diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/examples/ManagedClusterCreate_CustomCATrustCertificates.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/examples/ManagedClusterCreate_CustomCATrustCertificates.json new file mode 100644 index 000000000000..fa939defa3df --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/examples/ManagedClusterCreate_CustomCATrustCertificates.json @@ -0,0 +1,266 @@ +{ + "parameters": { + "api-version": "2025-01-01", + "subscriptionId": "00000000-0000-0000-0000-000000000000", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "parameters": { + "location": "location1", + "tags": { + "tier": "production", + "archv2": "" + }, + "sku": { + "name": "Basic", + "tier": "Free" + }, + "properties": { + "kubernetesVersion": "", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "osType": "Linux", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": true, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "networkProfile": { + "loadBalancerSku": "standard", + "outboundType": "loadBalancer", + "loadBalancerProfile": { + "managedOutboundIPs": { + "count": 2 + } + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + }, + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacePassword1234$" + }, + "servicePrincipalProfile": { + "clientId": "clientid", + "secret": "secret" + }, + "securityProfile": { + "customCATrustCertificates": [ + "ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=" + ] + }, + "addonProfiles": {}, + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Succeeded", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Succeeded", + "orchestratorVersion": "1.9.6", + "currentOrchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": true, + "mode": "System", + "nodeImageVersion": "AKSUbuntu:1604:2020.03.11" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "securityProfile": { + "customCATrustCertificates": [ + "ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=" + ] + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io", + "networkProfile": { + "loadBalancerSku": "basic", + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "outboundType": "loadBalancer", + "podCidrs": [ + "10.244.0.0/16" + ], + "serviceCidrs": [ + "10.0.0.0/16" + ], + "ipFamilies": [ + "IPv4" + ], + "loadBalancerProfile": { + "allocatedOutboundPorts": 2000, + "idleTimeoutInMinutes": 10, + "managedOutboundIPs": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Creating", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Creating", + "orchestratorVersion": "1.9.6", + "currentOrchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": true, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "securityProfile": { + "customCATrustCertificates": [ + "ZHVtbXlFeGFtcGxlVGVzdFZhbHVlRm9yQ2VydGlmaWNhdGVUb0JlQWRkZWQ=" + ] + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "networkProfile": { + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "loadBalancerSku": "standard", + "outboundType": "loadBalancer", + "podCidrs": [ + "10.244.0.0/16" + ], + "serviceCidrs": [ + "10.0.0.0/16" + ], + "ipFamilies": [ + "IPv4" + ], + "loadBalancerProfile": { + "allocatedOutboundPorts": 2000, + "idleTimeoutInMinutes": 10, + "managedOutboundIPs": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/managedClusters.json index 131abc6dacee..1d8debf0b3f5 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2025-01-01/managedClusters.json @@ -6823,6 +6823,10 @@ "imageCleaner": { "$ref": "#/definitions/ManagedClusterSecurityProfileImageCleaner", "description": "Image Cleaner settings for the security profile." + }, + "customCATrustCertificates": { + "$ref": "#/definitions/ManagedClusterSecurityProfileCustomCATrustCertificates", + "description": "A list of up to 10 base64 encoded CAs that will be added to the trust store on all nodes in the cluster. For more information see [Custom CA Trust Certificates](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority)." } }, "description": "Security profile for the container service cluster." @@ -6946,6 +6950,17 @@ }, "description": "Microsoft Defender settings for the security profile threat detection." }, + "ManagedClusterSecurityProfileCustomCATrustCertificates": { + "type": "array", + "items": { + "type": "string", + "format": "byte" + }, + "minItems": 0, + "maxItems": 10, + "title": "The list of base64 encoded certificate strings that will be added to the node trust store. At most 10 certificates can be provided.", + "description": "Certificates will be added to trust stores of all the nodes in the cluster. If updated, the new list of certificates will be installed in the trust store in place of the old certificates. For node pools of VMSS type, updating the value of this field will result in nodes being reimaged." + }, "ManagedClusterStorageProfileDiskCSIDriver": { "type": "object", "properties": {