diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_ManagedNATGateway.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_ManagedNATGateway.json new file mode 100644 index 000000000000..273c3967f0c5 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_ManagedNATGateway.json @@ -0,0 +1,231 @@ +{ + "parameters": { + "api-version": "2021-07-01", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "parameters": { + "location": "location1", + "tags": { + "tier": "production", + "archv2": "" + }, + "sku": { + "name": "Basic", + "tier": "Free" + }, + "properties": { + "kubernetesVersion": "", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "osType": "Linux", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "networkProfile": { + "loadBalancerSku": "standard", + "outboundType": "managedNATGateway", + "natGatewayProfile": { + "managedOutboundIPProfile": { + "count": 2 + } + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + }, + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacePassword1234$" + }, + "servicePrincipalProfile": { + "clientId": "clientid", + "secret": "secret" + }, + "addonProfiles": {}, + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Succeeded", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Succeeded", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System", + "nodeImageVersion": "AKSUbuntu:1604:2020.03.11" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io", + "networkProfile": { + "loadBalancerSku": "basic", + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "outboundType": "managedNATGateway", + "natGatewayProfile": { + "idleTimeoutInMinutes": 4, + "managedOutboundIPProfile": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Creating", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Creating", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "networkProfile": { + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "loadBalancerSku": "standard", + "outboundType": "managedNATGateway", + "natGatewayProfile": { + "idleTimeoutInMinutes": 4, + "managedOutboundIPProfile": { + "count": 2 + }, + "effectiveOutboundIPs": [ + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip1" + }, + { + "id": "/subscriptions/subid1/resourceGroups/MC_rg1/providers/Microsoft.Network/publicIPAddresses/mgdoutboundip2" + } + ] + } + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json new file mode 100644 index 000000000000..98c7777dcc27 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/examples/ManagedClustersCreate_UserAssignedNATGateway.json @@ -0,0 +1,198 @@ +{ + "parameters": { + "api-version": "2021-07-01", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "parameters": { + "location": "location1", + "tags": { + "tier": "production", + "archv2": "" + }, + "sku": { + "name": "Basic", + "tier": "Free" + }, + "properties": { + "kubernetesVersion": "", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "osType": "Linux", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "networkProfile": { + "loadBalancerSku": "standard", + "outboundType": "userAssignedNATGateway" + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + }, + "windowsProfile": { + "adminUsername": "azureuser", + "adminPassword": "replacePassword1234$" + }, + "servicePrincipalProfile": { + "clientId": "clientid", + "secret": "secret" + }, + "addonProfiles": {}, + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Succeeded", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Succeeded", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System", + "nodeImageVersion": "AKSUbuntu:1604:2020.03.11" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "fqdn": "dnsprefix1-abcd1234.hcp.eastus.azmk8s.io", + "networkProfile": { + "loadBalancerSku": "basic", + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "outboundType": "userAssignedNATGateway" + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + }, + "201": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1", + "location": "location1", + "name": "clustername1", + "tags": { + "archv2": "", + "tier": "production" + }, + "type": "Microsoft.ContainerService/ManagedClusters", + "properties": { + "provisioningState": "Creating", + "maxAgentPools": 1, + "kubernetesVersion": "1.9.6", + "dnsPrefix": "dnsprefix1", + "agentPoolProfiles": [ + { + "name": "nodepool1", + "count": 3, + "vmSize": "Standard_DS2_v2", + "maxPods": 110, + "osType": "Linux", + "provisioningState": "Creating", + "orchestratorVersion": "1.9.6", + "type": "VirtualMachineScaleSets", + "enableNodePublicIP": false, + "mode": "System" + } + ], + "linuxProfile": { + "adminUsername": "azureuser", + "ssh": { + "publicKeys": [ + { + "keyData": "keydata" + } + ] + } + }, + "windowsProfile": { + "adminUsername": "azureuser" + }, + "servicePrincipalProfile": { + "clientId": "clientid" + }, + "nodeResourceGroup": "MC_rg1_clustername1_location1", + "enableRBAC": true, + "diskEncryptionSetID": "/subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.Compute/diskEncryptionSets/des", + "enablePodSecurityPolicy": true, + "networkProfile": { + "networkPlugin": "kubenet", + "podCidr": "10.244.0.0/16", + "serviceCidr": "10.0.0.0/16", + "dnsServiceIP": "10.0.0.10", + "dockerBridgeCidr": "172.17.0.1/16", + "loadBalancerSku": "standard", + "outboundType": "userAssignedNATGateway" + }, + "autoScalerProfile": { + "scan-interval": "20s", + "scale-down-delay-after-add": "15m" + } + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/managedClusters.json index 45f11a2cd533..39c1dbd6dd36 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/stable/2021-07-01/managedClusters.json @@ -552,6 +552,12 @@ }, "Create Managed Cluster with Security Profile configured": { "$ref": "./examples/ManagedClustersCreate_SecurityProfile.json" + }, + "Create Managed Cluster with AKS-managed NAT gateway as outbound type": { + "$ref": "./examples/ManagedClustersCreate_ManagedNATGateway.json" + }, + "Create Managed Cluster with user-assigned NAT gateway as outbound type": { + "$ref": "./examples/ManagedClustersCreate_UserAssignedNATGateway.json" } } }, @@ -2755,7 +2761,9 @@ "type": "string", "enum": [ "loadBalancer", - "userDefinedRouting" + "userDefinedRouting", + "managedNATGateway", + "userAssignedNATGateway" ], "x-ms-enum": { "name": "outboundType", @@ -2768,6 +2776,14 @@ { "value": "userDefinedRouting", "description": "Egress paths must be defined by the user. This is an advanced scenario and requires proper network configuration. For more information see [outbound type userDefinedRouting](https://docs.microsoft.com/azure/aks/egress-outboundtype#outbound-type-of-userdefinedrouting)." + }, + { + "value": "managedNATGateway", + "description": "The AKS-managed NAT gateway is used for egress." + }, + { + "value": "userAssignedNATGateway", + "description": "The user-assigned NAT gateway associated to the cluster subnet is used for egress. This is an advanced scenario and requires proper network configuration." } ] }, @@ -2801,6 +2817,10 @@ "loadBalancerProfile": { "$ref": "#/definitions/ManagedClusterLoadBalancerProfile", "description": "Profile of the cluster load balancer." + }, + "natGatewayProfile": { + "$ref": "#/definitions/ManagedClusterNATGatewayProfile", + "description": "Profile of the cluster NAT gateway." } }, "description": "Profile of network configuration." @@ -3046,6 +3066,45 @@ }, "description": "The results of a run command" }, + "ManagedClusterNATGatewayProfile": { + "type": "object", + "properties": { + "managedOutboundIPProfile": { + "$ref": "#/definitions/ManagedClusterManagedOutboundIPProfile", + "description": "Profile of the managed outbound IP resources of the cluster NAT gateway." + }, + "effectiveOutboundIPs": { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceReference" + }, + "description": "The effective outbound IP resources of the cluster NAT gateway." + }, + "idleTimeoutInMinutes": { + "type": "integer", + "format": "int32", + "maximum": 120, + "minimum": 4, + "description": "Desired outbound flow idle timeout in minutes. Allowed values are in the range of 4 to 120 (inclusive). The default value is 4 minutes.", + "default": 4 + } + }, + "description": "Profile of the managed cluster NAT gateway." + }, + "ManagedClusterManagedOutboundIPProfile": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "format": "int32", + "maximum": 16, + "minimum": 1, + "description": "The desired number of outbound IPs created/managed by Azure. Allowed values must be in the range of 1 to 16 (inclusive). The default value is 1. ", + "default": 1 + } + }, + "description": "Profile of the managed outbound IP resources of the managed cluster." + }, "ManagedClusterLoadBalancerProfile": { "properties": { "managedOutboundIPs": {