Here are the cluster definitions for apiVersion "vlabs"
Name | Required | Description |
---|---|---|
apiVersion | yes | The version of the template. For "vlabs" the value is "vlabs". |
orchestratorProfile
describes the orchestrator settings.
Name | Required | Description |
---|---|---|
orchestratorType | yes | This specifies the orchestrator type for the cluster. |
Here are the valid values for the orchestrator types:
DCOS
- this represents the DC/OS orchestrator. Older releases of DCOS 1.7 and DCOS 1.8 may be specified.Kubernetes
- this represents the Kubernetes orchestrator.Swarm
- this represents the Swarm orchestrator.Swarm Mode
- this represents the Swarm Mode orchestrator.
kubernetesConfig
describes Kubernetes specific configuration.
Name | Required | Description |
---|---|---|
kubernetesImageBase | no | This specifies the image of kubernetes to use for the cluster. |
networkPolicy | no | Specifies the network policy tool for the cluster. Valid values are:none (default), which won't enforce any network policy,azure for applying Azure VNET network policy,calico for Calico network policy for clusters with Linux agents only.See network policy examples for more information. |
clusterSubnet | no | The IP subnet used for allocating IP addresses for pod network interfaces. The subnet must be in the VNET address space. Default value is 10.244.0.0/16. |
dockerBridgeSubnet | no | The specific IP and subnet used for allocating IP addresses for the docker bridge network created on the kubernetes master and agents. Default value is 172.17.0.1/16. This value is used to configure the docker daemon using the --bip flag. |
enableRbac | no | Enable Kubernetes RBAC (boolean - default == false) |
masterProfile
describes the settings for master configuration.
Name | Required | Description |
---|---|---|
count | yes | Masters have count value of 1, 3, or 5 masters |
dnsPrefix | yes | this is the dns prefix for the masters FQDN. The master FQDN is used for SSH or commandline access. This must be a unique name. (bring your own VNET examples) |
firstConsecutiveStaticIP | only required when vnetSubnetId specified | this is the IP address of the first master. IP Addresses will be assigned consecutively to additional master nodes. |
vmsize | yes | Describes a valid Azure VM Sizes. These are restricted machines with at least 2 cores and 100GB of ephemeral disk space. |
osDiskSizeGB | no | Describes the OS Disk Size in GB |
vnetSubnetId | no | specifies the Id of an alternate VNET subnet. The subnet id must specify a valid VNET ID owned by the same subscription. (bring your own VNET examples) |
A cluster can have 0 to 12 agent pool profiles. Agent Pool Profiles are used for creating agents with different capabilities such as VMSizes, VMSS or Availability Set, Public/Private access, attached storage disks, attached managed disks, or Windows.
Name | Required | Description |
---|---|---|
availabilityProfile | no, defaults to VirtualMachineScaleSets |
You can choose between VirtualMachineScaleSets and AvailabilitySet . As a rule of thumb always choose VirtualMachineScaleSets unless you need features such as dynamic attached disks or require Kubernetes |
count | yes | Describes the node count |
diskSizesGB | no | describes an array of up to 4 attached disk sizes. Valid disk size values are between 1 and 1024. |
dnsPrefix | required if agents are to be exposed publically with a load balancer | this is the dns prefix that forms the FQDN to access the loadbalancer for this agent pool. This must be a unique name among all agent pools. |
name | yes | This is the unique name for the agent pool profile. The resources of the agent pool profile are derived from this name. |
ports | only required if needed for exposing services publically | Describes an array of ports need for exposing publically. A tcp probe is configured for each port and only opens to an agent node if the agent node is listening on that port. A maximum of 150 ports may be specified. |
storageProfile | no, defaults to StorageAccount |
specifies the storage profile to use. Valid values are StorageAccount or ManagedDisks |
vmsize | yes | Describes a valid Azure VM Sizes. These are restricted to machines with at least 2 cores |
osDiskSizeGB | no | Describes the OS Disk Size in GB |
vnetSubnetId | no | specifies the Id of an alternate VNET subnet. The subnet id must specify a valid VNET ID owned by the same subscription. (bring your own VNET examples) |
linuxProfile
provides the linux configuration for each linux node in the cluster
Name | Required | Description |
---|---|---|
adminUsername | yes | describes the username to be used on all linux clusters |
ssh.publicKeys.keyData | yes | The public SSH key used for authenticating access to all Linux nodes in the cluster. Here are instructions for generating a public/private key pair. |
secrets | no | specifies an array of key vaults to pull secrets from and what secrets to pull from each |
secrets
details which certificates to install on the masters and nodes in the cluster.
A cluster can have a list of key vaults to install certs from.
On linux boxes the certs are saved on under the directory "/var/lib/waagent/". 2 files are saved per certificate:
{thumbprint}.crt
: this is the full cert chain saved in PEM format{thumbprint}.prv
: this is the private key saved in PEM format
Name | Required | Description |
---|---|---|
sourceVault.id | yes | the azure resource manager id of the key vault to pull secrets from |
vaultCertificates.certificateUrl | yes | key vault url to this cert including the version |
format for sourceVault.id , can be obtained in cli, or found in the portal: /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.KeyVault/vaults/{keyvaultname} |
format for vaultCertificates.certificateUrl
, can be obtained in cli, or found in the portal:
https://{keyvaultname}.vault.azure.net:443/secrets/{secretName}/{version}
servicePrincipalProfile
describes an Azure Service credentials to be used by the cluster for self-configuration. See service principal for more details on creation.
Name | Required | Description |
---|---|---|
servicePrincipalClientID | yes, for Kubernetes clusters | describes the Azure client id. It is recommended to use a separate client ID per cluster |
servicePrincipalClientSecret | yes, for Kubernetes clusters | describes the Azure client secret. It is recommended to use a separate client secret per client id |
Here are the cluster definitions for apiVersion "2016-03-30". This matches the api version of the Azure Container Service Engine.
Name | Required | Description |
---|---|---|
apiVersion | yes | The version of the template. For "2016-03-30" the value is "2016-03-30". |
orchestratorProfile
describes the orchestrator settings.
Name | Required | Description |
---|---|---|
orchestratorType | yes | This specifies the orchestrator type for the cluster. |
Here are the valid values for the orchestrator types:
DCOS
- this represents the DC/OS orchestrator.Swarm
- this represents the Swarm orchestrator.Kubernetes
- this represents the Kubernetes orchestrator.Swarm Mode
- this represents the Swarm Mode orchestrator.
masterProfile
describes the settings for master configuration.
Name | Required | Description |
---|---|---|
count | yes | Masters have count value of 1, 3, or 5 masters |
dnsPrefix | yes | this is the dns prefix for the masters FQDN. The master FQDN is used for SSH or commandline access. This must be a unique name. (bring your own VNET examples) |
For apiVersion "2016-03-30", a cluster may have only 1 agent pool profiles.
Name | Required | Description |
---|---|---|
count | yes | Describes the node count |
dnsPrefix | required if agents are to be exposed publically with a load balancer | this is the dns prefix that forms the FQDN to access the loadbalancer for this agent pool. This must be a unique name among all agent pools. |
name | yes | This is the unique name for the agent pool profile. The resources of the agent pool profile are derived from this name. |
vmsize | yes | Describes a valid Azure VM Sizes. These are restricted to machines with at least 2 cores |
linuxProfile
provides the linux configuration for each linux node in the cluster
Name | Required | Description |
---|---|---|
adminUsername | yes | describes the username to be used on all linux clusters |
ssh.publicKeys[0].keyData | yes | The public SSH key used for authenticating access to all Linux nodes in the cluster. Here are instructions for generating a public/private key pair. |