Documentation
¶
Overview ¶
Package azure contains Azure-specific structures for installer configuration and management. +k8s:deepcopy-gen=package
Index ¶
- Constants
- func GetStorageAccountName(infraID string) string
- type BootDiagnostics
- type CloudEnvironment
- type ConfidentialVM
- type CustomerManagedKey
- type DiskEncryptionSet
- type ImagePurchasePlan
- type KeyVault
- type MachinePool
- type Metadata
- type OSDisk
- type OSImage
- type OutboundType
- type Platform
- func (p *Platform) ClusterResourceGroupName(infraID string) string
- func (p *Platform) ComputeSubnetName(infraID string) string
- func (p *Platform) ControlPlaneSubnetName(infraID string) string
- func (in *Platform) DeepCopy() *Platform
- func (in *Platform) DeepCopyInto(out *Platform)
- func (p *Platform) NetworkSecurityGroupName(infraID string) string
- func (p *Platform) SetBaseDomain(baseDomainID string) error
- func (p *Platform) VirtualNetworkName(infraID string) string
- type SecurityEncryptionTypes
- type SecuritySettings
- type SecurityTypes
- type SubnetSpec
- type TrustedLaunch
- type UEFISettings
- type UserAssignedIdentity
- type VMDiskSecurityProfile
- type VMIdentity
- type VMNetworkingCapability
Constants ¶
const ( TagMetadataRegion = "openshift_region" TagMetadataBaseDomainRG = "openshift_basedomainRG" TagMetadataNetworkRG = "openshift_networkRG" )
Keys used to save Metadata information as tags.
const DefaultDiskType string = "Premium_LRS"
DefaultDiskType holds the default Azure disk type used by the VMs.
const Name string = "azure"
Name is the name for the Azure platform.
const StackTerraformName string = "azurestack"
StackTerraformName is the name used for Terraform code when installing to the Azure Stack platform.
Variables ¶
This section is empty.
Functions ¶
func GetStorageAccountName ¶
GetStorageAccountName takes an infraID and generates a storage account name, which can't be more than 24 characters.
Types ¶
type BootDiagnostics ¶
type BootDiagnostics struct {
// Type specifies the boot diagnostics type for the machines created.
// Defaults as disabled for compute nodes and as managed for control plane
// nodes.
// Values allowed are Disabled, Managed and UserManaged.
// +kubebuilder:validation:Enum=Disabled;Managed;UserManaged
Type capz.BootDiagnosticsStorageAccountType `json:"type"`
// ResourceGroup specifies the name of the resource group where the
// storage account to be used for diagnostics storage is present.
// Only used if the type is set to UserManaged.
ResourceGroup string `json:"resourceGroup"`
// StorageAccountName specifies the storage account where the diagnostics
// logs need to be stored.
// Only used if the type is set to UserManaged.
StorageAccountName string `json:"storageAccountName"`
}
BootDiagnostics defines the option to set the collection of logs from the machines created.
func (*BootDiagnostics) DeepCopy ¶
func (in *BootDiagnostics) DeepCopy() *BootDiagnostics
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootDiagnostics.
func (*BootDiagnostics) DeepCopyInto ¶
func (in *BootDiagnostics) DeepCopyInto(out *BootDiagnostics)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudEnvironment ¶
type CloudEnvironment string
CloudEnvironment is the name of the Azure cloud environment +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud;AzureStackCloud
const ( // PublicCloud is the general-purpose, public Azure cloud environment. PublicCloud CloudEnvironment = "AzurePublicCloud" // USGovernmentCloud is the Azure cloud environment for the US government. USGovernmentCloud CloudEnvironment = "AzureUSGovernmentCloud" // ChinaCloud is the Azure cloud environment used in China. ChinaCloud CloudEnvironment = "AzureChinaCloud" // GermanCloud is the Azure cloud environment used in Germany. GermanCloud CloudEnvironment = "AzureGermanCloud" // StackCloud is the Azure cloud environment used at the edge and on premises. StackCloud CloudEnvironment = "AzureStackCloud" )
func (CloudEnvironment) Name ¶
func (e CloudEnvironment) Name() string
Name returns name that Azure uses for the cloud environment. See https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
type ConfidentialVM ¶
type ConfidentialVM struct {
// UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
// +kubebuilder:validation:Required
UEFISettings *UEFISettings `json:"uefiSettings,omitempty"`
}
ConfidentialVM defines the UEFI settings for the virtual machine.
func (*ConfidentialVM) DeepCopy ¶
func (in *ConfidentialVM) DeepCopy() *ConfidentialVM
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfidentialVM.
func (*ConfidentialVM) DeepCopyInto ¶
func (in *ConfidentialVM) DeepCopyInto(out *ConfidentialVM)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomerManagedKey ¶
type CustomerManagedKey struct {
// KeyVault is the keyvault used for the customer created key required for encryption.
KeyVault KeyVault `json:"keyVault,omitempty"`
// UserAssignedIdentityKey is the name of the user identity that has access to the managed key.
UserAssignedIdentityKey string `json:"userAssignedIdentityKey,omitempty"`
}
CustomerManagedKey defines the customer managed key settings for encryption of the Azure storage account.
func (*CustomerManagedKey) DeepCopy ¶
func (in *CustomerManagedKey) DeepCopy() *CustomerManagedKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomerManagedKey.
func (*CustomerManagedKey) DeepCopyInto ¶
func (in *CustomerManagedKey) DeepCopyInto(out *CustomerManagedKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DiskEncryptionSet ¶
type DiskEncryptionSet struct {
// SubscriptionID defines the Azure subscription the disk encryption
// set is in.
SubscriptionID string `json:"subscriptionId"`
// ResourceGroup defines the Azure resource group used by the disk
// encryption set.
ResourceGroup string `json:"resourceGroup"`
// Name is the name of the disk encryption set.
Name string `json:"name"`
}
DiskEncryptionSet defines the configuration for a disk encryption set.
func (*DiskEncryptionSet) DeepCopy ¶
func (in *DiskEncryptionSet) DeepCopy() *DiskEncryptionSet
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DiskEncryptionSet.
func (*DiskEncryptionSet) DeepCopyInto ¶
func (in *DiskEncryptionSet) DeepCopyInto(out *DiskEncryptionSet)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*DiskEncryptionSet) ToID ¶
func (d *DiskEncryptionSet) ToID() string
ToID creates an Azure resource ID for the disk encryption set. It is possible to return a non-valid ID when SubscriptionID is empty. This should never happen since if SubscriptionID is empty, it is set to the current subscription. Also, should it somehow be empty and this returns an invalid ID, the validation code will produce an error when checked against the validation.RxDiskEncryptionSetID regular expression.
type ImagePurchasePlan ¶
type ImagePurchasePlan string
ImagePurchasePlan defines the purchase plan of a Marketplace image. +kubebuilder:validation:Enum=WithPurchasePlan;NoPurchasePlan
const ( // ImageWithPurchasePlan enum attribute which is the default setting. ImageWithPurchasePlan ImagePurchasePlan = "WithPurchasePlan" // ImageNoPurchasePlan enum attribute which speficies the image does not need a purchase plan. ImageNoPurchasePlan ImagePurchasePlan = "NoPurchasePlan" )
type KeyVault ¶
type KeyVault struct {
// ResourceGroup defines the Azure resource group used by the key
// vault.
ResourceGroup string `json:"resourceGroup"`
// Name is the name of the key vault.
Name string `json:"name"`
// KeyName is the name of the key vault key.
KeyName string `json:"keyName"`
}
KeyVault defines an Azure Key Vault.
func (*KeyVault) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyVault.
func (*KeyVault) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MachinePool ¶
type MachinePool struct {
// Zones is list of availability zones that can be used.
// eg. ["1", "2", "3"]
//
// +optional
Zones []string `json:"zones,omitempty"`
// InstanceType defines the azure instance type.
// eg. Standard_DS_V2
//
// +optional
InstanceType string `json:"type"`
// EncryptionAtHost enables encryption at the VM host.
//
// +optional
EncryptionAtHost bool `json:"encryptionAtHost,omitempty"`
// OSDisk defines the storage for instance.
//
// +optional
OSDisk `json:"osDisk"`
// ultraSSDCapability defines if the instance should use Ultra SSD disks.
//
// +optional
// +kubebuilder:validation:Enum=Enabled;Disabled
UltraSSDCapability string `json:"ultraSSDCapability,omitempty"`
// VMNetworkingType specifies whether to enable accelerated networking.
// Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its
// networking performance.
// eg. values: "Accelerated", "Basic"
//
// +kubebuilder:validation:Enum="Accelerated"; "Basic"
// +optional
VMNetworkingType string `json:"vmNetworkingType,omitempty"`
// BootDiagnostics has the value for the storage account URI where the
// machine log information of the control plane is sent to.
// Defaults to managed for control plane if no value is mentioned.
// +optional
BootDiagnostics *BootDiagnostics `json:"bootDiagnostics,omitempty"`
// OSImage defines the image to use for the OS.
// +optional
OSImage OSImage `json:"osImage,omitempty"`
// Settings specify the security type and the UEFI settings of the virtual machine. This field can
// be set for Confidential VMs and Trusted Launch for VMs.
// +optional
Settings *SecuritySettings `json:"settings,omitempty"`
// Identity is the type of identity used for the virtual machine.
// The type 'UserAssigned' is a standalone Azure resource provided by the user
// and assigned to the VM.
// The default identity is a user-assigned identity, generated by the installer.
// This default is expected to change in future releases.
// +kubebuilder:default=UserAssigned
// +optional
Identity *VMIdentity `json:"identity,omitempty"`
// DataDisk specifies the parameters that are used to add one or more data disks to the machine.
// +optional
DataDisks []capz.DataDisk `json:"dataDisks,omitempty"`
}
MachinePool stores the configuration for a machine pool installed on Azure.
func (*MachinePool) DeepCopy ¶
func (in *MachinePool) DeepCopy() *MachinePool
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachinePool.
func (*MachinePool) DeepCopyInto ¶
func (in *MachinePool) DeepCopyInto(out *MachinePool)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MachinePool) Set ¶
func (a *MachinePool) Set(required *MachinePool)
Set sets the values from `required` to `a`.
type Metadata ¶
type Metadata struct {
ARMEndpoint string `json:"armEndpoint"`
CloudName CloudEnvironment `json:"cloudName"`
Region string `json:"region"`
ResourceGroupName string `json:"resourceGroupName"`
BaseDomainResourceGroupName string `json:"baseDomainResourceGroupName"`
}
Metadata contains Azure metadata (e.g. for uninstalling the cluster).
func (*Metadata) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata.
func (*Metadata) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OSDisk ¶
type OSDisk struct {
// DiskSizeGB defines the size of disk in GB.
//
// +kubebuilder:validation:Minimum=0
DiskSizeGB int32 `json:"diskSizeGB"`
// DiskType defines the type of disk.
// For control plane nodes, the valid values are Premium_LRS and StandardSSD_LRS.
// Default is Premium_LRS.
// +optional
// +kubebuilder:validation:Enum=Standard_LRS;Premium_LRS;StandardSSD_LRS
DiskType string `json:"diskType"`
// DiskEncryptionSet defines a disk encryption set.
//
// +optional
*DiskEncryptionSet `json:"diskEncryptionSet,omitempty"`
// SecurityProfile specifies the security profile for the managed disk.
// +optional
SecurityProfile *VMDiskSecurityProfile `json:"securityProfile,omitempty"`
}
OSDisk defines the disk for machines on Azure.
func (*OSDisk) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSDisk.
func (*OSDisk) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OSImage ¶
type OSImage struct {
// Plan is the purchase plan of the image.
// If omitted, it defaults to "WithPurchasePlan".
// +optional
Plan ImagePurchasePlan `json:"plan"`
// Publisher is the publisher of the image.
Publisher string `json:"publisher"`
// Offer is the offer of the image.
Offer string `json:"offer"`
// SKU is the SKU of the image.
SKU string `json:"sku"`
// Version is the version of the image.
Version string `json:"version"`
}
OSImage is the image to use for the OS of a machine.
func (*OSImage) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImage.
func (*OSImage) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OutboundType ¶
type OutboundType string
OutboundType is a strategy for how egress from cluster is achieved. +kubebuilder:validation:Enum="";Loadbalancer;NATGatewaySingleZone;NATGatewayMultiZone;UserDefinedRouting
const ( // LoadbalancerOutboundType uses Standard loadbalancer for egress from the cluster. // see https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#lb LoadbalancerOutboundType OutboundType = "Loadbalancer" // NATGatewaySingleZoneOutboundType uses a single (non-zone-resilient) NAT Gateway for compute node outbound access. // see https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource NATGatewaySingleZoneOutboundType OutboundType = "NATGatewaySingleZone" // NATGatewayMultiZoneOutboundType uses NAT gateways in multiple zones in the compute node subnets for outbound access. NATGatewayMultiZoneOutboundType OutboundType = "NATGatewayMultiZone" // UserDefinedRoutingOutboundType uses user defined routing for egress from the cluster. // see https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview UserDefinedRoutingOutboundType OutboundType = "UserDefinedRouting" )
type Platform ¶
type Platform struct {
// Region specifies the Azure region where the cluster will be created.
Region string `json:"region"`
// ARMEndpoint is the endpoint for the Azure API when installing on Azure Stack.
ARMEndpoint string `json:"armEndpoint,omitempty"`
// ClusterOSImage is the url of a storage blob in the Azure Stack environment containing an RHCOS VHD. This field is required for Azure Stack and not applicable to Azure.
ClusterOSImage string `json:"clusterOSImage,omitempty"`
// BaseDomainResourceGroupName specifies the resource group where the Azure DNS zone for the base domain is found. This field is optional when creating a private cluster, otherwise required.
//
// +optional
BaseDomainResourceGroupName string `json:"baseDomainResourceGroupName,omitempty"`
// DefaultMachinePlatform is the default configuration used when
// installing on Azure for machine pools which do not define their own
// platform configuration.
// +optional
DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"`
// NetworkResourceGroupName specifies the network resource group that contains an existing VNet
//
// +optional
NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"`
// VirtualNetwork specifies the name of an existing VNet for the installer to use
//
// +optional
VirtualNetwork string `json:"virtualNetwork,omitempty"`
// ControlPlaneSubnet specifies an existing subnet for use by the control plane nodes
//
// Deprecated: use platform.Azure.Subnets section
// +optional
DeprecatedControlPlaneSubnet string `json:"controlPlaneSubnet,omitempty"`
// ComputeSubnet specifies an existing subnet for use by compute nodes
//
// Deprecated: use platform.Azure.Subnets section
// +optional
DeprecatedComputeSubnet string `json:"computeSubnet,omitempty"`
// cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
// with the appropriate Azure API endpoints.
// If empty, the value is equal to "AzurePublicCloud".
// +optional
CloudName CloudEnvironment `json:"cloudName,omitempty"`
// OutboundType is a strategy for how egress from cluster is achieved. When not specified default is "Loadbalancer".
//
// +kubebuilder:default=Loadbalancer
// +optional
OutboundType OutboundType `json:"outboundType"`
// Subnets is the list of subnets the user can bring into the cluster to be used.
//
// +optional
Subnets []SubnetSpec `json:"subnets,omitempty"`
// ResourceGroupName is the name of an already existing resource group where the cluster should be installed.
// This resource group should only be used for this specific cluster and the cluster components will assume
// ownership of all resources in the resource group. Destroying the cluster using installer will delete this
// resource group.
// This resource group must be empty with no other resources when trying to use it for creating a cluster.
// If empty, a new resource group will created for the cluster.
//
// +optional
ResourceGroupName string `json:"resourceGroupName,omitempty"`
// UserTags has additional keys and values that the installer will add
// as tags to all resources that it creates on AzurePublicCloud alone.
// Resources created by the cluster itself may not include these tags.
// +optional
UserTags map[string]string `json:"userTags,omitempty"`
// CustomerManagedKey has the keys needed to encrypt the storage account.
CustomerManagedKey *CustomerManagedKey `json:"customerManagedKey,omitempty"`
// UserProvisionedDNS indicates if the customer is providing their own DNS solution in place of the default
// provisioned by the Installer.
// +kubebuilder:default:="Disabled"
// +default="Disabled"
// +kubebuilder:validation:Enum="Enabled";"Disabled"
UserProvisionedDNS dns.UserProvisionedDNS `json:"userProvisionedDNS,omitempty"`
}
Platform stores all the global configuration that all machinesets use.
func (*Platform) ClusterResourceGroupName ¶
ClusterResourceGroupName returns the name of the resource group for the cluster.
func (*Platform) ComputeSubnetName ¶ added in v0.90.0
ComputeSubnetName returns the name of the compute subnet for the cluster.
func (*Platform) ControlPlaneSubnetName ¶ added in v0.90.0
ControlPlaneSubnetName returns the name of the control plane subnet for the cluster.
func (*Platform) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Platform.
func (*Platform) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Platform) NetworkSecurityGroupName ¶ added in v0.90.0
NetworkSecurityGroupName returns the name of the network security group.
func (*Platform) SetBaseDomain ¶
SetBaseDomain parses the baseDomainID and sets the related fields on azure.Platform
func (*Platform) VirtualNetworkName ¶ added in v0.90.0
VirtualNetworkName returns the name of the virtual network for the cluster.
type SecurityEncryptionTypes ¶
type SecurityEncryptionTypes string
SecurityEncryptionTypes represents the Encryption Type when the Azure Virtual Machine is a Confidential VM.
const ( // SecurityEncryptionTypesVMGuestStateOnly disables OS disk confidential encryption. SecurityEncryptionTypesVMGuestStateOnly SecurityEncryptionTypes = "VMGuestStateOnly" // SecurityEncryptionTypesDiskWithVMGuestState enables OS disk confidential encryption with // a platform-managed key (PMK) or a customer-managed key (CMK). SecurityEncryptionTypesDiskWithVMGuestState SecurityEncryptionTypes = "DiskWithVMGuestState" )
type SecuritySettings ¶
type SecuritySettings struct {
// SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to
// enable secure boot and vTPM. The default behavior is: secure boot and vTPM will not be enabled unless this property is set.
// +kubebuilder:validation:Enum=ConfidentialVM;TrustedLaunch
// +kubebuilder:validation:Required
SecurityType SecurityTypes `json:"securityType,omitempty"`
// ConfidentialVM specifies the security configuration of the virtual machine.
// For more information regarding Confidential VMs, please refer to:
// https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview
// +optional
ConfidentialVM *ConfidentialVM `json:"confidentialVM,omitempty"`
// TrustedLaunch specifies the security configuration of the virtual machine.
// For more information regarding TrustedLaunch for VMs, please refer to:
// https://learn.microsoft.com/azure/virtual-machines/trusted-launch
// +optional
TrustedLaunch *TrustedLaunch `json:"trustedLaunch,omitempty"`
}
SecuritySettings define the security type and the UEFI settings of the virtual machine.
func (*SecuritySettings) DeepCopy ¶
func (in *SecuritySettings) DeepCopy() *SecuritySettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecuritySettings.
func (*SecuritySettings) DeepCopyInto ¶
func (in *SecuritySettings) DeepCopyInto(out *SecuritySettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecurityTypes ¶
type SecurityTypes string
SecurityTypes represents the SecurityType of the virtual machine.
const ( // SecurityTypesConfidentialVM defines the SecurityType of the virtual machine as a Confidential VM. SecurityTypesConfidentialVM SecurityTypes = "ConfidentialVM" // SecurityTypesTrustedLaunch defines the SecurityType of the virtual machine as a Trusted Launch VM. SecurityTypesTrustedLaunch SecurityTypes = "TrustedLaunch" )
type SubnetSpec ¶
type SubnetSpec struct {
// Name of the subnet.
Name string `json:"name"`
// Role specifies the actual role which the subnet should be used in.
// +kubebuilder:validation:Enum=node;control-plane
Role capz.SubnetRole `json:"role"`
}
SubnetSpec specifies the properties the subnet needs to be used in the cluster.
func (*SubnetSpec) DeepCopy ¶
func (in *SubnetSpec) DeepCopy() *SubnetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetSpec.
func (*SubnetSpec) DeepCopyInto ¶
func (in *SubnetSpec) DeepCopyInto(out *SubnetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TrustedLaunch ¶
type TrustedLaunch struct {
// UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
// +kubebuilder:validation:Required
UEFISettings *UEFISettings `json:"uefiSettings,omitempty"`
}
TrustedLaunch defines the UEFI settings for the virtual machine.
func (*TrustedLaunch) DeepCopy ¶
func (in *TrustedLaunch) DeepCopy() *TrustedLaunch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrustedLaunch.
func (*TrustedLaunch) DeepCopyInto ¶
func (in *TrustedLaunch) DeepCopyInto(out *TrustedLaunch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UEFISettings ¶
type UEFISettings struct {
// SecureBoot specifies whether secure boot should be enabled on the virtual machine.
// Secure Boot verifies the digital signature of all boot components and halts the boot process if
// signature verification fails.
// If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.
// +kubebuilder:validation:Enum=Enabled;Disabled
// +optional
SecureBoot *string `json:"secureBoot,omitempty"`
// VirtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine.
// When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline.
// The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.
// This is required to be set to enabled if the SecurityEncryptionType is defined.
// If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.
// +kubebuilder:validation:Enum=Enabled;Disabled
// +optional
VirtualizedTrustedPlatformModule *string `json:"virtualizedTrustedPlatformModule,omitempty"`
}
UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
func (*UEFISettings) DeepCopy ¶
func (in *UEFISettings) DeepCopy() *UEFISettings
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UEFISettings.
func (*UEFISettings) DeepCopyInto ¶
func (in *UEFISettings) DeepCopyInto(out *UEFISettings)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type UserAssignedIdentity ¶
type UserAssignedIdentity struct {
// Name is the name of the user-assigned identity to be assigned to the node.
Name string `json:"name"`
// Subscription is the subscription that contains the user-assigned identity.
Subscription string `json:"subscription"`
// ResourceGroup is the resource group that contains the user-assigned identity.
ResourceGroup string `json:"resourceGroup"`
}
UserAssignedIdentity contains the fields that comprise a user-assigned identity.
func (*UserAssignedIdentity) DeepCopy ¶
func (in *UserAssignedIdentity) DeepCopy() *UserAssignedIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserAssignedIdentity.
func (*UserAssignedIdentity) DeepCopyInto ¶
func (in *UserAssignedIdentity) DeepCopyInto(out *UserAssignedIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*UserAssignedIdentity) ProviderID ¶
func (i *UserAssignedIdentity) ProviderID() string
ProviderID returns the formated provider id of the user-assigned identity. e.g. '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
type VMDiskSecurityProfile ¶
type VMDiskSecurityProfile struct {
// DiskEncryptionSet specifies the customer managed disk encryption set resource id for the
// managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and
// VMGuestState blob.
// +optional
DiskEncryptionSet *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"`
// SecurityEncryptionType specifies the encryption type of the managed disk.
// It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState
// blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only.
// When set to VMGuestStateOnly, the VTpmEnabled should be set to true.
// When set to DiskWithVMGuestState, both SecureBootEnabled and VTpmEnabled should be set to true.
// It can be set only for Confidential VMs.
// +kubebuilder:validation:Enum=VMGuestStateOnly;DiskWithVMGuestState
// +optional
SecurityEncryptionType SecurityEncryptionTypes `json:"securityEncryptionType,omitempty"`
}
VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.
func (*VMDiskSecurityProfile) DeepCopy ¶
func (in *VMDiskSecurityProfile) DeepCopy() *VMDiskSecurityProfile
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VMDiskSecurityProfile.
func (*VMDiskSecurityProfile) DeepCopyInto ¶
func (in *VMDiskSecurityProfile) DeepCopyInto(out *VMDiskSecurityProfile)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VMIdentity ¶
type VMIdentity struct {
// Type specifies the type of identity to be used.
// +kubebuilder:validation:Schemaless
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Enum=None;UserAssigned
Type capz.VMIdentity `json:"type"`
// UserAssignedIdentities is a list of identities to be attached to a node.
// Only one user-assigned identity may be supplied.
// Supplying more than one user-assigned identity is an experimental feature
// which may be enabled with the MachineAPIMigration feature gate.
UserAssignedIdentities []UserAssignedIdentity `json:"userAssignedIdentities"`
}
VMIdentity configures the identity attached to the VM.
func (*VMIdentity) DeepCopy ¶
func (in *VMIdentity) DeepCopy() *VMIdentity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VMIdentity.
func (*VMIdentity) DeepCopyInto ¶
func (in *VMIdentity) DeepCopyInto(out *VMIdentity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VMNetworkingCapability ¶
type VMNetworkingCapability string
VMNetworkingCapability defines the states for accelerated networking feature
const ( // AcceleratedNetworkingEnabled is string representation of the VMNetworkingType / AcceleratedNetworking Capability // provided by the Azure API AcceleratedNetworkingEnabled = "AcceleratedNetworkingEnabled" // VMNetworkingTypeBasic enum attribute that is the default setting which means AcceleratedNetworking is disabled. VMNetworkingTypeBasic VMNetworkingCapability = "Basic" // VMnetworkingTypeAccelerated enum attribute that enables AcceleratedNetworking on a VM NIC. VMnetworkingTypeAccelerated VMNetworkingCapability = "Accelerated" )
Source Files
Directories