Merge pull request #276 from kbst/azurerm-v3

Handle azurerm provider AKS attribute depreciations
kbst · Nov 20, 2022 · 82736bf · 82736bf
2 parents 1637538 + 94f7088
commit 82736bf
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 17 deletions.
diff --git a/azurerm/_modules/aks/ingress.tf b/azurerm/_modules/aks/ingress.tf
@@ -7,6 +7,8 @@ resource "azurerm_public_ip" "current" {
   allocation_method   = "Static"
   sku                 = "Standard"
 
+  zones = var.default_ingress_ip_zones
+
   tags = var.metadata_labels
 
   depends_on = [azurerm_kubernetes_cluster.current]

diff --git a/azurerm/_modules/aks/main.tf b/azurerm/_modules/aks/main.tf
@@ -11,9 +11,7 @@ resource "azurerm_kubernetes_cluster" "current" {
   kubernetes_version        = var.kubernetes_version
   automatic_channel_upgrade = var.automatic_channel_upgrade
 
-  role_based_access_control {
-    enabled = true
-  }
+  role_based_access_control_enabled = true
 
   default_node_pool {
     name = var.default_node_pool_name
@@ -36,7 +34,7 @@ resource "azurerm_kubernetes_cluster" "current" {
 
     only_critical_addons_enabled = var.default_node_pool_only_critical_addons
 
-    availability_zones = var.availability_zones
+    zones = var.availability_zones
   }
 
   network_profile {
@@ -55,7 +53,7 @@ resource "azurerm_kubernetes_cluster" "current" {
     content {
       type = var.user_assigned_identity_id == null ? "SystemAssigned" : "UserAssigned"
 
-      user_assigned_identity_id = var.user_assigned_identity_id
+      identity_ids = var.user_assigned_identity_id == null ? null : [var.user_assigned_identity_id]
     }
   }
 
@@ -68,17 +66,12 @@ resource "azurerm_kubernetes_cluster" "current" {
     }
   }
 
-  addon_profile {
-    azure_policy {
-      enabled = var.enable_azure_policy_agent
-    }
+  azure_policy_enabled = var.enable_azure_policy_agent
 
-    kube_dashboard {
-      enabled = false
-    }
+  dynamic "oms_agent" {
+    for_each = var.enable_log_analytics ? toset([1]) : toset([])
 
-    oms_agent {
-      enabled                    = var.enable_log_analytics
+    content {
       log_analytics_workspace_id = var.enable_log_analytics ? azurerm_log_analytics_workspace.current[0].id : null
     }
   }

diff --git a/azurerm/_modules/aks/node_pool/main.tf b/azurerm/_modules/aks/node_pool/main.tf
@@ -17,7 +17,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "current" {
   vm_size               = var.vm_size
   node_labels           = var.node_labels
   node_taints           = var.node_taints
-  availability_zones    = var.availability_zones
+  zones                 = var.availability_zones
   max_pods              = var.max_pods
   os_disk_type          = var.os_disk_type
   os_disk_size_gb       = var.os_disk_size_gb

diff --git a/azurerm/_modules/aks/variables.tf b/azurerm/_modules/aks/variables.tf
@@ -139,6 +139,11 @@ variable "disable_default_ingress" {
   description = "Whether to disable the default ingress."
 }
 
+variable "default_ingress_ip_zones" {
+  type        = list(string)
+  description = "Explicit list of zones for the ingress public IP."
+}
+
 variable "enable_azure_policy_agent" {
   type        = bool
   description = "whether to deploy the Azure policy agent to the cluster"

diff --git a/azurerm/_modules/aks/versions.tf b/azurerm/_modules/aks/versions.tf
@@ -4,7 +4,7 @@ terraform {
     azurerm = {
       # https://registry.terraform.io/providers/hashicorp/azurerm/latest
       source  = "hashicorp/azurerm"
-      version = "< 3.0.0"
+      version = ">= 3.4.0"
     }
 
     azuread = {

diff --git a/azurerm/cluster/configuration.tf b/azurerm/cluster/configuration.tf
@@ -47,6 +47,9 @@ locals {
 
   disable_default_ingress = lookup(local.cfg, "disable_default_ingress", false)
 
+  default_ingress_ip_zones_lookup = lookup(local.cfg, "default_ingress_ip_zones", "")
+  default_ingress_ip_zones        = local.default_ingress_ip_zones_lookup != "" ? split(",", local.default_ingress_ip_zones_lookup) : []
+
   enable_azure_policy_agent = lookup(local.cfg, "enable_azure_policy_agent", false)
 
   disable_managed_identities = lookup(local.cfg, "disable_managed_identities", false)

diff --git a/azurerm/cluster/main.tf b/azurerm/cluster/main.tf
@@ -53,7 +53,8 @@ module "cluster" {
   default_node_pool_vm_size              = local.default_node_pool_vm_size
   default_node_pool_os_disk_size_gb      = local.default_node_pool_os_disk_size_gb
 
-  disable_default_ingress = local.disable_default_ingress
+  disable_default_ingress  = local.disable_default_ingress
+  default_ingress_ip_zones = local.default_ingress_ip_zones
 
   enable_azure_policy_agent = local.enable_azure_policy_agent