{ "description": "AzureClusterTemplate is the Schema for the azureclustertemplates API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureClusterTemplateSpec defines the desired state of AzureClusterTemplate.", "properties": { "template": { "description": "AzureClusterTemplateResource describes the data needed to create an AzureCluster from a template.", "properties": { "spec": { "description": "AzureClusterTemplateResourceSpec specifies an Azure cluster template resource.", "properties": { "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to Azure resources managed by the Azure provider, in addition to the\nones added by default.", "type": "object" }, "azureEnvironment": { "description": "AzureEnvironment is the name of the AzureCloud to be used.\nThe default value that would be used by most users is \"AzurePublicCloud\", other values are:\n- ChinaCloud: \"AzureChinaCloud\"\n- GermanCloud: \"AzureGermanCloud\"\n- PublicCloud: \"AzurePublicCloud\"\n- USGovernmentCloud: \"AzureUSGovernmentCloud\"\n\n\nNote that values other than the default must also be accompanied by corresponding changes to the\naso-controller-settings Secret to configure ASO to refer to the non-Public cloud. ASO currently does\nnot support referring to multiple different clouds in a single installation. The following fields must\nbe defined in the Secret:\n- AZURE_AUTHORITY_HOST\n- AZURE_RESOURCE_MANAGER_ENDPOINT\n- AZURE_RESOURCE_MANAGER_AUDIENCE\n\n\nSee the [ASO docs] for more details.\n\n\n[ASO docs]: https://azure.github.io/azure-service-operator/guide/aso-controller-settings-options/", "type": "string" }, "bastionSpec": { "description": "BastionSpec encapsulates all things related to the Bastions in the cluster.", "properties": { "azureBastion": { "description": "AzureBastionTemplateSpec specifies a template for an Azure Bastion host.", "properties": { "subnet": { "description": "SubnetTemplateSpec specifies a template for a subnet.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { "description": "NatGateway associated with this subnet.", "properties": { "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "privateEndpoints": { "description": "PrivateEndpoints defines a list of private endpoints that should be attached to this subnet.", "items": { "description": "PrivateEndpointSpec configures an Azure Private Endpoint.", "properties": { "applicationSecurityGroups": { "description": "ApplicationSecurityGroups specifies the Application security group in which the private endpoint IP configuration is included.", "items": { "type": "string" }, "type": "array" }, "customNetworkInterfaceName": { "description": "CustomNetworkInterfaceName specifies the network interface name associated with the private endpoint.", "type": "string" }, "location": { "description": "Location specifies the region to create the private endpoint.", "type": "string" }, "manualApproval": { "description": "ManualApproval specifies if the connection approval needs to be done manually or not.\nSet it true when the network admin does not have access to approve connections to the remote resource.\nDefaults to false.", "type": "boolean" }, "name": { "description": "Name specifies the name of the private endpoint.", "type": "string" }, "privateIPAddresses": { "description": "PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint.\nThey have to be part of the subnet where the private endpoint is linked.", "items": { "type": "string" }, "type": "array" }, "privateLinkServiceConnections": { "description": "PrivateLinkServiceConnections specifies Private Link Service Connections of the private endpoint.", "items": { "description": "PrivateLinkServiceConnection defines the specification for a private link service connection associated with a private endpoint.", "properties": { "groupIDs": { "description": "GroupIDs specifies the ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name specifies the name of the private link service.", "type": "string" }, "privateLinkServiceID": { "description": "PrivateLinkServiceID specifies the resource ID of the private link service.", "type": "string" }, "requestMessage": { "description": "RequestMessage specifies a message passed to the owner of the remote resource with the private endpoint connection request.", "maxLength": 140, "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "role": { "description": "Role defines the subnet role (eg. Node, ControlPlane)", "enum": [ "node", "control-plane", "bastion", "all" ], "type": "string" }, "securityGroup": { "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "properties": { "securityRules": { "description": "SecurityRules is a slice of Azure security rules for security groups.", "items": { "description": "SecurityRule defines an Azure security rule for security groups.", "properties": { "action": { "default": "Allow", "description": "Action specifies whether network traffic is allowed or denied. Can either be \"Allow\" or \"Deny\". Defaults to \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "description": { "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "enum": [ "Inbound", "Outbound" ], "type": "string" }, "name": { "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "format": "int32", "type": "integer" }, "protocol": { "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "enum": [ "Tcp", "Udp", "Icmp", "*" ], "type": "string" }, "source": { "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "sources": { "description": "Sources specifies The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" } }, "required": [ "description", "direction", "name", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags defines a map of tags.", "type": "object" } }, "type": "object", "additionalProperties": false }, "serviceEndpoints": { "description": "ServiceEndpoints is a slice of Virtual Network service endpoints to enable for the subnets.", "items": { "description": "ServiceEndpointSpec configures an Azure Service Endpoint.", "properties": { "locations": { "items": { "type": "string" }, "type": "array" }, "service": { "type": "string" } }, "required": [ "locations", "service" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "service" ], "x-kubernetes-list-type": "map" } }, "required": [ "name", "role" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "cloudProviderConfigOverrides": { "description": "CloudProviderConfigOverrides is an optional set of configuration values that can be overridden in azure cloud provider config.\nThis is only a subset of options that are available in azure cloud provider config.\nSome values for the cloud provider config are inferred from other parts of cluster api provider azure spec, and may not be available for overrides.\nSee: https://cloud-provider-azure.sigs.k8s.io/install/configs\nNote: All cloud provider config values can be customized by creating the secret beforehand. CloudProviderConfigOverrides is only used when the secret is managed by the Azure Provider.", "properties": { "backOffs": { "description": "BackOffConfig indicates the back-off config options.", "properties": { "cloudProviderBackoff": { "type": "boolean" }, "cloudProviderBackoffDuration": { "type": "integer" }, "cloudProviderBackoffExponent": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderBackoffJitter": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderBackoffRetries": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "rateLimits": { "items": { "description": "RateLimitSpec represents the rate limit configuration for a particular kind of resource.\nEg. loadBalancerRateLimit is used to configure rate limits for load balancers.\nThis eventually gets converted to CloudProviderRateLimitConfig that cloud-provider-azure expects.\nSee: https://github.com/kubernetes-sigs/cloud-provider-azure/blob/d585c2031925b39c925624302f22f8856e29e352/pkg/provider/azure_ratelimit.go#L25\nWe cannot use CloudProviderRateLimitConfig directly because floating point values are not supported in controller-tools.\nSee: https://github.com/kubernetes-sigs/controller-tools/issues/245", "properties": { "config": { "description": "RateLimitConfig indicates the rate limit config options.", "properties": { "cloudProviderRateLimit": { "type": "boolean" }, "cloudProviderRateLimitBucket": { "type": "integer" }, "cloudProviderRateLimitBucketWrite": { "type": "integer" }, "cloudProviderRateLimitQPS": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "cloudProviderRateLimitQPSWrite": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name is the name of the rate limit spec.", "enum": [ "defaultRateLimit", "routeRateLimit", "subnetsRateLimit", "interfaceRateLimit", "routeTableRateLimit", "loadBalancerRateLimit", "publicIPAddressRateLimit", "securityGroupRateLimit", "virtualMachineRateLimit", "storageAccountRateLimit", "diskRateLimit", "snapshotRateLimit", "virtualMachineScaleSetRateLimit", "virtualMachineSizesRateLimit", "availabilitySetRateLimit" ], "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "extendedLocation": { "description": "ExtendedLocation is an optional set of ExtendedLocation properties for clusters on Azure public MEC.", "properties": { "name": { "description": "Name defines the name for the extended location.", "type": "string" }, "type": { "description": "Type defines the type for the extended location.", "enum": [ "EdgeZone" ], "type": "string" } }, "required": [ "name", "type" ], "type": "object", "additionalProperties": false }, "failureDomains": { "additionalProperties": { "description": "FailureDomainSpec is the Schema for Cluster API failure domains.\nIt allows controllers to understand how many failure domains a cluster can optionally span across.", "properties": { "attributes": { "additionalProperties": { "type": "string" }, "description": "Attributes is a free form map of attributes an infrastructure provider might use or require.", "type": "object" }, "controlPlane": { "description": "ControlPlane determines if this failure domain is suitable for use by control plane machines.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "description": "FailureDomains is a list of failure domains in the cluster's region, used to restrict\neligibility to host the control plane. A FailureDomain maps to an availability zone,\nwhich is a separated group of datacenters within a region.\nSee: https://learn.microsoft.com/azure/reliability/availability-zones-overview", "type": "object" }, "identityRef": { "description": "IdentityRef is a reference to an AzureIdentity to be used when reconciling this cluster", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "fieldPath": { "description": "If referring to a piece of an object instead of an entire object, this string\nshould contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].\nFor example, if the object reference is to a container within a pod, this would take on a value like:\n\"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered\nthe event) or if no container name is specified \"spec.containers[2]\" (container with\nindex 2 in this pod). This syntax is chosen only to have some well-defined way of\nreferencing a part of an object.\nTODO: this design is not final and this field is subject to change in the future.", "type": "string" }, "kind": { "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "namespace": { "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "string" }, "resourceVersion": { "description": "Specific resourceVersion to which this reference is made, if any.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, "uid": { "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", "type": "string" } }, "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "location": { "type": "string" }, "networkSpec": { "description": "NetworkSpec encapsulates all things related to Azure network.", "properties": { "apiServerLB": { "description": "APIServerLB is the configuration for the control-plane load balancer.", "properties": { "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "controlPlaneOutboundLB": { "description": "ControlPlaneOutboundLB is the configuration for the control-plane outbound load balancer.\nThis is different from APIServerLB, and is used only in private clusters (optionally) for enabling outbound traffic.", "properties": { "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "nodeOutboundLB": { "description": "NodeOutboundLB is the configuration for the node outbound load balancer.", "properties": { "idleTimeoutInMinutes": { "description": "IdleTimeoutInMinutes specifies the timeout for the TCP idle connection.", "format": "int32", "type": "integer" }, "sku": { "description": "SKU defines an Azure load balancer SKU.", "type": "string" }, "type": { "description": "LBType defines an Azure load balancer Type.", "type": "string" } }, "type": "object", "additionalProperties": false }, "privateDNSZoneName": { "description": "PrivateDNSZoneName defines the zone name for the Azure Private DNS.", "type": "string" }, "subnets": { "description": "Subnets is the configuration for the control-plane subnet and the node subnet.", "items": { "description": "SubnetTemplateSpec specifies a template for a subnet.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the subnet's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name defines a name for the subnet resource.", "type": "string" }, "natGateway": { "description": "NatGateway associated with this subnet.", "properties": { "name": { "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "privateEndpoints": { "description": "PrivateEndpoints defines a list of private endpoints that should be attached to this subnet.", "items": { "description": "PrivateEndpointSpec configures an Azure Private Endpoint.", "properties": { "applicationSecurityGroups": { "description": "ApplicationSecurityGroups specifies the Application security group in which the private endpoint IP configuration is included.", "items": { "type": "string" }, "type": "array" }, "customNetworkInterfaceName": { "description": "CustomNetworkInterfaceName specifies the network interface name associated with the private endpoint.", "type": "string" }, "location": { "description": "Location specifies the region to create the private endpoint.", "type": "string" }, "manualApproval": { "description": "ManualApproval specifies if the connection approval needs to be done manually or not.\nSet it true when the network admin does not have access to approve connections to the remote resource.\nDefaults to false.", "type": "boolean" }, "name": { "description": "Name specifies the name of the private endpoint.", "type": "string" }, "privateIPAddresses": { "description": "PrivateIPAddresses specifies the IP addresses for the network interface associated with the private endpoint.\nThey have to be part of the subnet where the private endpoint is linked.", "items": { "type": "string" }, "type": "array" }, "privateLinkServiceConnections": { "description": "PrivateLinkServiceConnections specifies Private Link Service Connections of the private endpoint.", "items": { "description": "PrivateLinkServiceConnection defines the specification for a private link service connection associated with a private endpoint.", "properties": { "groupIDs": { "description": "GroupIDs specifies the ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name specifies the name of the private link service.", "type": "string" }, "privateLinkServiceID": { "description": "PrivateLinkServiceID specifies the resource ID of the private link service.", "type": "string" }, "requestMessage": { "description": "RequestMessage specifies a message passed to the owner of the remote resource with the private endpoint connection request.", "maxLength": 140, "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "role": { "description": "Role defines the subnet role (eg. Node, ControlPlane)", "enum": [ "node", "control-plane", "bastion", "all" ], "type": "string" }, "securityGroup": { "description": "SecurityGroup defines the NSG (network security group) that should be attached to this subnet.", "properties": { "securityRules": { "description": "SecurityRules is a slice of Azure security rules for security groups.", "items": { "description": "SecurityRule defines an Azure security rule for security groups.", "properties": { "action": { "default": "Allow", "description": "Action specifies whether network traffic is allowed or denied. Can either be \"Allow\" or \"Deny\". Defaults to \"Allow\".", "enum": [ "Allow", "Deny" ], "type": "string" }, "description": { "description": "A description for this rule. Restricted to 140 chars.", "type": "string" }, "destination": { "description": "Destination is the destination address prefix. CIDR or destination IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.", "type": "string" }, "destinationPorts": { "description": "DestinationPorts specifies the destination port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "direction": { "description": "Direction indicates whether the rule applies to inbound, or outbound traffic. \"Inbound\" or \"Outbound\".", "enum": [ "Inbound", "Outbound" ], "type": "string" }, "name": { "description": "Name is a unique name within the network security group.", "type": "string" }, "priority": { "description": "Priority is a number between 100 and 4096. Each rule should have a unique value for priority. Rules are processed in priority order, with lower numbers processed before higher numbers. Once traffic matches a rule, processing stops.", "format": "int32", "type": "integer" }, "protocol": { "description": "Protocol specifies the protocol type. \"Tcp\", \"Udp\", \"Icmp\", or \"*\".", "enum": [ "Tcp", "Udp", "Icmp", "*" ], "type": "string" }, "source": { "description": "Source specifies the CIDR or source IP range. Asterix '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.", "type": "string" }, "sourcePorts": { "description": "SourcePorts specifies source port or range. Integer or range between 0 and 65535. Asterix '*' can also be used to match all ports.", "type": "string" }, "sources": { "description": "Sources specifies The CIDR or source IP ranges.", "items": { "type": "string" }, "type": "array" } }, "required": [ "description", "direction", "name", "protocol" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags defines a map of tags.", "type": "object" } }, "type": "object", "additionalProperties": false }, "serviceEndpoints": { "description": "ServiceEndpoints is a slice of Virtual Network service endpoints to enable for the subnets.", "items": { "description": "ServiceEndpointSpec configures an Azure Service Endpoint.", "properties": { "locations": { "items": { "type": "string" }, "type": "array" }, "service": { "type": "string" } }, "required": [ "locations", "service" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "service" ], "x-kubernetes-list-type": "map" } }, "required": [ "name", "role" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "vnet": { "description": "Vnet is the configuration for the Azure virtual network.", "properties": { "cidrBlocks": { "description": "CIDRBlocks defines the virtual network's address space, specified as one or more address prefixes in CIDR notation.", "items": { "type": "string" }, "type": "array" }, "peerings": { "description": "Peerings defines a list of peerings of the newly created virtual network with existing virtual networks.", "items": { "description": "VnetPeeringClassSpec specifies a virtual network peering class.", "properties": { "forwardPeeringProperties": { "description": "ForwardPeeringProperties specifies VnetPeeringProperties for peering from the cluster's virtual network to the\nremote virtual network.", "properties": { "allowForwardedTraffic": { "description": "AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be\nallowed/disallowed in remote virtual network.", "type": "boolean" }, "allowGatewayTransit": { "description": "AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual\nnetwork.", "type": "boolean" }, "allowVirtualNetworkAccess": { "description": "AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access\nthe VMs in remote virtual network space.", "type": "boolean" }, "useRemoteGateways": { "description": "UseRemoteGateways specifies if remote gateways can be used on this virtual network.\nIf the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network\nwill use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true.\nThis flag cannot be set if virtual network already has a gateway.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "remoteVnetName": { "description": "RemoteVnetName defines name of the remote virtual network.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup is the resource group name of the remote virtual network.", "type": "string" }, "reversePeeringProperties": { "description": "ReversePeeringProperties specifies VnetPeeringProperties for peering from the remote virtual network to the\ncluster's virtual network.", "properties": { "allowForwardedTraffic": { "description": "AllowForwardedTraffic specifies whether the forwarded traffic from the VMs in the local virtual network will be\nallowed/disallowed in remote virtual network.", "type": "boolean" }, "allowGatewayTransit": { "description": "AllowGatewayTransit specifies if gateway links can be used in remote virtual networking to link to this virtual\nnetwork.", "type": "boolean" }, "allowVirtualNetworkAccess": { "description": "AllowVirtualNetworkAccess specifies whether the VMs in the local virtual network space would be able to access\nthe VMs in remote virtual network space.", "type": "boolean" }, "useRemoteGateways": { "description": "UseRemoteGateways specifies if remote gateways can be used on this virtual network.\nIf the flag is set to true, and allowGatewayTransit on remote peering is also set to true, the virtual network\nwill use the gateways of the remote virtual network for transit. Only one peering can have this flag set to true.\nThis flag cannot be set if virtual network already has a gateway.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "required": [ "remoteVnetName" ], "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "subscriptionID": { "type": "string" } }, "required": [ "location" ], "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object", "additionalProperties": false } }, "required": [ "template" ], "type": "object", "additionalProperties": false } }, "type": "object" }