Skip to content

Add key management service profile of a managed cluster for version 2022-06-01 #19529

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
FumingZhang merged 1 commit into from
Jun 20, 2022
Merged

Add key management service profile of a managed cluster for version 2022-06-01 #19529

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions ...ervice/resource-manager/Microsoft.ContainerService/stable/2022-06-01/managedClusters.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5427,10 +5427,46 @@
"azureDefender": {
"$ref": "#/definitions/ManagedClusterSecurityProfileAzureDefender",
"description": "Azure Defender settings for the security profile."
},
"azureKeyVaultKms": {
"$ref": "#/definitions/AzureKeyVaultKms",
"description": "Azure Key Vault [key management service](https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) settings for the security profile."
}
},
"description": "Security profile for the container service cluster."
},
"AzureKeyVaultKms": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Whether to enable Azure Key Vault key management service. The default is false."
},
"keyId": {
"type": "string",
"description": "Identifier of Azure Key Vault key. See [key identifier format](https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#vault-name-and-object-name) for more details. When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier. When Azure Key Vault key management service is disabled, leave the field empty."
},
"keyVaultNetworkAccess": {
"type": "string",
"enum": [
"Public",
"Private"
],
"default": "Public",
"x-ms-enum": {
"name": "KeyVaultNetworkAccessTypes",
"modelAsString": true
},
"title": "Network access of the key vault",
"description": "Network access of key vault. The possible values are `Public` and `Private`. `Public` means the key vault allows public access from all networks. `Private` means the key vault disables public access and enables private link. The default value is `Public`."
Copy link
Member

@matthchr matthchr Jun 20, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use the name and values section of x-ms-enum to add these per-value descriptions to each documented value, see for example:

          "x-ms-enum": {
            "name": "ManagedClusterSKUTier",
            "modelAsString": true,
            "values": [
              {
                "value": "Paid",
                "description": "Guarantees 99.95% availability of the Kubernetes API server endpoint for clusters that use Availability Zones and 99.9% of availability for clusters that don't use Availability Zones."
              },
              {
                "value": "Free",
                "description": "No guaranteed SLA, no additional charges. Free tier clusters have an SLO of 99.5%."
              }
            ]
          }

If you do this then you can probably just remove this description as it will be entirely covered by the docs in x-ms-enum

},
"keyVaultResourceId": {
"type": "string",
"description": "Resource ID of key vault. When keyVaultNetworkAccess is `Private`, this field is required and must be a valid resource ID. When keyVaultNetworkAccess is `Public`, leave the field empty."
}
},
"description": "Azure Key Vault key management service settings for the security profile."
},
"ManagedClusterStorageProfile": {
"type": "object",
"properties": {
Expand Down