{ "description": "AzureMachineTemplate is the Schema for the azuremachinetemplates API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AzureMachineTemplateSpec defines the desired state of AzureMachineTemplate.", "properties": { "template": { "description": "AzureMachineTemplateResource describes the data needed to create an AzureMachine from a template.", "properties": { "metadata": { "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects\nusers must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`,\nwhich are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases\nand read-only fields which end up in the generated CRD validation, having it as a subset simplifies\nthe API and some issues that can impact user experience.\n\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054)\nfor v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs,\nspecifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`.\nThe investigation showed that `controller-tools@v2` behaves differently than its previous version\nwhen handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta`\nhad validation properties, including for `creationTimestamp` (metav1.Time).\nThe `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null`\nwhich breaks validation because the field isn't marked as nullable.\n\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded\ntypes. When that happens, this hack should be revisited.", "properties": { "annotations": { "additionalProperties": { "type": "string" }, "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" } }, "type": "object", "additionalProperties": false }, "spec": { "description": "Spec is the specification of the desired behavior of the machine.", "properties": { "acceleratedNetworking": { "description": "Deprecated: AcceleratedNetworking should be set in the networkInterfaces field.", "type": "boolean" }, "additionalCapabilities": { "description": "AdditionalCapabilities specifies additional capabilities enabled or disabled on the virtual machine.", "properties": { "ultraSSDEnabled": { "description": "UltraSSDEnabled enables or disables Azure UltraSSD capability for the virtual machine.\nDefaults to true if Ultra SSD data disks are specified,\notherwise it doesn't set the capability on the VM.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the\nAzure provider. If both the AzureCluster and the AzureMachine specify the same tag name with different values, the\nAzureMachine's value takes precedence.", "type": "object" }, "allocatePublicIP": { "description": "AllocatePublicIP allows the ability to create dynamic public ips for machines where this value is true.", "type": "boolean" }, "capacityReservationGroupID": { "description": "CapacityReservationGroupID specifies the capacity reservation group resource id that should be\nused for allocating the virtual machine.\nThe field size should be greater than 0 and the field input must start with '/'.\nThe input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'.\nThe keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.\nIt is optional but may not be changed once set.", "type": "string" }, "dataDisks": { "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine", "items": { "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "properties": { "cachingType": { "description": "CachingType specifies the caching requirements.", "enum": [ "None", "ReadOnly", "ReadWrite" ], "type": "string" }, "diskSizeGB": { "description": "DiskSizeGB is the size in GB to assign to the data disk.", "format": "int32", "type": "integer" }, "lun": { "description": "Lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM.\nThe value must be between 0 and 63.", "format": "int32", "type": "integer" }, "managedDisk": { "description": "ManagedDisk specifies the Managed Disk parameters for the data disk.", "properties": { "diskEncryptionSet": { "description": "DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the managed disk.", "properties": { "id": { "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, "type": "object", "additionalProperties": false }, "securityProfile": { "description": "SecurityProfile specifies the security profile for the managed disk.", "properties": { "diskEncryptionSet": { "description": "DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the\nmanaged disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and\nVMGuest blob.", "properties": { "id": { "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, "type": "object", "additionalProperties": false }, "securityEncryptionType": { "description": "SecurityEncryptionType specifies the encryption type of the managed disk.\nIt is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState\nblob, and to VMGuestStateOnly to encrypt the VMGuestState blob only.\nWhen set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled.\nWhen set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and\nVirtualizedTrustedPlatformModule should be set to Enabled.\nIt can be set only for Confidential VMs.", "enum": [ "VMGuestStateOnly", "DiskWithVMGuestState" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "storageAccountType": { "type": "string" } }, "type": "object", "additionalProperties": false }, "nameSuffix": { "description": "NameSuffix is the suffix to be appended to the machine name to generate the disk name.\nEach disk name will be in format _.", "type": "string" } }, "required": [ "diskSizeGB", "nameSuffix" ], "type": "object", "additionalProperties": false }, "type": "array" }, "diagnostics": { "description": "Diagnostics specifies the diagnostics settings for a virtual machine.\nIf not specified then Boot diagnostics (Managed) will be enabled.", "properties": { "boot": { "description": "Boot configures the boot diagnostics settings for the virtual machine.\nThis allows to configure capturing serial output from the virtual machine on boot.\nThis is useful for debugging software based launch issues.\nIf not specified then Boot diagnostics (Managed) will be enabled.", "properties": { "storageAccountType": { "description": "StorageAccountType determines if the storage account for storing the diagnostics data\nshould be disabled (Disabled), provisioned by Azure (Managed) or by the user (UserManaged).", "enum": [ "Managed", "UserManaged", "Disabled" ], "type": "string" }, "userManaged": { "description": "UserManaged provides a reference to the user-managed storage account.", "properties": { "storageAccountURI": { "description": "StorageAccountURI is the URI of the user-managed storage account.\nThe URI typically will be `https://.blob.core.windows.net/`\nbut may differ if you are using Azure DNS zone endpoints.\nYou can find the correct endpoint by looking for the Blob Primary Endpoint in the\nendpoints tab in the Azure console or with the CLI by issuing\n`az storage account list --query='[].{name: name, \"resource group\": resourceGroup, \"blob endpoint\": primaryEndpoints.blob}'`.", "maxLength": 1024, "pattern": "^https://", "type": "string" } }, "required": [ "storageAccountURI" ], "type": "object", "additionalProperties": false } }, "required": [ "storageAccountType" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "disableExtensionOperations": { "description": "DisableExtensionOperations specifies whether extension operations should be disabled on the virtual machine.\nUse this setting only if VMExtensions are not supported by your image, as it disables CAPZ bootstrapping extension used for detecting Kubernetes bootstrap failure.\nThis may only be set to True when no extensions are configured on the virtual machine.", "type": "boolean" }, "dnsServers": { "description": "DNSServers adds a list of DNS Server IP addresses to the VM NICs.", "items": { "type": "string" }, "type": "array" }, "enableIPForwarding": { "description": "EnableIPForwarding enables IP Forwarding in Azure which is required for some CNI's to send traffic from a pods on one machine\nto another. This is required for IpV6 with Calico in combination with User Defined Routes (set by the Azure Cloud Controller\nmanager). Default is false for disabled.", "type": "boolean" }, "failureDomain": { "description": "FailureDomain is the failure domain unique identifier this Machine should be attached to,\nas defined in Cluster API. This relates to an Azure Availability Zone", "type": "string" }, "identity": { "default": "None", "description": "Identity is the type of identity used for the virtual machine.\nThe type 'SystemAssigned' is an implicitly created identity.\nThe generated identity will be assigned a Subscription contributor role.\nThe type 'UserAssigned' is a standalone Azure resource provided by the user\nand assigned to the VM", "enum": [ "None", "SystemAssigned", "UserAssigned" ], "type": "string" }, "image": { "description": "Image is used to provide details of an image to use during VM creation.\nIf image details are omitted the image will default the Azure Marketplace \"capi\" offer,\nwhich is based on Ubuntu.", "properties": { "computeGallery": { "description": "ComputeGallery specifies an image to use from the Azure Compute Gallery", "properties": { "gallery": { "description": "Gallery specifies the name of the compute image gallery that contains the image", "minLength": 1, "type": "string" }, "name": { "description": "Name is the name of the image", "minLength": 1, "type": "string" }, "plan": { "description": "Plan contains plan information.", "properties": { "offer": { "description": "Offer specifies the name of a group of related images created by the publisher.\nFor example, UbuntuServer, WindowsServer", "minLength": 1, "type": "string" }, "publisher": { "description": "Publisher is the name of the organization that created the image", "minLength": 1, "type": "string" }, "sku": { "description": "SKU specifies an instance of an offer, such as a major release of a distribution.\nFor example, 18.04-LTS, 2019-Datacenter", "minLength": 1, "type": "string" } }, "required": [ "offer", "publisher", "sku" ], "type": "object", "additionalProperties": false }, "resourceGroup": { "description": "ResourceGroup specifies the resource group containing the private compute gallery.", "type": "string" }, "subscriptionID": { "description": "SubscriptionID is the identifier of the subscription that contains the private compute gallery.", "type": "string" }, "version": { "description": "Version specifies the version of the marketplace image. The allowed formats\nare Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers.\nSpecify 'latest' to use the latest version of an image available at deploy time.\nEven if you use 'latest', the VM image will not automatically update after deploy\ntime even if a new version becomes available.", "minLength": 1, "type": "string" } }, "required": [ "gallery", "name", "version" ], "type": "object", "additionalProperties": false }, "id": { "description": "ID specifies an image to use by ID", "type": "string" }, "marketplace": { "description": "Marketplace specifies an image to use from the Azure Marketplace", "properties": { "offer": { "description": "Offer specifies the name of a group of related images created by the publisher.\nFor example, UbuntuServer, WindowsServer", "minLength": 1, "type": "string" }, "publisher": { "description": "Publisher is the name of the organization that created the image", "minLength": 1, "type": "string" }, "sku": { "description": "SKU specifies an instance of an offer, such as a major release of a distribution.\nFor example, 18.04-LTS, 2019-Datacenter", "minLength": 1, "type": "string" }, "thirdPartyImage": { "default": false, "description": "ThirdPartyImage indicates the image is published by a third party publisher and a Plan\nwill be generated for it.", "type": "boolean" }, "version": { "description": "Version specifies the version of an image sku. The allowed formats\nare Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers.\nSpecify 'latest' to use the latest version of an image available at deploy time.\nEven if you use 'latest', the VM image will not automatically update after deploy\ntime even if a new version becomes available.", "minLength": 1, "type": "string" } }, "required": [ "offer", "publisher", "sku", "version" ], "type": "object", "additionalProperties": false }, "sharedGallery": { "description": "SharedGallery specifies an image to use from an Azure Shared Image Gallery\nDeprecated: use ComputeGallery instead.", "properties": { "gallery": { "description": "Gallery specifies the name of the shared image gallery that contains the image", "minLength": 1, "type": "string" }, "name": { "description": "Name is the name of the image", "minLength": 1, "type": "string" }, "offer": { "description": "Offer specifies the name of a group of related images created by the publisher.\nFor example, UbuntuServer, WindowsServer\nThis value will be used to add a `Plan` in the API request when creating the VM/VMSS resource.\nThis is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "publisher": { "description": "Publisher is the name of the organization that created the image.\nThis value will be used to add a `Plan` in the API request when creating the VM/VMSS resource.\nThis is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "resourceGroup": { "description": "ResourceGroup specifies the resource group containing the shared image gallery", "minLength": 1, "type": "string" }, "sku": { "description": "SKU specifies an instance of an offer, such as a major release of a distribution.\nFor example, 18.04-LTS, 2019-Datacenter\nThis value will be used to add a `Plan` in the API request when creating the VM/VMSS resource.\nThis is needed when the source image from which this SIG image was built requires the `Plan` to be used.", "type": "string" }, "subscriptionID": { "description": "SubscriptionID is the identifier of the subscription that contains the shared image gallery", "minLength": 1, "type": "string" }, "version": { "description": "Version specifies the version of the marketplace image. The allowed formats\nare Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers.\nSpecify 'latest' to use the latest version of an image available at deploy time.\nEven if you use 'latest', the VM image will not automatically update after deploy\ntime even if a new version becomes available.", "minLength": 1, "type": "string" } }, "required": [ "gallery", "name", "resourceGroup", "subscriptionID", "version" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "networkInterfaces": { "description": "NetworkInterfaces specifies a list of network interface configurations.\nIf left unspecified, the VM will get a single network interface with a\nsingle IPConfig in the subnet specified in the cluster's node subnet field.\nThe primary interface will be the first networkInterface specified (index 0) in the list.", "items": { "description": "NetworkInterface defines a network interface.", "properties": { "acceleratedNetworking": { "description": "AcceleratedNetworking enables or disables Azure accelerated networking. If omitted, it will be set based on\nwhether the requested VMSize supports accelerated networking.\nIf AcceleratedNetworking is set to true with a VMSize that does not support it, Azure will return an error.", "type": "boolean" }, "privateIPConfigs": { "description": "PrivateIPConfigs specifies the number of private IP addresses to attach to the interface.\nDefaults to 1 if not specified.", "type": "integer" }, "subnetName": { "description": "SubnetName specifies the subnet in which the new network interface will be placed.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "osDisk": { "description": "OSDisk specifies the parameters for the operating system disk of the machine", "properties": { "cachingType": { "description": "CachingType specifies the caching requirements.", "enum": [ "None", "ReadOnly", "ReadWrite" ], "type": "string" }, "diffDiskSettings": { "description": "DiffDiskSettings describe ephemeral disk settings for the os disk.", "properties": { "option": { "description": "Option enables ephemeral OS when set to \"Local\"\nSee https://learn.microsoft.com/azure/virtual-machines/ephemeral-os-disks for full details", "enum": [ "Local" ], "type": "string" }, "placement": { "description": "Placement specifies the ephemeral disk placement for operating system disk. If placement is specified, Option must be set to \"Local\".", "enum": [ "CacheDisk", "NvmeDisk", "ResourceDisk" ], "type": "string" } }, "required": [ "option" ], "type": "object", "additionalProperties": false }, "diskSizeGB": { "description": "DiskSizeGB is the size in GB to assign to the OS disk.\nWill have a default of 30GB if not provided", "format": "int32", "type": "integer" }, "managedDisk": { "description": "ManagedDisk specifies the Managed Disk parameters for the OS disk.", "properties": { "diskEncryptionSet": { "description": "DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the managed disk.", "properties": { "id": { "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, "type": "object", "additionalProperties": false }, "securityProfile": { "description": "SecurityProfile specifies the security profile for the managed disk.", "properties": { "diskEncryptionSet": { "description": "DiskEncryptionSet specifies the customer-managed disk encryption set resource id for the\nmanaged disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and\nVMGuest blob.", "properties": { "id": { "description": "ID defines resourceID for diskEncryptionSet resource. It must be in the same subscription", "type": "string" } }, "type": "object", "additionalProperties": false }, "securityEncryptionType": { "description": "SecurityEncryptionType specifies the encryption type of the managed disk.\nIt is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState\nblob, and to VMGuestStateOnly to encrypt the VMGuestState blob only.\nWhen set to VMGuestStateOnly, VirtualizedTrustedPlatformModule should be set to Enabled.\nWhen set to DiskWithVMGuestState, EncryptionAtHost should be disabled, SecureBoot and\nVirtualizedTrustedPlatformModule should be set to Enabled.\nIt can be set only for Confidential VMs.", "enum": [ "VMGuestStateOnly", "DiskWithVMGuestState" ], "type": "string" } }, "type": "object", "additionalProperties": false }, "storageAccountType": { "type": "string" } }, "type": "object", "additionalProperties": false }, "osType": { "type": "string" } }, "required": [ "osType" ], "type": "object", "additionalProperties": false }, "providerID": { "description": "ProviderID is the unique identifier as specified by the cloud provider.", "type": "string" }, "roleAssignmentName": { "description": "Deprecated: RoleAssignmentName should be set in the systemAssignedIdentityRole field.", "type": "string" }, "securityProfile": { "description": "SecurityProfile specifies the Security profile settings for a virtual machine.", "properties": { "encryptionAtHost": { "description": "This field indicates whether Host Encryption should be enabled\nor disabled for a virtual machine or virtual machine scale set.\nThis should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState.\nDefault is disabled.", "type": "boolean" }, "securityType": { "description": "SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to\nenable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set.", "enum": [ "ConfidentialVM", "TrustedLaunch" ], "type": "string" }, "uefiSettings": { "description": "UefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "properties": { "secureBootEnabled": { "description": "SecureBootEnabled specifies whether secure boot should be enabled on the virtual machine.\nSecure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is false.", "type": "boolean" }, "vTpmEnabled": { "description": "VTpmEnabled specifies whether vTPM should be enabled on the virtual machine.\nWhen true it enables the virtualized trusted platform module measurements to create a known good boot integrity policy baseline.\nThe integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.\nThis is required to be set to Enabled if SecurityEncryptionType is defined.\nIf omitted, the platform chooses a default, which is subject to change over time, currently that default is false.", "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "spotVMOptions": { "description": "SpotVMOptions allows the ability to specify the Machine should use a Spot VM", "properties": { "evictionPolicy": { "description": "EvictionPolicy defines the behavior of the virtual machine when it is evicted. It can be either Delete or Deallocate.", "enum": [ "Deallocate", "Delete" ], "type": "string" }, "maxPrice": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "MaxPrice defines the maximum price the user is willing to pay for Spot VM instances", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "type": "object", "additionalProperties": false }, "sshPublicKey": { "description": "SSHPublicKey is the SSH public key string, base64-encoded to add to a Virtual Machine. Linux only.\nRefer to documentation on how to set up SSH access on Windows instances.", "type": "string" }, "subnetName": { "description": "Deprecated: SubnetName should be set in the networkInterfaces field.", "type": "string" }, "systemAssignedIdentityRole": { "description": "SystemAssignedIdentityRole defines the role and scope to assign to the system-assigned identity.", "properties": { "definitionID": { "description": "DefinitionID is the ID of the role definition to create for a system assigned identity. It can be an Azure built-in role or a custom role.\nRefer to built-in roles: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles", "type": "string" }, "name": { "description": "Name is the name of the role assignment to create for a system assigned identity. It can be any valid UUID.\nIf not specified, a random UUID will be generated.", "type": "string" }, "scope": { "description": "Scope is the scope that the role assignment or definition applies to. The scope can be any REST resource instance.\nIf not specified, the scope will be the subscription.", "type": "string" } }, "type": "object", "additionalProperties": false }, "userAssignedIdentities": { "description": "UserAssignedIdentities is a list of standalone Azure identities provided by the user\nThe lifecycle of a user-assigned identity is managed separately from the lifecycle of\nthe AzureMachine.\nSee https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-cli", "items": { "description": "UserAssignedIdentity defines the user-assigned identities provided\nby the user to be assigned to Azure resources.", "properties": { "providerID": { "description": "ProviderID is the identification ID of the user-assigned Identity, the format of an identity is:\n'azure:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'", "type": "string" } }, "required": [ "providerID" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vmExtensions": { "description": "VMExtensions specifies a list of extensions to be added to the virtual machine.", "items": { "description": "VMExtension specifies the parameters for a custom VM extension.", "properties": { "name": { "description": "Name is the name of the extension.", "type": "string" }, "protectedSettings": { "additionalProperties": { "type": "string" }, "description": "ProtectedSettings is a JSON formatted protected settings for the extension.", "type": "object" }, "publisher": { "description": "Publisher is the name of the extension handler publisher.", "type": "string" }, "settings": { "additionalProperties": { "type": "string" }, "description": "Settings is a JSON formatted public settings for the extension.", "type": "object" }, "version": { "description": "Version specifies the version of the script handler.", "type": "string" } }, "required": [ "name", "publisher", "version" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vmSize": { "type": "string" } }, "required": [ "osDisk", "vmSize" ], "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object", "additionalProperties": false } }, "required": [ "template" ], "type": "object", "additionalProperties": false } }, "type": "object" }