Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The instances/brokers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.IoTOperations/instances/brokers resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.IoTOperations/instances/brokers@2025-10-01' = {
parent: resourceSymbolicName
extendedLocation: {
name: 'string'
type: 'string'
}
name: 'string'
properties: {
advanced: {
clients: {
maxKeepAliveSeconds: int
maxMessageExpirySeconds: int
maxPacketSizeBytes: int
maxReceiveMaximum: int
maxSessionExpirySeconds: int
subscriberQueueLimit: {
length: int
strategy: 'string'
}
}
encryptInternalTraffic: 'string'
internalCerts: {
duration: 'string'
privateKey: {
algorithm: 'string'
rotationPolicy: 'string'
}
renewBefore: 'string'
}
}
cardinality: {
backendChain: {
partitions: int
redundancyFactor: int
workers: int
}
frontend: {
replicas: int
workers: int
}
}
diagnostics: {
logs: {
level: 'string'
}
metrics: {
prometheusPort: int
}
selfCheck: {
intervalSeconds: int
mode: 'string'
timeoutSeconds: int
}
traces: {
cacheSizeMegabytes: int
mode: 'string'
selfTracing: {
intervalSeconds: int
mode: 'string'
}
spanChannelCapacity: int
}
}
diskBackedMessageBuffer: {
ephemeralVolumeClaimSpec: {
accessModes: [
'string'
]
dataSource: {
apiGroup: 'string'
kind: 'string'
name: 'string'
}
dataSourceRef: {
apiGroup: 'string'
kind: 'string'
name: 'string'
namespace: 'string'
}
resources: {
claims: [
{
name: 'string'
}
]
limits: {
{customized property}: 'string'
}
requests: {
{customized property}: 'string'
}
}
selector: {
matchExpressions: [
{
key: 'string'
operator: 'string'
values: [
'string'
]
}
]
matchLabels: {
{customized property}: 'string'
}
}
storageClassName: 'string'
volumeMode: 'string'
volumeName: 'string'
}
maxSize: 'string'
persistentVolumeClaimSpec: {
accessModes: [
'string'
]
dataSource: {
apiGroup: 'string'
kind: 'string'
name: 'string'
}
dataSourceRef: {
apiGroup: 'string'
kind: 'string'
name: 'string'
namespace: 'string'
}
resources: {
claims: [
{
name: 'string'
}
]
limits: {
{customized property}: 'string'
}
requests: {
{customized property}: 'string'
}
}
selector: {
matchExpressions: [
{
key: 'string'
operator: 'string'
values: [
'string'
]
}
]
matchLabels: {
{customized property}: 'string'
}
}
storageClassName: 'string'
volumeMode: 'string'
volumeName: 'string'
}
}
generateResourceLimits: {
cpu: 'string'
}
memoryProfile: 'string'
persistence: {
encryption: {
mode: 'string'
}
maxSize: 'string'
persistentVolumeClaimSpec: {
accessModes: [
'string'
]
dataSource: {
apiGroup: 'string'
kind: 'string'
name: 'string'
}
dataSourceRef: {
apiGroup: 'string'
kind: 'string'
name: 'string'
namespace: 'string'
}
resources: {
claims: [
{
name: 'string'
}
]
limits: {
{customized property}: 'string'
}
requests: {
{customized property}: 'string'
}
}
selector: {
matchExpressions: [
{
key: 'string'
operator: 'string'
values: [
'string'
]
}
]
matchLabels: {
{customized property}: 'string'
}
}
storageClassName: 'string'
volumeMode: 'string'
volumeName: 'string'
}
retain: {
mode: 'string'
// For remaining properties, see BrokerRetainMessagesPolicy objects
}
stateStore: {
mode: 'string'
// For remaining properties, see BrokerStateStorePolicy objects
}
subscriberQueue: {
mode: 'string'
// For remaining properties, see BrokerSubscriberQueuePolicy objects
}
}
}
}
BrokerSubscriberQueuePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode: 'Custom'
subscriberQueueSettings: {
dynamic: {
mode: 'string'
}
subscriberClientIds: [
'string'
]
}
}
BrokerRetainMessagesPolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode: 'Custom'
retainSettings: {
dynamic: {
mode: 'string'
}
topics: [
'string'
]
}
}
BrokerStateStorePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode: 'Custom'
stateStoreSettings: {
dynamic: {
mode: 'string'
}
stateStoreResources: [
{
keys: [
'string'
]
keyType: 'string'
}
]
}
}
Property Values
Microsoft.IoTOperations/instances/brokers
| Name | Description | Value |
|---|---|---|
| extendedLocation | Edge ___location of the resource. | ExtendedLocation |
| name | The resource name | string Constraints: Min length = 3 Max length = 63 Pattern = ^[a-z0-9][a-z0-9-]*[a-z0-9]$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: instances |
| properties | The resource-specific properties for this resource. | BrokerProperties |
AdvancedSettings
| Name | Description | Value |
|---|---|---|
| clients | Configurations related to All Clients. | ClientConfig |
| encryptInternalTraffic | The setting to enable or disable encryption of internal Traffic. | 'Disabled' 'Enabled' |
| internalCerts | Certificate rotation and private key configuration. | CertManagerCertOptions |
BackendChain
| Name | Description | Value |
|---|---|---|
| partitions | The desired number of physical backend partitions. | int Constraints: Min value = 1 Max value = 16 (required) |
| redundancyFactor | The desired numbers of backend replicas (pods) in a physical partition. | int Constraints: Min value = 1 Max value = 5 (required) |
| workers | Number of logical backend workers per replica (pod). | int Constraints: Min value = 1 Max value = 16 |
BrokerDiagnostics
| Name | Description | Value |
|---|---|---|
| logs | Diagnostic log settings for the resource. | DiagnosticsLogs |
| metrics | The metrics settings for the resource. | Metrics |
| selfCheck | The self check properties. | SelfCheck |
| traces | The trace properties. | Traces |
BrokerPersistence
| Name | Description | Value |
|---|---|---|
| encryption | Controls settings related to encryption of the persistence database. Optional, defaults to enabling encryption. | BrokerPersistenceEncryption |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using persistentVolumeClaimSpec Then this size is used as the request and limit sizes of that template. If a PVC template isn't specified Then local-path provisioner is requested with this size limit. Required. | string (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume. Same object as in diskBackedMessageBuffer, but with a limitation that access modes field must be set to ReadWriteOncePod.If unset, a default PVC with default properties will be used. Among other things this PVC will use the cluster default storage class, which may or may not be using a local path provisioner. User is opting in to sub-optimal behavior if they leave this unset or set it without the storage class field, and their cluster default is not a local path class. |
VolumeClaimSpec |
| retain | Controls which topic's retained messages should be persisted to disk. | BrokerRetainMessagesPolicy |
| stateStore | Controls which keys should be persisted to disk for the state store. | BrokerStateStorePolicy |
| subscriberQueue | Controls which subscriber message queues should be persisted to disk. Important: to facilitate reconnection, session state metadata are ALWAYS written to disk if any persistence setting is specified, even if this section isn't set. | BrokerSubscriberQueuePolicy |
BrokerPersistenceEncryption
| Name | Description | Value |
|---|---|---|
| mode | Determines if encryption is enabled. | 'Disabled' 'Enabled' (required) |
BrokerProperties
| Name | Description | Value |
|---|---|---|
| advanced | Advanced settings of Broker. | AdvancedSettings |
| cardinality | The cardinality details of the broker. | Cardinality |
| diagnostics | Spec defines the desired identities of Broker diagnostics settings. | BrokerDiagnostics |
| diskBackedMessageBuffer | Settings of Disk Backed Message Buffer. | DiskBackedMessageBuffer |
| generateResourceLimits | This setting controls whether Kubernetes CPU resource limits are requested. Increasing the number of replicas or workers proportionally increases the amount of CPU resources requested. If this setting is enabled and there are insufficient CPU resources, an error will be emitted. | GenerateResourceLimits |
| memoryProfile | Memory profile of Broker. | 'High' 'Low' 'Medium' 'Tiny' |
| persistence | The persistence settings of the Broker. | BrokerPersistence |
BrokerRetainMessagesCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all retain messages, 'None' to not persist any, 'Custom' to persist only the specified topics. | 'Custom' (required) |
| retainSettings | Settings for the policy. | BrokerRetainMessagesSettings (required) |
BrokerRetainMessagesDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerRetainMessagesCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerRetainMessagesPolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerRetainMessagesCustomPolicy. | 'Custom' (required) |
BrokerRetainMessagesSettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerRetainMessagesDynamic |
| topics | List of topics under which retained messages would be persisted to disk. Wildcards # and + supported. | string[] |
BrokerStateStoreCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all keys, 'None' to not persist any, 'Custom' to persist only the specified keys. | 'Custom' (required) |
| stateStoreSettings | Settings for the policy. | BrokerStateStorePolicySettings (required) |
BrokerStateStoreDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerStateStoreCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerStateStorePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerStateStoreCustomPolicy. | 'Custom' (required) |
BrokerStateStorePolicyResources
| Name | Description | Value |
|---|---|---|
| keys | List of keys to persist to disk, required. | string[] (required) |
| keyType | The key to persist to disk. | 'Binary' 'Pattern' 'String' (required) |
BrokerStateStorePolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerStateStoreDynamic |
| stateStoreResources | List of key and key type to persist to disk. | BrokerStateStorePolicyResources[] |
BrokerSubscriberQueueCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all subscriber queues, 'None' to not persist any, 'Custom' to persist only the specified queues. | 'Custom' (required) |
| subscriberQueueSettings | Custom policy, required if mode is Custom. Subscriber queues from all groups are persisted to disk (logical OR). | BrokerSubscriberQueueCustomPolicySettings (required) |
BrokerSubscriberQueueCustomPolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerSubscriberQueueDynamic |
| subscriberClientIds | List of client IDs of the subscribers, wildcard * supported. | string[] |
BrokerSubscriberQueueDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerSubscriberQueueCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerSubscriberQueuePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerSubscriberQueueCustomPolicy. | 'Custom' (required) |
Cardinality
| Name | Description | Value |
|---|---|---|
| backendChain | The backend broker desired properties | BackendChain (required) |
| frontend | The frontend desired properties | Frontend (required) |
CertManagerCertOptions
| Name | Description | Value |
|---|---|---|
| duration | Lifetime of certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
| privateKey | Configuration of certificate private key. | CertManagerPrivateKey (required) |
| renewBefore | When to begin renewing certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
CertManagerPrivateKey
| Name | Description | Value |
|---|---|---|
| algorithm | algorithm for private key. | 'Ec256' 'Ec384' 'Ec521' 'Ed25519' 'Rsa2048' 'Rsa4096' 'Rsa8192' (required) |
| rotationPolicy | cert-manager private key rotationPolicy. | 'Always' 'Never' (required) |
ClientConfig
| Name | Description | Value |
|---|---|---|
| maxKeepAliveSeconds | Upper bound of a client's Keep Alive, in seconds. | int Constraints: Min value = 0 Max value = 65535 |
| maxMessageExpirySeconds | Upper bound of Message Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| maxPacketSizeBytes | Max message size for a packet in Bytes. | int Constraints: Min value = 1 Max value = 268435456 |
| maxReceiveMaximum | Upper bound of Receive Maximum that a client can request in the CONNECT packet. | int Constraints: Min value = 1 Max value = 65535 |
| maxSessionExpirySeconds | Upper bound of Session Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| subscriberQueueLimit | The limit on the number of queued messages for a subscriber. | SubscriberQueueLimit |
DiagnosticsLogs
| Name | Description | Value |
|---|---|---|
| level | The log level. Examples - 'debug', 'info', 'warn', 'error', 'trace'. | string |
DiskBackedMessageBuffer
| Name | Description | Value |
|---|---|---|
| ephemeralVolumeClaimSpec | Use the specified persistent volume claim template to mount a "generic ephemeral volume" for the message buffer. See <https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes> for details. | VolumeClaimSpec |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using one of ephemeralVolumeClaimSpec or persistentVolumeClaimSpec, then this size is used as the request and limit sizes of that template. If neither ephemeralVolumeClaimSpec nor persistentVolumeClaimSpec are specified, then an emptyDir volume is mounted with this size as its limit. See <https://kubernetes.io/docs/concepts/storage/volumes/#emptydir> for details. | string Constraints: Pattern = ^[0-9]+[KMGTPE]$ (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume for the message buffer. | VolumeClaimSpec |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended ___location. | string (required) |
| type | Type of ExtendedLocation. | 'CustomLocation' (required) |
Frontend
| Name | Description | Value |
|---|---|---|
| replicas | The desired number of frontend instances (pods). | int Constraints: Min value = 1 Max value = 16 (required) |
| workers | Number of logical frontend workers per instance (pod). | int Constraints: Min value = 1 Max value = 16 |
GenerateResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The toggle to enable/disable cpu resource limits. | 'Disabled' 'Enabled' |
KubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
| namespace | Namespace is the namespace of the resource being referenced. This field is required when the resource has a namespace. | string |
LocalKubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
Metrics
| Name | Description | Value |
|---|---|---|
| prometheusPort | The prometheus port to expose the metrics. | int Constraints: Min value = 0 Max value = 65535 |
SelfCheck
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self check interval. | int Constraints: Min value = 30 Max value = 300 |
| mode | The toggle to enable/disable self check. | 'Disabled' 'Enabled' |
| timeoutSeconds | The timeout for self check. | int Constraints: Min value = 5 Max value = 120 |
SelfTracing
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self tracing interval. | int Constraints: Min value = 1 Max value = 300 |
| mode | The toggle to enable/disable self tracing. | 'Disabled' 'Enabled' |
SubscriberQueueLimit
| Name | Description | Value |
|---|---|---|
| length | The maximum length of the queue before messages start getting dropped. | int Constraints: Min value = 1 |
| strategy | The strategy to use for dropping messages from the queue. | 'DropOldest' 'None' |
Traces
| Name | Description | Value |
|---|---|---|
| cacheSizeMegabytes | The cache size in megabytes. | int Constraints: Min value = 1 Max value = 128 |
| mode | The toggle to enable/disable traces. | 'Disabled' 'Enabled' |
| selfTracing | The self tracing properties. | SelfTracing |
| spanChannelCapacity | The span channel capacity. | int Constraints: Min value = 1000 Max value = 100000 |
VolumeClaimResourceRequirements
| Name | Description | Value |
|---|---|---|
| claims | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
VolumeClaimResourceRequirementsClaims[] |
| limits | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsLimits |
| requests | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsRequests |
VolumeClaimResourceRequirementsClaims
| Name | Description | Value |
|---|---|---|
| name | Name of the resource. This must match the name of a resource in spec.resourceClaims. | string (required) |
VolumeClaimResourceRequirementsLimits
| Name | Description | Value |
|---|
VolumeClaimResourceRequirementsRequests
| Name | Description | Value |
|---|
VolumeClaimSpec
| Name | Description | Value |
|---|---|---|
| accessModes | AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | string[] |
| dataSource | This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. | LocalKubernetesReference |
| dataSourceRef | Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | KubernetesReference |
| resources | Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | VolumeClaimResourceRequirements |
| selector | A label query over volumes to consider for binding. | VolumeClaimSpecSelector |
| storageClassName | Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | string |
| volumeMode | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature. | string |
| volumeName | VolumeName is the binding reference to the PersistentVolume backing this claim. | string |
VolumeClaimSpecSelector
| Name | Description | Value |
|---|---|---|
| matchExpressions | MatchExpressions is a list of label selector requirements. The requirements are ANDed. | VolumeClaimSpecSelectorMatchExpressions[] |
| matchLabels | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | VolumeClaimSpecSelectorMatchLabels |
VolumeClaimSpecSelectorMatchExpressions
| Name | Description | Value |
|---|---|---|
| key | key is the label key that the selector applies to. | string (required) |
| operator | operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. | 'DoesNotExist' 'Exists' 'In' 'NotIn' (required) |
| values | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. | string[] |
VolumeClaimSpecSelectorMatchLabels
| Name | Description | Value |
|---|
ARM template resource definition
The instances/brokers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.IoTOperations/instances/brokers resource, add the following JSON to your template.
{
"type": "Microsoft.IoTOperations/instances/brokers",
"apiVersion": "2025-10-01",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"properties": {
"advanced": {
"clients": {
"maxKeepAliveSeconds": "int",
"maxMessageExpirySeconds": "int",
"maxPacketSizeBytes": "int",
"maxReceiveMaximum": "int",
"maxSessionExpirySeconds": "int",
"subscriberQueueLimit": {
"length": "int",
"strategy": "string"
}
},
"encryptInternalTraffic": "string",
"internalCerts": {
"duration": "string",
"privateKey": {
"algorithm": "string",
"rotationPolicy": "string"
},
"renewBefore": "string"
}
},
"cardinality": {
"backendChain": {
"partitions": "int",
"redundancyFactor": "int",
"workers": "int"
},
"frontend": {
"replicas": "int",
"workers": "int"
}
},
"diagnostics": {
"logs": {
"level": "string"
},
"metrics": {
"prometheusPort": "int"
},
"selfCheck": {
"intervalSeconds": "int",
"mode": "string",
"timeoutSeconds": "int"
},
"traces": {
"cacheSizeMegabytes": "int",
"mode": "string",
"selfTracing": {
"intervalSeconds": "int",
"mode": "string"
},
"spanChannelCapacity": "int"
}
},
"diskBackedMessageBuffer": {
"ephemeralVolumeClaimSpec": {
"accessModes": [ "string" ],
"dataSource": {
"apiGroup": "string",
"kind": "string",
"name": "string"
},
"dataSourceRef": {
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
},
"resources": {
"claims": [
{
"name": "string"
}
],
"limits": {
"{customized property}": "string"
},
"requests": {
"{customized property}": "string"
}
},
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [ "string" ]
}
],
"matchLabels": {
"{customized property}": "string"
}
},
"storageClassName": "string",
"volumeMode": "string",
"volumeName": "string"
},
"maxSize": "string",
"persistentVolumeClaimSpec": {
"accessModes": [ "string" ],
"dataSource": {
"apiGroup": "string",
"kind": "string",
"name": "string"
},
"dataSourceRef": {
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
},
"resources": {
"claims": [
{
"name": "string"
}
],
"limits": {
"{customized property}": "string"
},
"requests": {
"{customized property}": "string"
}
},
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [ "string" ]
}
],
"matchLabels": {
"{customized property}": "string"
}
},
"storageClassName": "string",
"volumeMode": "string",
"volumeName": "string"
}
},
"generateResourceLimits": {
"cpu": "string"
},
"memoryProfile": "string",
"persistence": {
"encryption": {
"mode": "string"
},
"maxSize": "string",
"persistentVolumeClaimSpec": {
"accessModes": [ "string" ],
"dataSource": {
"apiGroup": "string",
"kind": "string",
"name": "string"
},
"dataSourceRef": {
"apiGroup": "string",
"kind": "string",
"name": "string",
"namespace": "string"
},
"resources": {
"claims": [
{
"name": "string"
}
],
"limits": {
"{customized property}": "string"
},
"requests": {
"{customized property}": "string"
}
},
"selector": {
"matchExpressions": [
{
"key": "string",
"operator": "string",
"values": [ "string" ]
}
],
"matchLabels": {
"{customized property}": "string"
}
},
"storageClassName": "string",
"volumeMode": "string",
"volumeName": "string"
},
"retain": {
"mode": "string"
// For remaining properties, see BrokerRetainMessagesPolicy objects
},
"stateStore": {
"mode": "string"
// For remaining properties, see BrokerStateStorePolicy objects
},
"subscriberQueue": {
"mode": "string"
// For remaining properties, see BrokerSubscriberQueuePolicy objects
}
}
}
}
BrokerSubscriberQueuePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
"mode": "Custom",
"subscriberQueueSettings": {
"dynamic": {
"mode": "string"
},
"subscriberClientIds": [ "string" ]
}
}
BrokerRetainMessagesPolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
"mode": "Custom",
"retainSettings": {
"dynamic": {
"mode": "string"
},
"topics": [ "string" ]
}
}
BrokerStateStorePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
"mode": "Custom",
"stateStoreSettings": {
"dynamic": {
"mode": "string"
},
"stateStoreResources": [
{
"keys": [ "string" ],
"keyType": "string"
}
]
}
}
Property Values
Microsoft.IoTOperations/instances/brokers
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-10-01' |
| extendedLocation | Edge ___location of the resource. | ExtendedLocation |
| name | The resource name | string Constraints: Min length = 3 Max length = 63 Pattern = ^[a-z0-9][a-z0-9-]*[a-z0-9]$ (required) |
| properties | The resource-specific properties for this resource. | BrokerProperties |
| type | The resource type | 'Microsoft.IoTOperations/instances/brokers' |
AdvancedSettings
| Name | Description | Value |
|---|---|---|
| clients | Configurations related to All Clients. | ClientConfig |
| encryptInternalTraffic | The setting to enable or disable encryption of internal Traffic. | 'Disabled' 'Enabled' |
| internalCerts | Certificate rotation and private key configuration. | CertManagerCertOptions |
BackendChain
| Name | Description | Value |
|---|---|---|
| partitions | The desired number of physical backend partitions. | int Constraints: Min value = 1 Max value = 16 (required) |
| redundancyFactor | The desired numbers of backend replicas (pods) in a physical partition. | int Constraints: Min value = 1 Max value = 5 (required) |
| workers | Number of logical backend workers per replica (pod). | int Constraints: Min value = 1 Max value = 16 |
BrokerDiagnostics
| Name | Description | Value |
|---|---|---|
| logs | Diagnostic log settings for the resource. | DiagnosticsLogs |
| metrics | The metrics settings for the resource. | Metrics |
| selfCheck | The self check properties. | SelfCheck |
| traces | The trace properties. | Traces |
BrokerPersistence
| Name | Description | Value |
|---|---|---|
| encryption | Controls settings related to encryption of the persistence database. Optional, defaults to enabling encryption. | BrokerPersistenceEncryption |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using persistentVolumeClaimSpec Then this size is used as the request and limit sizes of that template. If a PVC template isn't specified Then local-path provisioner is requested with this size limit. Required. | string (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume. Same object as in diskBackedMessageBuffer, but with a limitation that access modes field must be set to ReadWriteOncePod.If unset, a default PVC with default properties will be used. Among other things this PVC will use the cluster default storage class, which may or may not be using a local path provisioner. User is opting in to sub-optimal behavior if they leave this unset or set it without the storage class field, and their cluster default is not a local path class. |
VolumeClaimSpec |
| retain | Controls which topic's retained messages should be persisted to disk. | BrokerRetainMessagesPolicy |
| stateStore | Controls which keys should be persisted to disk for the state store. | BrokerStateStorePolicy |
| subscriberQueue | Controls which subscriber message queues should be persisted to disk. Important: to facilitate reconnection, session state metadata are ALWAYS written to disk if any persistence setting is specified, even if this section isn't set. | BrokerSubscriberQueuePolicy |
BrokerPersistenceEncryption
| Name | Description | Value |
|---|---|---|
| mode | Determines if encryption is enabled. | 'Disabled' 'Enabled' (required) |
BrokerProperties
| Name | Description | Value |
|---|---|---|
| advanced | Advanced settings of Broker. | AdvancedSettings |
| cardinality | The cardinality details of the broker. | Cardinality |
| diagnostics | Spec defines the desired identities of Broker diagnostics settings. | BrokerDiagnostics |
| diskBackedMessageBuffer | Settings of Disk Backed Message Buffer. | DiskBackedMessageBuffer |
| generateResourceLimits | This setting controls whether Kubernetes CPU resource limits are requested. Increasing the number of replicas or workers proportionally increases the amount of CPU resources requested. If this setting is enabled and there are insufficient CPU resources, an error will be emitted. | GenerateResourceLimits |
| memoryProfile | Memory profile of Broker. | 'High' 'Low' 'Medium' 'Tiny' |
| persistence | The persistence settings of the Broker. | BrokerPersistence |
BrokerRetainMessagesCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all retain messages, 'None' to not persist any, 'Custom' to persist only the specified topics. | 'Custom' (required) |
| retainSettings | Settings for the policy. | BrokerRetainMessagesSettings (required) |
BrokerRetainMessagesDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerRetainMessagesCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerRetainMessagesPolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerRetainMessagesCustomPolicy. | 'Custom' (required) |
BrokerRetainMessagesSettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerRetainMessagesDynamic |
| topics | List of topics under which retained messages would be persisted to disk. Wildcards # and + supported. | string[] |
BrokerStateStoreCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all keys, 'None' to not persist any, 'Custom' to persist only the specified keys. | 'Custom' (required) |
| stateStoreSettings | Settings for the policy. | BrokerStateStorePolicySettings (required) |
BrokerStateStoreDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerStateStoreCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerStateStorePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerStateStoreCustomPolicy. | 'Custom' (required) |
BrokerStateStorePolicyResources
| Name | Description | Value |
|---|---|---|
| keys | List of keys to persist to disk, required. | string[] (required) |
| keyType | The key to persist to disk. | 'Binary' 'Pattern' 'String' (required) |
BrokerStateStorePolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerStateStoreDynamic |
| stateStoreResources | List of key and key type to persist to disk. | BrokerStateStorePolicyResources[] |
BrokerSubscriberQueueCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all subscriber queues, 'None' to not persist any, 'Custom' to persist only the specified queues. | 'Custom' (required) |
| subscriberQueueSettings | Custom policy, required if mode is Custom. Subscriber queues from all groups are persisted to disk (logical OR). | BrokerSubscriberQueueCustomPolicySettings (required) |
BrokerSubscriberQueueCustomPolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerSubscriberQueueDynamic |
| subscriberClientIds | List of client IDs of the subscribers, wildcard * supported. | string[] |
BrokerSubscriberQueueDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerSubscriberQueueCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerSubscriberQueuePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerSubscriberQueueCustomPolicy. | 'Custom' (required) |
Cardinality
| Name | Description | Value |
|---|---|---|
| backendChain | The backend broker desired properties | BackendChain (required) |
| frontend | The frontend desired properties | Frontend (required) |
CertManagerCertOptions
| Name | Description | Value |
|---|---|---|
| duration | Lifetime of certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
| privateKey | Configuration of certificate private key. | CertManagerPrivateKey (required) |
| renewBefore | When to begin renewing certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
CertManagerPrivateKey
| Name | Description | Value |
|---|---|---|
| algorithm | algorithm for private key. | 'Ec256' 'Ec384' 'Ec521' 'Ed25519' 'Rsa2048' 'Rsa4096' 'Rsa8192' (required) |
| rotationPolicy | cert-manager private key rotationPolicy. | 'Always' 'Never' (required) |
ClientConfig
| Name | Description | Value |
|---|---|---|
| maxKeepAliveSeconds | Upper bound of a client's Keep Alive, in seconds. | int Constraints: Min value = 0 Max value = 65535 |
| maxMessageExpirySeconds | Upper bound of Message Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| maxPacketSizeBytes | Max message size for a packet in Bytes. | int Constraints: Min value = 1 Max value = 268435456 |
| maxReceiveMaximum | Upper bound of Receive Maximum that a client can request in the CONNECT packet. | int Constraints: Min value = 1 Max value = 65535 |
| maxSessionExpirySeconds | Upper bound of Session Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| subscriberQueueLimit | The limit on the number of queued messages for a subscriber. | SubscriberQueueLimit |
DiagnosticsLogs
| Name | Description | Value |
|---|---|---|
| level | The log level. Examples - 'debug', 'info', 'warn', 'error', 'trace'. | string |
DiskBackedMessageBuffer
| Name | Description | Value |
|---|---|---|
| ephemeralVolumeClaimSpec | Use the specified persistent volume claim template to mount a "generic ephemeral volume" for the message buffer. See <https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes> for details. | VolumeClaimSpec |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using one of ephemeralVolumeClaimSpec or persistentVolumeClaimSpec, then this size is used as the request and limit sizes of that template. If neither ephemeralVolumeClaimSpec nor persistentVolumeClaimSpec are specified, then an emptyDir volume is mounted with this size as its limit. See <https://kubernetes.io/docs/concepts/storage/volumes/#emptydir> for details. | string Constraints: Pattern = ^[0-9]+[KMGTPE]$ (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume for the message buffer. | VolumeClaimSpec |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended ___location. | string (required) |
| type | Type of ExtendedLocation. | 'CustomLocation' (required) |
Frontend
| Name | Description | Value |
|---|---|---|
| replicas | The desired number of frontend instances (pods). | int Constraints: Min value = 1 Max value = 16 (required) |
| workers | Number of logical frontend workers per instance (pod). | int Constraints: Min value = 1 Max value = 16 |
GenerateResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The toggle to enable/disable cpu resource limits. | 'Disabled' 'Enabled' |
KubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
| namespace | Namespace is the namespace of the resource being referenced. This field is required when the resource has a namespace. | string |
LocalKubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
Metrics
| Name | Description | Value |
|---|---|---|
| prometheusPort | The prometheus port to expose the metrics. | int Constraints: Min value = 0 Max value = 65535 |
SelfCheck
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self check interval. | int Constraints: Min value = 30 Max value = 300 |
| mode | The toggle to enable/disable self check. | 'Disabled' 'Enabled' |
| timeoutSeconds | The timeout for self check. | int Constraints: Min value = 5 Max value = 120 |
SelfTracing
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self tracing interval. | int Constraints: Min value = 1 Max value = 300 |
| mode | The toggle to enable/disable self tracing. | 'Disabled' 'Enabled' |
SubscriberQueueLimit
| Name | Description | Value |
|---|---|---|
| length | The maximum length of the queue before messages start getting dropped. | int Constraints: Min value = 1 |
| strategy | The strategy to use for dropping messages from the queue. | 'DropOldest' 'None' |
Traces
| Name | Description | Value |
|---|---|---|
| cacheSizeMegabytes | The cache size in megabytes. | int Constraints: Min value = 1 Max value = 128 |
| mode | The toggle to enable/disable traces. | 'Disabled' 'Enabled' |
| selfTracing | The self tracing properties. | SelfTracing |
| spanChannelCapacity | The span channel capacity. | int Constraints: Min value = 1000 Max value = 100000 |
VolumeClaimResourceRequirements
| Name | Description | Value |
|---|---|---|
| claims | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
VolumeClaimResourceRequirementsClaims[] |
| limits | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsLimits |
| requests | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsRequests |
VolumeClaimResourceRequirementsClaims
| Name | Description | Value |
|---|---|---|
| name | Name of the resource. This must match the name of a resource in spec.resourceClaims. | string (required) |
VolumeClaimResourceRequirementsLimits
| Name | Description | Value |
|---|
VolumeClaimResourceRequirementsRequests
| Name | Description | Value |
|---|
VolumeClaimSpec
| Name | Description | Value |
|---|---|---|
| accessModes | AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | string[] |
| dataSource | This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. | LocalKubernetesReference |
| dataSourceRef | Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | KubernetesReference |
| resources | Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | VolumeClaimResourceRequirements |
| selector | A label query over volumes to consider for binding. | VolumeClaimSpecSelector |
| storageClassName | Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | string |
| volumeMode | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature. | string |
| volumeName | VolumeName is the binding reference to the PersistentVolume backing this claim. | string |
VolumeClaimSpecSelector
| Name | Description | Value |
|---|---|---|
| matchExpressions | MatchExpressions is a list of label selector requirements. The requirements are ANDed. | VolumeClaimSpecSelectorMatchExpressions[] |
| matchLabels | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | VolumeClaimSpecSelectorMatchLabels |
VolumeClaimSpecSelectorMatchExpressions
| Name | Description | Value |
|---|---|---|
| key | key is the label key that the selector applies to. | string (required) |
| operator | operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. | 'DoesNotExist' 'Exists' 'In' 'NotIn' (required) |
| values | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. | string[] |
VolumeClaimSpecSelectorMatchLabels
| Name | Description | Value |
|---|
Usage Examples
Terraform (AzAPI provider) resource definition
The instances/brokers resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.IoTOperations/instances/brokers resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.IoTOperations/instances/brokers@2025-10-01"
name = "string"
parent_id = "string"
body = {
extendedLocation = {
name = "string"
type = "string"
}
properties = {
advanced = {
clients = {
maxKeepAliveSeconds = int
maxMessageExpirySeconds = int
maxPacketSizeBytes = int
maxReceiveMaximum = int
maxSessionExpirySeconds = int
subscriberQueueLimit = {
length = int
strategy = "string"
}
}
encryptInternalTraffic = "string"
internalCerts = {
duration = "string"
privateKey = {
algorithm = "string"
rotationPolicy = "string"
}
renewBefore = "string"
}
}
cardinality = {
backendChain = {
partitions = int
redundancyFactor = int
workers = int
}
frontend = {
replicas = int
workers = int
}
}
diagnostics = {
logs = {
level = "string"
}
metrics = {
prometheusPort = int
}
selfCheck = {
intervalSeconds = int
mode = "string"
timeoutSeconds = int
}
traces = {
cacheSizeMegabytes = int
mode = "string"
selfTracing = {
intervalSeconds = int
mode = "string"
}
spanChannelCapacity = int
}
}
diskBackedMessageBuffer = {
ephemeralVolumeClaimSpec = {
accessModes = [
"string"
]
dataSource = {
apiGroup = "string"
kind = "string"
name = "string"
}
dataSourceRef = {
apiGroup = "string"
kind = "string"
name = "string"
namespace = "string"
}
resources = {
claims = [
{
name = "string"
}
]
limits = {
{customized property} = "string"
}
requests = {
{customized property} = "string"
}
}
selector = {
matchExpressions = [
{
key = "string"
operator = "string"
values = [
"string"
]
}
]
matchLabels = {
{customized property} = "string"
}
}
storageClassName = "string"
volumeMode = "string"
volumeName = "string"
}
maxSize = "string"
persistentVolumeClaimSpec = {
accessModes = [
"string"
]
dataSource = {
apiGroup = "string"
kind = "string"
name = "string"
}
dataSourceRef = {
apiGroup = "string"
kind = "string"
name = "string"
namespace = "string"
}
resources = {
claims = [
{
name = "string"
}
]
limits = {
{customized property} = "string"
}
requests = {
{customized property} = "string"
}
}
selector = {
matchExpressions = [
{
key = "string"
operator = "string"
values = [
"string"
]
}
]
matchLabels = {
{customized property} = "string"
}
}
storageClassName = "string"
volumeMode = "string"
volumeName = "string"
}
}
generateResourceLimits = {
cpu = "string"
}
memoryProfile = "string"
persistence = {
encryption = {
mode = "string"
}
maxSize = "string"
persistentVolumeClaimSpec = {
accessModes = [
"string"
]
dataSource = {
apiGroup = "string"
kind = "string"
name = "string"
}
dataSourceRef = {
apiGroup = "string"
kind = "string"
name = "string"
namespace = "string"
}
resources = {
claims = [
{
name = "string"
}
]
limits = {
{customized property} = "string"
}
requests = {
{customized property} = "string"
}
}
selector = {
matchExpressions = [
{
key = "string"
operator = "string"
values = [
"string"
]
}
]
matchLabels = {
{customized property} = "string"
}
}
storageClassName = "string"
volumeMode = "string"
volumeName = "string"
}
retain = {
mode = "string"
// For remaining properties, see BrokerRetainMessagesPolicy objects
}
stateStore = {
mode = "string"
// For remaining properties, see BrokerStateStorePolicy objects
}
subscriberQueue = {
mode = "string"
// For remaining properties, see BrokerSubscriberQueuePolicy objects
}
}
}
}
}
BrokerSubscriberQueuePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode = "Custom"
subscriberQueueSettings = {
dynamic = {
mode = "string"
}
subscriberClientIds = [
"string"
]
}
}
BrokerRetainMessagesPolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode = "Custom"
retainSettings = {
dynamic = {
mode = "string"
}
topics = [
"string"
]
}
}
BrokerStateStorePolicy objects
Set the mode property to specify the type of object.
For Custom, use:
{
mode = "Custom"
stateStoreSettings = {
dynamic = {
mode = "string"
}
stateStoreResources = [
{
keys = [
"string"
]
keyType = "string"
}
]
}
}
Property Values
Microsoft.IoTOperations/instances/brokers
| Name | Description | Value |
|---|---|---|
| extendedLocation | Edge ___location of the resource. | ExtendedLocation |
| name | The resource name | string Constraints: Min length = 3 Max length = 63 Pattern = ^[a-z0-9][a-z0-9-]*[a-z0-9]$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: instances |
| properties | The resource-specific properties for this resource. | BrokerProperties |
| type | The resource type | "Microsoft.IoTOperations/instances/brokers@2025-10-01" |
AdvancedSettings
| Name | Description | Value |
|---|---|---|
| clients | Configurations related to All Clients. | ClientConfig |
| encryptInternalTraffic | The setting to enable or disable encryption of internal Traffic. | 'Disabled' 'Enabled' |
| internalCerts | Certificate rotation and private key configuration. | CertManagerCertOptions |
BackendChain
| Name | Description | Value |
|---|---|---|
| partitions | The desired number of physical backend partitions. | int Constraints: Min value = 1 Max value = 16 (required) |
| redundancyFactor | The desired numbers of backend replicas (pods) in a physical partition. | int Constraints: Min value = 1 Max value = 5 (required) |
| workers | Number of logical backend workers per replica (pod). | int Constraints: Min value = 1 Max value = 16 |
BrokerDiagnostics
| Name | Description | Value |
|---|---|---|
| logs | Diagnostic log settings for the resource. | DiagnosticsLogs |
| metrics | The metrics settings for the resource. | Metrics |
| selfCheck | The self check properties. | SelfCheck |
| traces | The trace properties. | Traces |
BrokerPersistence
| Name | Description | Value |
|---|---|---|
| encryption | Controls settings related to encryption of the persistence database. Optional, defaults to enabling encryption. | BrokerPersistenceEncryption |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using persistentVolumeClaimSpec Then this size is used as the request and limit sizes of that template. If a PVC template isn't specified Then local-path provisioner is requested with this size limit. Required. | string (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume. Same object as in diskBackedMessageBuffer, but with a limitation that access modes field must be set to ReadWriteOncePod.If unset, a default PVC with default properties will be used. Among other things this PVC will use the cluster default storage class, which may or may not be using a local path provisioner. User is opting in to sub-optimal behavior if they leave this unset or set it without the storage class field, and their cluster default is not a local path class. |
VolumeClaimSpec |
| retain | Controls which topic's retained messages should be persisted to disk. | BrokerRetainMessagesPolicy |
| stateStore | Controls which keys should be persisted to disk for the state store. | BrokerStateStorePolicy |
| subscriberQueue | Controls which subscriber message queues should be persisted to disk. Important: to facilitate reconnection, session state metadata are ALWAYS written to disk if any persistence setting is specified, even if this section isn't set. | BrokerSubscriberQueuePolicy |
BrokerPersistenceEncryption
| Name | Description | Value |
|---|---|---|
| mode | Determines if encryption is enabled. | 'Disabled' 'Enabled' (required) |
BrokerProperties
| Name | Description | Value |
|---|---|---|
| advanced | Advanced settings of Broker. | AdvancedSettings |
| cardinality | The cardinality details of the broker. | Cardinality |
| diagnostics | Spec defines the desired identities of Broker diagnostics settings. | BrokerDiagnostics |
| diskBackedMessageBuffer | Settings of Disk Backed Message Buffer. | DiskBackedMessageBuffer |
| generateResourceLimits | This setting controls whether Kubernetes CPU resource limits are requested. Increasing the number of replicas or workers proportionally increases the amount of CPU resources requested. If this setting is enabled and there are insufficient CPU resources, an error will be emitted. | GenerateResourceLimits |
| memoryProfile | Memory profile of Broker. | 'High' 'Low' 'Medium' 'Tiny' |
| persistence | The persistence settings of the Broker. | BrokerPersistence |
BrokerRetainMessagesCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all retain messages, 'None' to not persist any, 'Custom' to persist only the specified topics. | 'Custom' (required) |
| retainSettings | Settings for the policy. | BrokerRetainMessagesSettings (required) |
BrokerRetainMessagesDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerRetainMessagesCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerRetainMessagesPolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerRetainMessagesCustomPolicy. | 'Custom' (required) |
BrokerRetainMessagesSettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerRetainMessagesDynamic |
| topics | List of topics under which retained messages would be persisted to disk. Wildcards # and + supported. | string[] |
BrokerStateStoreCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all keys, 'None' to not persist any, 'Custom' to persist only the specified keys. | 'Custom' (required) |
| stateStoreSettings | Settings for the policy. | BrokerStateStorePolicySettings (required) |
BrokerStateStoreDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerStateStoreCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerStateStorePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerStateStoreCustomPolicy. | 'Custom' (required) |
BrokerStateStorePolicyResources
| Name | Description | Value |
|---|---|---|
| keys | List of keys to persist to disk, required. | string[] (required) |
| keyType | The key to persist to disk. | 'Binary' 'Pattern' 'String' (required) |
BrokerStateStorePolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerStateStoreDynamic |
| stateStoreResources | List of key and key type to persist to disk. | BrokerStateStorePolicyResources[] |
BrokerSubscriberQueueCustomPolicy
| Name | Description | Value |
|---|---|---|
| mode | 'All' to persist all subscriber queues, 'None' to not persist any, 'Custom' to persist only the specified queues. | 'Custom' (required) |
| subscriberQueueSettings | Custom policy, required if mode is Custom. Subscriber queues from all groups are persisted to disk (logical OR). | BrokerSubscriberQueueCustomPolicySettings (required) |
BrokerSubscriberQueueCustomPolicySettings
| Name | Description | Value |
|---|---|---|
| dynamic | Controls if MQTT clients can request for disk persistence via MQTTv5 user property. Works in addition to other groups (logical OR). |
BrokerSubscriberQueueDynamic |
| subscriberClientIds | List of client IDs of the subscribers, wildcard * supported. | string[] |
BrokerSubscriberQueueDynamic
| Name | Description | Value |
|---|---|---|
| mode | Mode of the BrokerSubscriberQueueCustomPolicy. | 'Disabled' 'Enabled' (required) |
BrokerSubscriberQueuePolicy
| Name | Description | Value |
|---|---|---|
| mode | Set to 'Custom' for type BrokerSubscriberQueueCustomPolicy. | 'Custom' (required) |
Cardinality
| Name | Description | Value |
|---|---|---|
| backendChain | The backend broker desired properties | BackendChain (required) |
| frontend | The frontend desired properties | Frontend (required) |
CertManagerCertOptions
| Name | Description | Value |
|---|---|---|
| duration | Lifetime of certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
| privateKey | Configuration of certificate private key. | CertManagerPrivateKey (required) |
| renewBefore | When to begin renewing certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. | string (required) |
CertManagerPrivateKey
| Name | Description | Value |
|---|---|---|
| algorithm | algorithm for private key. | 'Ec256' 'Ec384' 'Ec521' 'Ed25519' 'Rsa2048' 'Rsa4096' 'Rsa8192' (required) |
| rotationPolicy | cert-manager private key rotationPolicy. | 'Always' 'Never' (required) |
ClientConfig
| Name | Description | Value |
|---|---|---|
| maxKeepAliveSeconds | Upper bound of a client's Keep Alive, in seconds. | int Constraints: Min value = 0 Max value = 65535 |
| maxMessageExpirySeconds | Upper bound of Message Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| maxPacketSizeBytes | Max message size for a packet in Bytes. | int Constraints: Min value = 1 Max value = 268435456 |
| maxReceiveMaximum | Upper bound of Receive Maximum that a client can request in the CONNECT packet. | int Constraints: Min value = 1 Max value = 65535 |
| maxSessionExpirySeconds | Upper bound of Session Expiry Interval, in seconds. | int Constraints: Min value = 1 Max value = 4294967295 |
| subscriberQueueLimit | The limit on the number of queued messages for a subscriber. | SubscriberQueueLimit |
DiagnosticsLogs
| Name | Description | Value |
|---|---|---|
| level | The log level. Examples - 'debug', 'info', 'warn', 'error', 'trace'. | string |
DiskBackedMessageBuffer
| Name | Description | Value |
|---|---|---|
| ephemeralVolumeClaimSpec | Use the specified persistent volume claim template to mount a "generic ephemeral volume" for the message buffer. See <https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes> for details. | VolumeClaimSpec |
| maxSize | The max size of the message buffer on disk. If a PVC template is specified using one of ephemeralVolumeClaimSpec or persistentVolumeClaimSpec, then this size is used as the request and limit sizes of that template. If neither ephemeralVolumeClaimSpec nor persistentVolumeClaimSpec are specified, then an emptyDir volume is mounted with this size as its limit. See <https://kubernetes.io/docs/concepts/storage/volumes/#emptydir> for details. | string Constraints: Pattern = ^[0-9]+[KMGTPE]$ (required) |
| persistentVolumeClaimSpec | Use the specified persistent volume claim template to mount a persistent volume for the message buffer. | VolumeClaimSpec |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended ___location. | string (required) |
| type | Type of ExtendedLocation. | 'CustomLocation' (required) |
Frontend
| Name | Description | Value |
|---|---|---|
| replicas | The desired number of frontend instances (pods). | int Constraints: Min value = 1 Max value = 16 (required) |
| workers | Number of logical frontend workers per instance (pod). | int Constraints: Min value = 1 Max value = 16 |
GenerateResourceLimits
| Name | Description | Value |
|---|---|---|
| cpu | The toggle to enable/disable cpu resource limits. | 'Disabled' 'Enabled' |
KubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
| namespace | Namespace is the namespace of the resource being referenced. This field is required when the resource has a namespace. | string |
LocalKubernetesReference
| Name | Description | Value |
|---|---|---|
| apiGroup | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | string |
| kind | Kind is the type of resource being referenced | string (required) |
| name | Name is the name of resource being referenced | string (required) |
Metrics
| Name | Description | Value |
|---|---|---|
| prometheusPort | The prometheus port to expose the metrics. | int Constraints: Min value = 0 Max value = 65535 |
SelfCheck
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self check interval. | int Constraints: Min value = 30 Max value = 300 |
| mode | The toggle to enable/disable self check. | 'Disabled' 'Enabled' |
| timeoutSeconds | The timeout for self check. | int Constraints: Min value = 5 Max value = 120 |
SelfTracing
| Name | Description | Value |
|---|---|---|
| intervalSeconds | The self tracing interval. | int Constraints: Min value = 1 Max value = 300 |
| mode | The toggle to enable/disable self tracing. | 'Disabled' 'Enabled' |
SubscriberQueueLimit
| Name | Description | Value |
|---|---|---|
| length | The maximum length of the queue before messages start getting dropped. | int Constraints: Min value = 1 |
| strategy | The strategy to use for dropping messages from the queue. | 'DropOldest' 'None' |
Traces
| Name | Description | Value |
|---|---|---|
| cacheSizeMegabytes | The cache size in megabytes. | int Constraints: Min value = 1 Max value = 128 |
| mode | The toggle to enable/disable traces. | 'Disabled' 'Enabled' |
| selfTracing | The self tracing properties. | SelfTracing |
| spanChannelCapacity | The span channel capacity. | int Constraints: Min value = 1000 Max value = 100000 |
VolumeClaimResourceRequirements
| Name | Description | Value |
|---|---|---|
| claims | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. |
VolumeClaimResourceRequirementsClaims[] |
| limits | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsLimits |
| requests | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | VolumeClaimResourceRequirementsRequests |
VolumeClaimResourceRequirementsClaims
| Name | Description | Value |
|---|---|---|
| name | Name of the resource. This must match the name of a resource in spec.resourceClaims. | string (required) |
VolumeClaimResourceRequirementsLimits
| Name | Description | Value |
|---|
VolumeClaimResourceRequirementsRequests
| Name | Description | Value |
|---|
VolumeClaimSpec
| Name | Description | Value |
|---|---|---|
| accessModes | AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 | string[] |
| dataSource | This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field. | LocalKubernetesReference |
| dataSourceRef | Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | KubernetesReference |
| resources | Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | VolumeClaimResourceRequirements |
| selector | A label query over volumes to consider for binding. | VolumeClaimSpecSelector |
| storageClassName | Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | string |
| volumeMode | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature. | string |
| volumeName | VolumeName is the binding reference to the PersistentVolume backing this claim. | string |
VolumeClaimSpecSelector
| Name | Description | Value |
|---|---|---|
| matchExpressions | MatchExpressions is a list of label selector requirements. The requirements are ANDed. | VolumeClaimSpecSelectorMatchExpressions[] |
| matchLabels | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | VolumeClaimSpecSelectorMatchLabels |
VolumeClaimSpecSelectorMatchExpressions
| Name | Description | Value |
|---|---|---|
| key | key is the label key that the selector applies to. | string (required) |
| operator | operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. | 'DoesNotExist' 'Exists' 'In' 'NotIn' (required) |
| values | values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. | string[] |
VolumeClaimSpecSelectorMatchLabels
| Name | Description | Value |
|---|