pool's specific profile.
	WindowsProfile *AgentPoolWindowsProfile_ARM `json:"windowsProfile,omitempty"`

	// WorkloadRuntime: Determines the type of workload a node can run.
	WorkloadRuntime *WorkloadRuntime `json:"workloadRuntime,omitempty"`
}

// Access profile for managed cluster API server.
type ManagedClusterAPIServerAccessProfile_ARM struct {
	// AuthorizedIPRanges: IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with
	// clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. For more information see [API
	// server authorized IP ranges](https://docs.microsoft.com/azure/aks/api-server-authorized-ip-ranges).
	AuthorizedIPRanges []string `json:"authorizedIPRanges"`

	// DisableRunCommand: Whether to disable run command for the cluster or not.
	DisableRunCommand *bool `json:"disableRunCommand,omitempty"`

	// EnablePrivateCluster: For more details, see [Creating a private AKS
	// cluster](https://docs.microsoft.com/azure/aks/private-clusters).
	EnablePrivateCluster *bool `json:"enablePrivateCluster,omitempty"`

	// EnablePrivateClusterPublicFQDN: Whether to create additional public FQDN for private cluster or not.
	EnablePrivateClusterPublicFQDN *bool `json:"enablePrivateClusterPublicFQDN,omitempty"`

	// EnableVnetIntegration: Whether to enable apiserver vnet integration for the cluster or not.
	EnableVnetIntegration *bool `json:"enableVnetIntegration,omitempty"`

	// PrivateDNSZone: The default is System. For more details see [configure private DNS
	// zone](https://docs.microsoft.com/azure/aks/private-clusters#configure-private-dns-zone). Allowed values are 'system' and
	// 'none'.
	PrivateDNSZone *string `json:"privateDNSZone,omitempty"`

	// SubnetId: It is required when: 1. creating a new cluster with BYO Vnet; 2. updating an existing cluster to enable
	// apiserver vnet integration.
	SubnetId *string `json:"subnetId,omitempty"`
}

// Auto upgrade profile for a managed cluster.
type ManagedClusterAutoUpgradeProfile_ARM struct {
	// NodeOSUpgradeChannel: The default is Unmanaged, but may change to either NodeImage or SecurityPatch at GA.
	NodeOSUpgradeChannel *ManagedClusterAutoUpgradeProfile_NodeOSUpgradeChannel `json:"nodeOSUpgradeChannel,omitempty"`

	// UpgradeChannel: For more information see [setting the AKS cluster auto-upgrade
	// channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel).
	UpgradeChannel *ManagedClusterAutoUpgradeProfile_UpgradeChannel `json:"upgradeChannel,omitempty"`
}

// Prometheus addon profile for the container service cluster
type ManagedClusterAzureMonitorProfile_ARM struct {
	// Metrics: Metrics profile for the prometheus service addon
	Metrics *ManagedClusterAzureMonitorProfileMetrics_ARM `json:"metrics,omitempty"`
}

// Cluster HTTP proxy configuration.
type ManagedClusterHTTPProxyConfig_ARM struct {
	// HttpProxy: The HTTP proxy server endpoint to use.
	HttpProxy *string `json:"httpProxy,omitempty"`

	// HttpsProxy: The HTTPS proxy server endpoint to use.
	HttpsProxy *string `json:"httpsProxy,omitempty"`

	// NoProxy: The endpoints that should not go through proxy.
	NoProxy []string `json:"noProxy"`

	// TrustedCa: Alternative CA cert to use for connecting to proxy servers.
	TrustedCa *string `json:"trustedCa,omitempty"`
}

// +kubebuilder:validation:Enum={"None","SystemAssigned","UserAssigned"}
type ManagedClusterIdentity_Type string

const (
	ManagedClusterIdentity_Type_None           = ManagedClusterIdentity_Type("None")
	ManagedClusterIdentity_Type_SystemAssigned = ManagedClusterIdentity_Type("SystemAssigned")
	ManagedClusterIdentity_Type_UserAssigned   = ManagedClusterIdentity_Type("UserAssigned")
)

// Mapping from string to ManagedClusterIdentity_Type
var managedClusterIdentity_Type_Values = map[string]ManagedClusterIdentity_Type{
	"none":           ManagedClusterIdentity_Type_None,
	"systemassigned": ManagedClusterIdentity_Type_SystemAssigned,
	"userassigned":   ManagedClusterIdentity_Type_UserAssigned,
}

// Ingress profile for the container service cluster.
type ManagedClusterIngressProfile_ARM struct {
	// WebAppRouting: Web App Routing settings for the ingress profile.
	WebAppRouting *ManagedClusterIngressProfileWebAppRouting_ARM `json:"webAppRouting,omitempty"`
}

// Node resource group lockdown profile for a managed cluster.
type ManagedClusterNodeResourceGroupProfile_ARM struct {
	// RestrictionLevel: The restriction level applied to the cluster's node resource group
	RestrictionLevel *ManagedClusterNodeResourceGroupProfile_RestrictionLevel `json:"restrictionLevel,omitempty"`
}

// The OIDC issuer profile of the Managed Cluster.
type ManagedClusterOIDCIssuerProfile_ARM struct {
	// Enabled: Whether the OIDC issuer is enabled.
	Enabled *bool `json:"enabled,omitempty"`
}

// See [use AAD pod identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity) for more details on pod
// identity integration.
type ManagedClusterPodIdentityProfile_ARM struct {
	// AllowNetworkPluginKubenet: Running in Kubenet is disabled by default due to the security related nature of AAD Pod
	// Identity and the risks of IP spoofing. See [using Kubenet network plugin with AAD Pod
	// Identity](https://docs.microsoft.com/azure/aks/use-azure-ad-pod-identity#using-kubenet-network-plugin-with-azure-active-directory-pod-managed-identities)
	// for more information.
	AllowNetworkPluginKubenet *bool `json:"allowNetworkPluginKubenet,omitempty"`

	// Enabled: Whether the pod identity addon is enabled.
	Enabled *bool `json:"enabled,omitempty"`

	// UserAssignedIdentities: The pod identities to use in the cluster.
	UserAssignedIdentities []ManagedClusterPodIdentity_ARM `json:"userAssignedIdentities"`

	// UserAssignedIdentityExceptions: The pod identity exceptions to allow.
	UserAssignedIdentityExceptions []ManagedClusterPodIdentityException_ARM `json:"userAssignedIdentityExceptions"`
}

type ManagedClusterProperties_AutoScalerProfile_ARM struct {
	// BalanceSimilarNodeGroups: Valid values are 'true' and 'false'
	BalanceSimilarNodeGroups *string `json:"balance-similar-node-groups,omitempty"`

	// Expander: If not specified, the default is 'random'. See
	// [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more
	// information.
	Expander *ManagedClusterProperties_AutoScalerProfile_Expander `json:"expander,omitempty"`

	// MaxEmptyBulkDelete: The default is 10.
	MaxEmptyBulkDelete *string `json:"max-empty-bulk-delete,omitempty"`

	// MaxGracefulTerminationSec: The default is 600.
	MaxGracefulTerminationSec *string `json:"max-graceful-termination-sec,omitempty"`

	// MaxNodeProvisionTime: The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than
	// minutes (m) is supported.
	MaxNodeProvisionTime *string `json:"max-node-provision-time,omitempty"`

	// MaxTotalUnreadyPercentage: The default is 45. The maximum is 100 and the minimum is 0.
	MaxTotalUnreadyPercentage *string `json:"max-total-unready-percentage,omitempty"`

	// NewPodScaleUpDelay: For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler
	// could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is
	// '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).
	NewPodScaleUpDelay *string `json:"new-pod-scale-up-delay,omitempty"`

	// OkTotalUnreadyCount: This must be an integer. The default is 3.
	OkTotalUnreadyCount *string `json:"ok-total-unready-count,omitempty"`

	// ScaleDownDelayAfterAdd: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than
	// minutes (m) is supported.
	ScaleDownDelayAfterAdd *string `json:"scale-down-delay-after-add,omitempty"`

	// ScaleDownDelayAfterDelete: The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of
	// time other than minutes (m) is supported.
	ScaleDownDelayAfterDelete *string `json:"scale-down-delay-after-delete,omitempty"`

	// ScaleDownDelayAfterFailure: The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other
	// than minutes (m) is supported.
	ScaleDownDelayAfterFailure *string `json:"scale-down-delay-after-failure,omitempty"`

	// ScaleDownUnneededTime: The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than
	// minutes (m) is supported.
	ScaleDownUnneededTime *string `json:"scale-down-unneeded-time,omitempty"`

	// ScaleDownUnreadyTime: The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than
	// minutes (m) is supported.
	ScaleDownUnreadyTime *string `json:"scale-down-unready-time,omitempty"`

	// ScaleDownUtilizationThreshold: The default is '0.5'.
	ScaleDownUtilizationThreshold *string `json:"scale-down-utilization-threshold,omitempty"`

	// ScanInterval: The default is '10'. Values must be an integer number of seconds.
	ScanInterval *string `json:"scan-interval,omitempty"`

	// SkipNodesWithLocalStorage: The default is true.
	SkipNodesWithLocalStorage *string `json:"skip-nodes-with-local-storage,omitempty"`

	// SkipNodesWithSystemPods: The default is true.
	SkipNodesWithSystemPods *string `json:"skip-nodes-with-system-pods,omitempty"`
}

// Security profile for the container service cluster.
type ManagedClusterSecurityProfile_ARM struct {
	// AzureKeyVaultKms: Azure Key Vault [key management
	// service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile.
	AzureKeyVaultKms *AzureKeyVaultKms_ARM `json:"azureKeyVaultKms,omitempty"`

	// CustomCATrustCertificates: A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the
	// Custom CA Trust feature enabled. For more information see [Custom CA Trust
	// Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)
	CustomCATrustCertificates ManagedClusterSecurityProfileCustomCATrustCertificates `json:"customCATrustCertificates,omitempty"`

	// Defender: Microsoft Defender settings for the security profile.
	Defender *ManagedClusterSecurityProfileDefender_ARM `json:"defender,omitempty"`

	// ImageCleaner: Image Cleaner settings for the security profile.
	ImageCleaner *ManagedClusterSecurityProfileImageCleaner_ARM `json:"imageCleaner,omitempty"`

	// NodeRestriction: [Node
	// Restriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) settings
	// for the security profile.
	NodeRestriction *ManagedClusterSecurityProfileNodeRestriction_ARM `json:"nodeRestriction,omitempty"`

	// WorkloadIdentity: Workload identity settings for the security profile. Workload identity enables Kubernetes applications
	// to access Azure cloud resources securely with Azure AD. See https://aka.ms/aks/wi for more details.
	WorkloadIdentity *ManagedClusterSecurityProfileWorkloadIdentity_ARM `json:"workloadIdentity,omitempty"`
}

// Information about a service principal identity for the cluster to use for manipulating Azure APIs.
type ManagedClusterServicePrincipalProfile_ARM struct {
	// ClientId: The ID for the service principal.
	ClientId *string `json:"clientId,omitempty"`

	// Secret: The secret password associated with the service principal in plain text.
	Secret *string `json:"secret,omitempty"`
}

// +kubebuilder:validation:Enum={"Base"}
type ManagedClusterSKU_Name string

const ManagedClusterSKU_Name_Base = ManagedClusterSKU_Name("Base")

// Mapping from string to ManagedClusterSKU_Name
var managedClusterSKU_Name_Values = map[string]ManagedClusterSKU_Name{
	"base": ManagedClusterSKU_Name_Base,
}

// +kubebuilder:validation:Enum={"Free","Standard"}
type ManagedClusterSKU_Tier string

const (
	ManagedClusterSKU_Tier_Free     = ManagedClusterSKU_Tier("Free")
	ManagedClusterSKU_Tier_Standard = ManagedClusterSKU_Tier("Standard")
)

// Mapping from string to ManagedClusterSKU_Tier
var managedClusterSKU_Tier_Values = map[string]ManagedClusterSKU_Tier{
	"free":     ManagedClusterSKU_Tier_Free,
	"standard": ManagedClusterSKU_Tier_Standard,
}

// Storage profile for the container service cluster.
type ManagedClusterStorageProfile_ARM struct {
	// BlobCSIDriver: AzureBlob CSI Driver settings for the storage profile.
	BlobCSIDriver *ManagedClusterStorageProfileBlobCSIDriver_ARM `json:"blobCSIDriver,omitempty"`

	// DiskCSIDriver: AzureDisk CSI Driver settings for the storage profile.
	DiskCSIDriver *ManagedClusterStorageProfileDiskCSIDriver_ARM `json:"diskCSIDriver,omitempty"`

	// FileCSIDriver: AzureFile CSI Driver settings for the storage profile.
	FileCSIDriver *ManagedClusterStorageProfileFileCSIDriver_ARM `json:"fileCSIDriver,omitempty"`

	// SnapshotController: Snapshot Controller settings for the storage profile.
	SnapshotController *ManagedClusterStorageProfileSnapshotController_ARM `json:"snapshotController,omitempty"`
}

// Profile for Windows VMs in the managed cluster.
type ManagedClusterWindowsProfile_ARM struct {
	// AdminPassword: Specifies the password of the administrator account.
	// Minimum-length: 8 characters
	// Max-length: 123 characters
	// Complexity requirements: 3 out of 4 conditions below need to be fulfilled
	// Has lower characters
	// Has upper characters
	// Has a digit
	// Has a special character (Regex match [\W_])
	// Disallowed values: "abc@123", "P@$$w0rd", "P@ssw0rd", "P@ssword123", "Pa$$word", "pass@word1", "Password!", "Password1",
	// "Password22", "iloveyou!"
	AdminPassword *string `json:"adminPassword,omitempty"`

	// AdminUsername: Specifies the name of the administrator account.
	// Restriction: Cannot end in "."
	// Disallowed values: "administrator", "admin", "user", "user1", "test", "user2", "test1", "user3", "admin1", "1", "123",
	// "a", "actuser", "adm", "admin2", "aspnet", "backup", "console", "david", "guest", "john", "owner", "root", "server",
	// "sql", "support", "support_388945a0", "sys", "test2", "test3", "user4", "user5".
	// Minimum-length: 1 character
	// Max-length: 20 characters
	AdminUsername *string `json:"adminUsername,omitempty"`

	// EnableCSIProxy: For more details on CSI proxy, see the [CSI proxy GitHub
	// repo](https://github.com/kubernetes-csi/csi-proxy).
	EnableCSIProxy *bool `json:"enableCSIProxy,omitempty"`

	// GmsaProfile: The Windows gMSA Profile in the Managed Cluster.
	GmsaProfile *WindowsGmsaProfile_ARM `json:"gmsaProfile,omitempty"`

	// LicenseType: The license type to use for Windows VMs. See [Azure Hybrid User
	// Benefits](https://azure.microsoft.com/pricing/hybrid-benefit/faq/) for more details.
	LicenseType *ManagedClusterWindowsProfile_LicenseType `json:"licenseType,omitempty"`
}

// Workload Auto-scaler profile for the managed cluster.
type ManagedClusterWorkloadAutoScalerProfile_ARM struct {
	// Keda: KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.
	Keda                  *ManagedClusterWorkloadAutoScalerProfileKeda_ARM                  `json:"keda,omitempty"`
	VerticalPodAutoscaler *ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_ARM `json:"verticalPodAutoscaler,omitempty"`
}

// A private link resource
type PrivateLinkResource_ARM struct {
	// GroupId: The group ID of the resource.
	GroupId *string `json:"groupId,omitempty"`
	Id      *string `json:"id,omitempty"`

	// Name: The name of the private link resource.
	Name *string `json:"name,omitempty"`

	// RequiredMembers: The RequiredMembers of the resource
	RequiredMembers []string `json:"requiredMembers"`

	// Type: The resource type.
	Type *string `json:"type,omitempty"`
}

// Service mesh profile for a managed cluster.
type ServiceMeshProfile_ARM struct {
	// Istio: Istio service mesh configuration.
	Istio *IstioServiceMesh_ARM `json:"istio,omitempty"`

	// Mode: Mode of the service mesh.
	Mode *ServiceMeshProfile_Mode `json:"mode,omitempty"`
}

// Details about a user assigned identity.
type UserAssignedIdentity_ARM struct {
	// ClientId: The client ID of the user assigned identity.
	ClientId *string `json:"clientId,omitempty"`

	// ObjectId: The object ID of the user assigned identity.
	ObjectId   *string `json:"objectId,omitempty"`
	ResourceId *string `json:"resourceId,omitempty"`
}

// Information about the user assigned identity for the resource
type UserAssignedIdentityDetails_ARM struct {
}

// Azure Key Vault key management service settings for the security profile.
type AzureKeyVaultKms_ARM struct {
	// Enabled: Whether to enable Azure Key Vault key management service. The default is false.
	Enabled *bool `json:"enabled,omitempty"`

	// KeyId: Identifier of Azure Key Vault key. See [key identifier
	// format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name)
	// for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key
	// identifier. When Azure Key Vault key management service is disabled, leave the field empty.
	KeyId *string `json:"keyId,omitempty"`

	// KeyVaultNetworkAccess: Network access of key vault. The possible values are `Public` and `Private`. `Public` means the
	// key vault allows public access from all networks. `Private` means the key vault disables public access and enables
	// private link. The default value is `Public`.
	KeyVaultNetworkAccess *AzureKeyVaultKms_KeyVaultNetworkAccess `json:"keyVaultNetworkAccess,omitempty"`
	KeyVaultResourceId    *string                                 `json:"keyVaultResourceId,omitempty"`
}

type ContainerServiceNetworkProfile_KubeProxyConfig_ARM struct {
	// Enabled: Whether to enable on kube-proxy on the cluster (if no 'kubeProxyConfig' exists, kube-proxy is enabled in AKS by
	// default without these customizations).
	Enabled *bool `json:"enabled,omitempty"`

	// IpvsConfig: Holds configuration customizations for IPVS. May only be specified if 'mode' is set to 'IPVS'.
	IpvsConfig *ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_ARM `json:"ipvsConfig,omitempty"`

	// Mode: Specify which proxy mode to use ('IPTABLES' or 'IPVS')
	Mode *ContainerServiceNetworkProfile_KubeProxyConfig_Mode `json:"mode,omitempty"`
}

// SSH configuration for Linux-based VMs running on Azure.
type ContainerServiceSshConfiguration_ARM struct {
	// PublicKeys: The list of SSH public keys used to authenticate with Linux-based VMs. A maximum of 1 key may be specified.
	PublicKeys []ContainerServiceSshPublicKey_ARM `json:"publicKeys"`
}

// Istio service mesh configuration.
type IstioServiceMesh_ARM struct {
	// Components: Istio components configuration.
	Components *IstioComponents_ARM `json:"components,omitempty"`
}

// Metrics profile for the prometheus service addon
type ManagedClusterAzureMonitorProfileMetrics_ARM struct {
	// Enabled: Whether to enable the Prometheus collector
	Enabled *bool `json:"enabled,omitempty"`

	// KubeStateMetrics: Kube State Metrics for prometheus addon profile for the container service cluster
	KubeStateMetrics *ManagedClusterAzureMonitorProfileKubeStateMetrics_ARM `json:"kubeStateMetrics,omitempty"`
}

// Web App Routing settings for the ingress profile.
type ManagedClusterIngressProfileWebAppRouting_ARM struct {
	DnsZoneResourceId *string `json:"dnsZoneResourceId,omitempty"`

	// Enabled: Whether to enable Web App Routing.
	Enabled *bool `json:"enabled,omitempty"`
}

// Profile of the managed cluster load balancer.
type ManagedClusterLoadBalancerProfile_ARM struct {
	// AllocatedOutboundPorts: The desired number of allocated SNAT ports per VM. Allowed values are in the range of 0 to 64000
	// (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
	AllocatedOutboundPorts *int `json:"allocatedOutboundPorts,omitempty"`

	// BackendPoolType: The type of the managed inbound Load Balancer BackendPool.
	BackendPoolType *ManagedClusterLoadBalancerProfile_BackendPoolType `json:"backendPoolType,omitempty"`

	// EffectiveOutboundIPs: The effective outbound IP resources of the cluster load balancer.
	EffectiveOutboundIPs []ResourceReference_ARM `json:"effectiveOutboundIPs"`

	// EnableMultipleStandardLoadBalancers: Enable multiple standard load balancers per AKS cluster or not.
	EnableMultipleStandardLoadBalancers *bool `json:"enableMultipleStandardLoadBalancers,omitempty"`

	// IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120
	// (inclusive). The default value is 30 minutes.
	IdleTimeoutInMinutes *int `json:"idleTimeoutInMinutes,omitempty"`

	// ManagedOutboundIPs: Desired managed outbound IPs for the cluster load balancer.
	ManagedOutboundIPs *ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_ARM `json:"managedOutboundIPs,omitempty"`

	// OutboundIPPrefixes: Desired outbound IP Prefix resources for the cluster load balancer.
	OutboundIPPrefixes *ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_ARM `json:"outboundIPPrefixes,omitempty"`

	// OutboundIPs: Desired outbound IP resources for the cluster load balancer.
	OutboundIPs *ManagedClusterLoadBalancerProfile_OutboundIPs_ARM `json:"outboundIPs,omitempty"`
}

// Profile of the managed cluster NAT gateway.
type ManagedClusterNATGatewayProfile_ARM struct {
	// EffectiveOutboundIPs: The effective outbound IP resources of the cluster NAT gateway.
	EffectiveOutboundIPs []ResourceReference_ARM `json:"effectiveOutboundIPs"`

	// IdleTimeoutInMinutes: Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120
	// (inclusive). The default value is 4 minutes.
	IdleTimeoutInMinutes *int `json:"idleTimeoutInMinutes,omitempty"`

	// ManagedOutboundIPProfile: Profile of the managed outbound IP resources of the cluster NAT gateway.
	ManagedOutboundIPProfile *ManagedClusterManagedOutboundIPProfile_ARM `json:"managedOutboundIPProfile,omitempty"`
}

// Details about the pod identity assigned to the Managed Cluster.
type ManagedClusterPodIdentity_ARM struct {
	// BindingSelector: The binding selector to use for the AzureIdentityBinding resource.
	BindingSelector *string `json:"bindingSelector,omitempty"`

	// Identity: The user assigned identity details.
	Identity *UserAssignedIdentity_ARM `json:"identity,omitempty"`

	// Name: The name of the pod identity.
	Name *string `json:"name,omitempty"`

	// Namespace: The namespace of the pod identity.
	Namespace *string `json:"namespace,omitempty"`
}

// See [disable AAD Pod Identity for a specific
// Pod/Application](https://azure.github.io/aad-pod-identity/docs/configure/application_exception/) for more details.
type ManagedClusterPodIdentityException_ARM struct {
	// Name: The name of the pod identity exception.
	Name *string `json:"name,omitempty"`

	// Namespace: The namespace of the pod identity exception.
	Namespace *string `json:"namespace,omitempty"`

	// PodLabels: The pod labels to match.
	PodLabels map[string]string `json:"podLabels"`
}

// Microsoft Defender settings for the security profile.
type ManagedClusterSecurityProfileDefender_ARM struct {
	LogAnalyticsWorkspaceResourceId *string `json:"logAnalyticsWorkspaceResourceId,omitempty"`

	// SecurityMonitoring: Microsoft Defender threat detection for Cloud settings for the security profile.
	SecurityMonitoring *ManagedClusterSecurityProfileDefenderSecurityMonitoring_ARM `json:"securityMonitoring,omitempty"`
}

// Image Cleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area. Here
// are settings for the security profile.
type ManagedClusterSecurityProfileImageCleaner_ARM struct {
	// Enabled: Whether to enable Image Cleaner on AKS cluster.
	Enabled *bool `json:"enabled,omitempty"`

	// IntervalHours: Image Cleaner scanning interval in hours.
	IntervalHours *int `json:"intervalHours,omitempty"`
}

// Node Restriction settings for the security profile.
type ManagedClusterSecurityProfileNodeRestriction_ARM struct {
	// Enabled: Whether to enable Node Restriction
	Enabled *bool `json:"enabled,omitempty"`
}

// Workload identity settings for the security profile.
type ManagedClusterSecurityProfileWorkloadIdentity_ARM struct {
	// Enabled: Whether to enable workload identity.
	Enabled *bool `json:"enabled,omitempty"`
}

// AzureBlob CSI Driver settings for the storage profile.
type ManagedClusterStorageProfileBlobCSIDriver_ARM struct {
	// Enabled: Whether to enable AzureBlob CSI Driver. The default value is false.
	Enabled *bool `json:"enabled,omitempty"`
}

// AzureDisk CSI Driver settings for the storage profile.
type ManagedClusterStorageProfileDiskCSIDriver_ARM struct {
	// Enabled: Whether to enable AzureDisk CSI Driver. The default value is true.
	Enabled *bool `json:"enabled,omitempty"`

	// Version: The version of AzureDisk CSI Driver. The default value is v1.
	Version *string `json:"version,omitempty"`
}

// AzureFile CSI Driver settings for the storage profile.
type ManagedClusterStorageProfileFileCSIDriver_ARM struct {
	// Enabled: Whether to enable AzureFile CSI Driver. The default value is true.
	Enabled *bool `json:"enabled,omitempty"`
}

// Snapshot Controller settings for the storage profile.
type ManagedClusterStorageProfileSnapshotController_ARM struct {
	// Enabled: Whether to enable Snapshot Controller. The default value is true.
	Enabled *bool `json:"enabled,omitempty"`
}

// KEDA (Kubernetes Event-driven Autoscaling) settings for the workload auto-scaler profile.
type ManagedClusterWorkloadAutoScalerProfileKeda_ARM struct {
	// Enabled: Whether to enable KEDA.
	Enabled *bool `json:"enabled,omitempty"`
}

type ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_ARM struct {
	// ControlledValues: Controls which resource value autoscaler will change. Default value is RequestsAndLimits.
	ControlledValues *ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_ControlledValues `json:"controlledValues,omitempty"`

	// Enabled: Whether to enable VPA. Default value is false.
	Enabled *bool `json:"enabled,omitempty"`

	// UpdateMode: Each update mode level is a superset of the lower levels. Off<Initial<Recreate<=Auto. For example: if
	// UpdateMode is Initial, it means VPA sets the recommended resources in the VerticalPodAutoscaler Custom Resource (from
	// UpdateMode Off) and also assigns resources on pod creation (from Initial). The default value is Off.
	UpdateMode *ManagedClusterWorkloadAutoScalerProfileVerticalPodAutoscaler_UpdateMode `json:"updateMode,omitempty"`
}

// Settings for overrides when upgrading a cluster.
type UpgradeOverrideSettings_ARM struct {
	// ControlPlaneOverrides: List of upgrade overrides when upgrading a cluster's control plane.
	ControlPlaneOverrides []ControlPlaneUpgradeOverride `json:"controlPlaneOverrides"`

	// Until: Until when the overrides are effective. Note that this only matches the start time of an upgrade, and the
	// effectiveness won't change once an upgrade starts even if the `until` expires as upgrade proceeds. This field is not set
	// by default. It must be set for the overrides to take effect.
	Until *string `json:"until,omitempty"`
}

// Windows gMSA Profile in the managed cluster.
type WindowsGmsaProfile_ARM struct {
	// DnsServer: Specifies the DNS server for Windows gMSA.
	// Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.
	DnsServer *string `json:"dnsServer,omitempty"`

	// Enabled: Specifies whether to enable Windows gMSA in the managed cluster.
	Enabled *bool `json:"enabled,omitempty"`

	// RootDomainName: Specifies the root domain name for Windows gMSA.
	// Set it to empty if you have configured the DNS server in the vnet which is used to create the managed cluster.
	RootDomainName *string `json:"rootDomainName,omitempty"`
}

type ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_ARM struct {
	// Scheduler: IPVS scheduler, for more information please see http://www.linuxvirtualserver.org/docs/scheduling.html.
	Scheduler *ContainerServiceNetworkProfile_KubeProxyConfig_IpvsConfig_Scheduler `json:"scheduler,omitempty"`

	// TcpFinTimeoutSeconds: The timeout value used for IPVS TCP sessions after receiving a FIN in seconds. Must be a positive
	// integer value.
	TcpFinTimeoutSeconds *int `json:"tcpFinTimeoutSeconds,omitempty"`

	// TcpTimeoutSeconds: The timeout value used for idle IPVS TCP sessions in seconds. Must be a positive integer value.
	TcpTimeoutSeconds *int `json:"tcpTimeoutSeconds,omitempty"`

	// UdpTimeoutSeconds: The timeout value used for IPVS UDP packets in seconds. Must be a positive integer value.
	UdpTimeoutSeconds *int `json:"udpTimeoutSeconds,omitempty"`
}

// Contains information about SSH certificate public key data.
type ContainerServiceSshPublicKey_ARM struct {
	// KeyData: Certificate public key used to authenticate with VMs through SSH. The certificate must be in PEM format with or
	// without headers.
	KeyData *string `json:"keyData,omitempty"`
}

// Istio components configuration.
type IstioComponents_ARM struct {
	// IngressGateways: Istio ingress gateways.
	IngressGateways []IstioIngressGateway_ARM `json:"ingressGateways"`
}

// Kube State Metrics for prometheus addon profile for the container service cluster
type ManagedClusterAzureMonitorProfileKubeStateMetrics_ARM struct {
	// MetricAnnotationsAllowList: Comma-separated list of additional Kubernetes label keys that will be used in the resource's
	// labels metric.
	MetricAnnotationsAllowList *string `json:"metricAnnotationsAllowList,omitempty"`

	// MetricLabelsAllowlist: Comma-separated list of Kubernetes annotations keys that will be used in the resource's labels
	// metric.
	MetricLabelsAllowlist *string `json:"metricLabelsAllowlist,omitempty"`
}

type ManagedClusterLoadBalancerProfile_ManagedOutboundIPs_ARM struct {
	// Count: The desired number of IPv4 outbound IPs created/managed by Azure for the cluster load balancer. Allowed values
	// must be in the range of 1 to 100 (inclusive). The default value is 1.
	Count *int `json:"count,omitempty"`

	// CountIPv6: The desired number of IPv6 outbound IPs created/managed by Azure for the cluster load balancer. Allowed
	// values must be in the range of 1 to 100 (inclusive). The default value is 0 for single-stack and 1 for dual-stack.
	CountIPv6 *int `json:"countIPv6,omitempty"`
}

type ManagedClusterLoadBalancerProfile_OutboundIPPrefixes_ARM struct {
	// PublicIPPrefixes: A list of public IP prefix resources.
	PublicIPPrefixes []ResourceReference_ARM `json:"publicIPPrefixes"`
}

type ManagedClusterLoadBalancerProfile_OutboundIPs_ARM struct {
	// PublicIPs: A list of public IP resources.
	PublicIPs []ResourceReference_ARM `json:"publicIPs"`
}

// Profile of the managed outbound IP resources of the managed cluster.
type ManagedClusterManagedOutboundIPProfile_ARM struct {
	// Count: The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16
	// (inclusive). The default value is 1.
	Count *int `json:"count,omitempty"`
}

// Microsoft Defender settings for the security profile threat detection.
type ManagedClusterSecurityProfileDefenderSecurityMonitoring_ARM struct {
	// Enabled: Whether to enable Defender threat detection
	Enabled *bool `json:"enabled,omitempty"`
}

// A reference to an Azure resource.
type ResourceReference_ARM struct {
	Id *string `json:"id,omitempty"`
}

// Istio ingress gateway configuration. For now, we support up to one external ingress gateway named
// `aks-istio-ingressgateway-external` and one internal ingress gateway named `aks-istio-ingressgateway-internal`.
type IstioIngressGateway_ARM struct {
	// Enabled: Whether to enable the ingress gateway.
	Enabled *bool `json:"enabled,omitempty"`

	// Mode: Mode of an ingress gateway.
	Mode *IstioIngressGateway_Mode `json:"mode,omitempty"`
}